Your own Real Time Blacklist (RBL)

Rakesh rakesh at NETCORE.CO.IN
Fri May 20 08:14:43 IST 2005


    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Joris Trooster / Interstroom wrote:

> Hello,
>
> I just added an article to the mailscanner wiki about setting up your
> own real time blacklist (RBL).
>
> http://wiki.mailscanner.info/doku.php?id=rbl
>
> A Very Short Non-Tech Summary: If MailScanner detects a virus, the
> sender IP, virusname, headers etc. are inserted in a database. Every
> 5 minutes all non-whitelisted IP numbers from the last 24 hours are
> added to a real-time-blacklist dns. The mailserver is using this
> blacklist to reject mail from these IP numbers before they enter your
> server.
>
> Feel free to edit (English is not my native language) or to use for
> your own needs. The article is intented for mail administrators, it's
> not a step-by-step howto.
>

Thats a  good idea, infact I have already setup something like this, but
instead of tracking down on the IPs relaying viruses, I have made the
setup to block IPs that come into my decoy accounts. I have a custom
function the inserts the IP into a database along with subject and
headers and a different script archives the mail with a unique id in a
separate storage area which is accessible through our support interface
as a proof of spam. The rbldnsd files are updated every 30 mins from the
database and the further incoming mails from that are blocked at the MTA
level itself without need to pass it again through the MailScanner.

There are further in house support people, who coordinate with the
Administrator of the IP to unblock it and maintain a auto count on how
many times the IP has been released and had again been blocked.

That really helps me in blocking a good amount of spam as the decoy
accounts tend to receive spams earlier than the geniune ids.

--
Regards,
Rakesh B. Pal
Project Leader
Emergic CleanMail Team.
Netcore Solutions Pvt. Ltd.

========================================================
Success is how high you reach after you hit the bottom.
========================================================

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!




More information about the MailScanner mailing list