11 | | As all Wiki pages, this page is editable, this means that you can |
12 | | modify the contents of this page simply by using your |
13 | | web-browser. Simply click on the "Edit this page" link at the bottom |
14 | | of the page. WikiFormatting will give you a detailed description of |
15 | | available Wiki formatting commands. |
| 7 | These are NOT designed for a major publicly-available list similar to Spamhaus' [http://www.spamhaus.org/zen/ zen], [http://www.spamcop.net/bl.shtml SpamCop], or Barracuda's [http://www.barracudacentral.org/rbl BRBL]. If nothing else, the extra bitmask handling slows things down enough that it would take an unreasonable amount of time to maintain a multi-million-record dataset. As of writing, a local dataset containing ~19000 IPs and ~12000 netblocks, resulting in ~20K internally-published entries, takes about 20 seconds to export to an rbldnsd-formatted file on otherwise lightly-loaded modern hardware. Past versions of the code on the same dataset may run as long as 10 minutes. |
22 | | You can use [wiki:TracAdmin trac-admin] to configure |
23 | | [http://trac.edgewall.org/ Trac] to better fit your project, especially in |
24 | | regard to ''components'', ''versions'' and ''milestones''. |
| 11 | For IP listing, the RIR allocation (from ARIN, APNIC, LACNIC, AfriNIC, or RIPE) and two levels of internal delegation are supported. This allows tracking of how many IPs in a given block have been reported, and automatically listing the entire block if that goes beyond a certain threshold. Additional levels of delegation could be supported with minimal changes. |
34 | | * TracGuide -- Built-in Documentation |
35 | | * [http://trac.edgewall.org/ The Trac project] -- Trac Open Source Project |
36 | | * [http://trac.edgewall.org/wiki/TracFaq Trac FAQ] -- Frequently Asked Questions |
37 | | * TracSupport -- Trac Support |
| 21 | An IP can have a bit in a bitmask set for any one of the following: |
| 22 | * IP count exceeds automatic threshold (threshold is set for each CIDR block size) |
| 23 | * IP count in RIR allocation |
| 24 | * IP count in first delegation |
| 25 | * IP count in second delegation |
| 26 | * Netblock has been manually tagged to be listed (this is useful to tag blocks marked in WHOIS as dynamic IP space - these IPs should not be sending mail directly to your MX) |
| 27 | * RIR allocation tagged |
| 28 | * First delegation tagged |
| 29 | * Second delegation tagged |
| 30 | * Netblock owner/operator tagged (useful to catch new IPs assigned to netblock owners who generate lots of spam) |
| 31 | * RIR allocation tagged |
| 32 | * First delegation tagged |
| 33 | * Second delegation tagged |
39 | | For a complete list of local wiki pages, see TitleIndex. |
| 35 | == URI blacklist == |
| 36 | |
| 37 | URI listing is much simpler; one or more domains can be added at a time, each at a different listing level or type. Currently supported designations are "black", "grey", and "URL shortener". The supplied !SpamAssassin configuration fragment uses these designations. |
| 38 | |
| 39 | == Releases == |
| 40 | |
| 41 | No stable release has been designated. |
| 42 | |
| 43 | SVN development occasionally lurches ahead at https://secure.deepnet.cx/svn/dnsbl/trunk. |
| 44 | |
| 45 | The IP blacklist has a [https://secure.deepnet.cx/demos/dnsbl demo]. You can see the entire dataset [https://secure.deepnet.cx/demos/dnsbl/browse.cgi here]. This results in an rbldnsd data file like [https://secure.deepnet.cx/demos/dnsbl/demoexport this] (may be out of date with respect to the listing on browse.cgi). |
| 46 | |
| 47 | == Configuration == |
| 48 | |
| 49 | The web UI takes the hostname and root path to the installation, converts non-alphanumerics to underscores, and appends `.conf` - for instance, the demo site above looks for `secure_deepnet_cx_demos_dnsbl.conf` in /etc/dnsbl. This file contains the database connection information. |
| 50 | |
| 51 | For export, the export script requires an argument to determine which configuration to pick up. I use symlinks with convenient short names linked to the longer filenames (`dnsbl` -> `secure_deepnet_cx_demos_dnsbl.conf`). |
| 52 | |
| 53 | Thresholds for automatically listing a block are defined in the `autolist` table. The CIDR mask length is used on the `masklen` column to look up the IP count threshold from the `ipcount` column. |
| 54 | |
| 55 | Manual tagging of a block or block owner is done by setting the `listme` column in the `blocks` or `orgs` tables respectively to `y`. The `comments` column gives you a place to put notes about the block - I've used this to note an "advisory" block added when I see a grouping of IPs that keep showing up in missed spam but which doesn't show in WHOIS, and to tie together apparently unrelated block owners. It's also useful to remind you why a block might be listed in spite of being part of a squeaky-clean network otherwise (typically for blocks labelled "dynamic" in WHOIS, but not listed on eg Spamhaus' [http://www.spamhaus.org/pbl PBL]). |
| 56 | |
| 57 | All further configuration relies on the key-value "misc" table in the database. Supported keys are: |
| 58 | |
| 59 | * blzone (default "`company.dnsbl`")[[br]] |
| 60 | DNS zone to publish the data under. A non-public TLD like `.dnsbl` is recommended to insure you don't leak the data beyond your own usage. |
| 61 | * bladmin (default "`systems.company.com`")[[br]] |
| 62 | Admin contact for the zone's SOA record |
| 63 | * iplisted (default "`$ relayed a reported spam`")[[br]] |
| 64 | String to use when a TXT lookup is done on an IP that is explicitly listed. `$` is replaced by rbldnsd with the actual IP on the fly. |
| 65 | * blocklisted (default "`Netblock listed on one or more criteria`")[[br]] |
| 66 | String to use when a TXT lookup is done on an IP in a block that's listed, but the IP itself isn't. |
| 67 | |
| 68 | The latter two support some customization on a per-entry basis by replacing the literal string `:ENTITY:` with the IP or block being written. |