Wireless Group Policy WLAN Radius Part 3 WLAN Radius Config WLAN Client Config Linksys BEFSR41 Firmware Linksys BEFSR41 101 Linksys WAP54G config More Linksys BEFSR config Security how-to Writing DNS Zonefiles Is ZoneAlarm Spyware? Linksys Wishlist Sendmail spamblock Bind

[netmenu.html]

Privacy Feedback

Fighting spam using BIND

Sendmail, and other mail transfer agents, allow for the use of RBL servers (Realtime Blackhole List) to prevent known spammers and relay server to send mail to your server. But, there are always some that sneak through. In a previous article, I discussed the use of the sendmail Access database for blocking these, and that is absolutely a viable solution. However, creating your own banned list using DNS is fun, educational and it works just as well. 

What do we need?

For this to work, we'll need a new zone file, update the DNS configuration for the new zone, and also update the sendmail configuration to use the new list. Let's start with the DNS configuration. 

The required changes in the DNS configuration are minute. I simply copied the entry for my "HansenOnline.net" zone entry, and added "sbl." in front of it. This creates a new zone "sbl.hansenonline.net" which will contain the list of all the spammers that annoys me. 

zone "sbl.hansenonline.net" IN {
  type master;
  file "sbl.hansenonline.net.zone";
  allow-update { none; };
};

The next piece is the zone file to contain the actual entries. The file name has already been specified above, so the easiest thing to do is to copy your existing zone file to the new name and delete all the records. What's left is adding the records for the spamming IP addresses. The catch here is to reverse the octets of the IP address when entering them. 

3.227.252.207	IN 	A 127.0.0.2

The above record will block all connections from 207.252.227.3, which is an IP address that has spammed me on a couple of occasions. When sendmail goes to check, it'll make a request for "3.227.252.207.sbl.hansenonline.net", and this will get an answer of "127.0.0.2". Any answer will do, but this address are being used by many of the lists to indicate spammers, and there's little reason to re-invent the wheel.

After adding the changes to the named.conf file and/or the zone file, you'll need to send a SIGHUP to the named process. This is done with a simple "kill -HUP <pid>" where <pid> is the process ID for the named daemon.

Remember to test this before making changes to your sendmail configuration. If it doesn't work right, you might end up blocking all incoming mail, and that's not exactly what we're aiming for. A simple test is simply "dig 3.227.252.207.sbl.hansenonline.net". If you get an answer, then you're good to go. Test with a random IP address as well (such as 4.4.4.4.sbl.hansenonline.net), and make sure you don't get an answer.

The change to the sendmail configuration is the last part to be done. Simply add the following line to your sendmail.mc file, and recompile:

FEATURE(`dnsbl',`sbl.hansenonline.net',`"550 Mail from " $&{client_addr} "
   rejected"')dnl

Sendmail will have to be restarted for the changes to take effect. 

Of course, you'll need to substitute my domain name for yours. Don't bother attempting to connect to my DNS server, it won't respond to you at all... 

Which is better, sendmail access database or DNS blacklist?

Probably a mix of the two. Using the access database, you can add partial IP address, domain names, e-mail addresses and customized error messages. With the DNS blacklist, you only get to add IP addresses, and they have to be an exact match. On the upside, it will only block incoming mail from the listed offender, while the access database will block outgoing messages as well. So, that'll prevent you from sending messages to "abuse@bannedsite.com" to complain about the spam...

1999 - 2005 Lars M. Hansen