OT: Rbldnsd and Spamhaus setup

Julian Field MailScanner at ecs.soton.ac.uk
Tue Sep 18 19:01:00 IST 2007 

It's dead easy to set it up so they use the real domain names instead of 
your "dnsbl" zone, so you can leave all the SpamAssassin configuration 
alone. All you need is this:

I start rbldnsd like this:

XBL="xbl.spamhaus.org:ip4tset:xbl"
PBL="pbl.spamhaus.org:ip4trie:pbl"
SBL="sbl.spamhaus.org:ip4set:sbl"
ZEN="zen.spamhaus.org:ip4set:sbl zen.spamhaus.org:ip4trie:pbl 
zen.spamhaus.org:ip4tset:xbl"
WORKDIR="/var/lib/rbldns"
BIND="127.0.0.6/53"
/usr/local/sbin/rbldnsd -s /var/adm/rbldnsd.log -w $WORKDIR -b $BIND -4 
-f $XBL $PBL $SBL $ZEN

/var/lib/rbldns has ownership and permissions "drwxr-xr-x root other".

In my named.conf for BIND I have this:
zone "sbl.spamhaus.org" {
        type forward;
        forward only;
        forwarders { 127.0.0.6 port 53; };
};
zone "pbl.spamhaus.org" {
        type forward;
        forward only;
        forwarders { 127.0.0.6 port 53; };
};             
zone "xbl.spamhaus.org" {
        type forward;
        forward only;
        forwarders { 127.0.0.6 port 53; };
};             
zone "zen.spamhaus.org" {
        type forward;
        forward only;
        forwarders { 127.0.0.6 port 53; };
};

That's it.

No changes required to any of your software, as this is using the 
original DNS zone names, just overloading them with local copies.

Why the spamhaus docs don't just tell you to do this, rather than 
setting up new zones and having to change all your software, I don't 
know. It's dead easy.

You can tell that rbldnsd is being called by looking in
/var/adm/rbldnsd.log

That will show you each zone and how many queries are being sent to 
rbldnsd for each of its zones. It writes 1 line per minute to the file. 
As an example, here's the last line of the file:
(For clarity, I have put each "word" on a separate line)

1190138032
xbl.spamhaus.org:0:0:0:0:0
pbl.spamhaus.org:0:0:0:0:0
sbl.spamhaus.org:4295248:61703:4233545:252105889:446227926
zen.spamhaus.org:1903334:1216504:686830:112123108:155815602
*:6198582:1278207:4920375:364228997:602043528

So xbl and pbl are getting no hits (which is as expected), and sbl and 
zen are getting lots of hits (also as expected). Zen is used by my 
MailScanner setup, and sbl is used by SpamAssassin.

I don't have to change any of my MailScanner or SpamAssassin 
configuration at all, making maintenance a heck of a lot easier.



Brad Beckenhauer wrote:
> I'm configuring my servers to use Spamhaus datafeed service and I'm not
> convinced that MailScanner is using Rbldnsd as I still see queries to
> zen.spamhaus.org in the data queries log file.
>
> I though perhaps the queries might have been from spamassassin, so I set
> "skip_rbl_checks 1" in the mailscanner.cf and restarted MailScanner.  I
> still had DNS queries appearing in the bind log file.
>
> I need another set of eyes to look at this config and tell me what I'm
> missing.
>
> Running: Centos 5.0, MailScanner v4.62.9
>
> /etc/sysconfig/rbldnsd:
> # the first line tells rbldnsd to
> # chroot (-r) to /usr/local/dnsbl, and
> # then bind (-b) to 127.0.0.6 and
> # then (-f) fork child during reloads and
> # then (-w) specify the working directory where rbldnsd will find its
> files,
> RBLDNSD="dnsbl -r /usr/local/dnsbl -b 127.0.0.6 -f -w rbldnsd \
>   sbl.dnsbl:ip4set:sbl  \
>   pbl.dnsbl:ip4trie:pbl \
>   xbl.dnsbl:ip4tset:xbl \
>   zen.dnsbl:ip4set:sbl  \
>   zen.dnsbl:ip4trie:pbl \
>   zen.dnsbl:ip4tset:xbl
> "
> # eof
>
>
> /etc/named.conf:
> zone "dnsbl" IN {
>         type forward;
>         forward only;
>         forwarders { 127.0.0.6; };
> };
>
>
> /etc/MailScanner/spam.lists.conf:
> spamhaus-ZEN-local              dnsbl.  <=== trailing period
>
>
> /etc/MailScanner/MailScanner.conf:
> Spam List = spamhaus-ZEN-local
>
> service rbldnsd restart
> MailScanner --lint > show ok
> service MailScanner restart
>
>
> thanks
> Brad
>
>
>
>
>   

Jules

-- 
Julian Field MEng CITP
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

MailScanner customisation, or any advanced system administration help?
Contact me at Jules at Jules.FM

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
For all your IT requirements visit www.transtec.co.uk


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
For all your IT requirements visit www.transtec.co.uk

More information about the MailScanner mailing list