OT: Rbldnsd and Spamhaus setup

Brad Beckenhauer bbecken at aafp.org
Tue Sep 18 21:01:29 IST 2007 

Thanks Julian,
That did the trick.
I like how you set the XBL, PBL,SBL and ZEN and then used them to startup
rbldnsd.

Centos 5.0 has rbldnsd running as chroot, so I had to add adjust for running
in chroot.

Here's the /etc/sysconfig/rbldnsd config file for Centos 5.0/rbldnsd running
in chroot.

RBLDNSD="dnsbl -u nobody -r /usr/local/dnsbl \
  -b 127.0.0.6 -f -w rbldnsd -s rbldnsd.log  \
  sbl.spamhaus.org:ip4set:sbl  \
  pbl.spamhaus.org:ip4trie:pbl \
  xbl.spamhaus.org:ip4tset:xbl \
  zen.spamhaus.org:ip4set:sbl  \
  zen.spamhaus.org:ip4trie:pbl \
  zen.spamhaus.org:ip4tset:xbl
"

service rbldnsd start

Don't forget to watch the log file size.

thanks again,
Brad




>>> On 9/18/2007 at 1:01 PM, in message <46F0125C.5010603 at ecs.soton.ac.uk>,
Julian Field<MailScanner at ecs.soton.ac.uk> wrote:
> It's dead easy to set it up so they use the real domain names instead of 
> your "dnsbl" zone, so you can leave all the SpamAssassin configuration 
> alone. All you need is this:
> 
> I start rbldnsd like this:
> 
> XBL="xbl.spamhaus.org:ip4tset:xbl"
> PBL="pbl.spamhaus.org:ip4trie:pbl"
> SBL="sbl.spamhaus.org:ip4set:sbl"
> ZEN="zen.spamhaus.org:ip4set:sbl zen.spamhaus.org:ip4trie:pbl 
> zen.spamhaus.org:ip4tset:xbl"
> WORKDIR="/var/lib/rbldns"
> BIND="127.0.0.6/53"
> /usr/local/sbin/rbldnsd -s /var/adm/rbldnsd.log -w $WORKDIR -b $BIND -4 
> -f $XBL $PBL $SBL $ZEN
> 
> /var/lib/rbldns has ownership and permissions "drwxr-xr-x root other".
> 
> In my named.conf for BIND I have this:
> zone "sbl.spamhaus.org" {
>         type forward;
>         forward only;
>         forwarders { 127.0.0.6 port 53; };
> };
> zone "pbl.spamhaus.org" {
>         type forward;
>         forward only;
>         forwarders { 127.0.0.6 port 53; };
> };             
> zone "xbl.spamhaus.org" {
>         type forward;
>         forward only;
>         forwarders { 127.0.0.6 port 53; };
> };             
> zone "zen.spamhaus.org" {
>         type forward;
>         forward only;
>         forwarders { 127.0.0.6 port 53; };
> };
> 
> That's it.
> 
> No changes required to any of your software, as this is using the 
> original DNS zone names, just overloading them with local copies.
> 
> Why the spamhaus docs don't just tell you to do this, rather than 
> setting up new zones and having to change all your software, I don't 
> know. It's dead easy.
> 
> You can tell that rbldnsd is being called by looking in
> /var/adm/rbldnsd.log
> 
> That will show you each zone and how many queries are being sent to 
> rbldnsd for each of its zones. It writes 1 line per minute to the file. 
> As an example, here's the last line of the file:
> (For clarity, I have put each "word" on a separate line)
> 
> 1190138032
> xbl.spamhaus.org:0:0:0:0:0
> pbl.spamhaus.org:0:0:0:0:0
> sbl.spamhaus.org:4295248:61703:4233545:252105889:446227926
> zen.spamhaus.org:1903334:1216504:686830:112123108:155815602
> *:6198582:1278207:4920375:364228997:602043528
> 
> So xbl and pbl are getting no hits (which is as expected), and sbl and 
> zen are getting lots of hits (also as expected). Zen is used by my 
> MailScanner setup, and sbl is used by SpamAssassin.
> 
> I don't have to change any of my MailScanner or SpamAssassin 
> configuration at all, making maintenance a heck of a lot easier.
> 
> 
> 
> Brad Beckenhauer wrote:
>> I'm configuring my servers to use Spamhaus datafeed service and I'm not
>> convinced that MailScanner is using Rbldnsd as I still see queries to
>> zen.spamhaus.org in the data queries log file.
>>
>> I though perhaps the queries might have been from spamassassin, so I set
>> "skip_rbl_checks 1" in the mailscanner.cf and restarted MailScanner.  I
>> still had DNS queries appearing in the bind log file.
>>
>> I need another set of eyes to look at this config and tell me what I'm
>> missing.
>>
>> Running: Centos 5.0, MailScanner v4.62.9
>>
>> /etc/sysconfig/rbldnsd:
>> # the first line tells rbldnsd to
>> # chroot (-r) to /usr/local/dnsbl, and
>> # then bind (-b) to 127.0.0.6 and
>> # then (-f) fork child during reloads and
>> # then (-w) specify the working directory where rbldnsd will find its
>> files,
>> RBLDNSD="dnsbl -r /usr/local/dnsbl -b 127.0.0.6 -f -w rbldnsd \
>>   sbl.dnsbl:ip4set:sbl  \
>>   pbl.dnsbl:ip4trie:pbl \
>>   xbl.dnsbl:ip4tset:xbl \
>>   zen.dnsbl:ip4set:sbl  \
>>   zen.dnsbl:ip4trie:pbl \
>>   zen.dnsbl:ip4tset:xbl
>> "
>> # eof
>>
>>
>> /etc/named.conf:
>> zone "dnsbl" IN {
>>         type forward;
>>         forward only;
>>         forwarders { 127.0.0.6; };
>> };
>>
>>
>> /etc/MailScanner/spam.lists.conf:
>> spamhaus-ZEN-local              dnsbl.  <=== trailing period
>>
>>
>> /etc/MailScanner/MailScanner.conf:
>> Spam List = spamhaus-ZEN-local
>>
>> service rbldnsd restart
>> MailScanner --lint > show ok
>> service MailScanner restart
>>
>>
>> thanks
>> Brad
>>
>>
>>
>>
>>   
> 
> Jules

More information about the MailScanner mailing list