rblsmtpd(8)
NAME
rblsmtpd - block mail from RBL-listed sites
SYNTAX
rblsmtpd [ -b ] [ -l ] [ -R ] [ -r domain [ :replystring ] ] [ -t timeout ] smtpd [ arg ... ]
DESCRIPTION
Normally rblsmtpd runs smtpd with the given arguments.
smtpd is expected to carry out an SMTP conversation to
receive incoming mail messages.
However, rblsmtpd does not invoke smtpd if it is told to
block mail from this client. Instead it carries out its
own limited SMTP conversation, temporarily rejecting all
attempts to send a message. Meanwhile, if the -l flag is
used, it prints one line on stderr to log its activity.
rblsmtpd drops the limited SMTP conversation after timeout
seconds if the -ttimeout option is supplied, or after 60
seconds by default, even if the client has not quit by
then.
BLOCKED CLIENTS
If the $RBLSMTPD environment variable is set and is
nonempty, rblsmtpd blocks mail. It uses $RBLSMTPD as an
error message for the client.
If $RBLSMTPD is set and is empty, rblsmtpd does not block
mail.
If $RBLSMTPD is not set, and the $TCPREMOTEIP environment variable shows an IP address listed in the RBL, rblsmtpd blocks mail. Normally rblsmtpd is invoked under tcpserver to handle an SMTP connection from a remote host; tcpserver sets up $TCPREMOTEIP as the IP address of the remote host.
The RBL source is set by the -rdomain option. By default
domain is rbl.maps.vix.com; see http://maps.vix.com/rbl/
for more information. An IP address a.b.c.d is listed in
the RBL if d.c.b.a.domain has a TXT record. rblsmtpd uses
the contents of the TXT record as an error message for the
client.
If domain does not include TXT records, an alternative
reply string may be specified with -r with a colon sepa
rating it from the domain. rblsmtpd then uses an A lookup
instead of TXT, and uses the alternative reply string in
the error message. If replystring contains the string IP,
then the value of $TCPREMOTEIP will be substituted at that
point in the error message.
TEMPORARY ERRORS
Normally rblsmtpd uses a 451 error code in its limited
SMTP conversation. This tells legitimate clients to try
again later. It gives innocent relay operators a chance
to see the problem, prohibit relaying, get off the RBL,
and get the mail delivered.
However, if $RBLSMTPD begins with a hyphen, rblsmtpd
removes the hyphen and uses a 553 error code. This tells
legitimate clients to bounce the message immediately.
Furthermore, if the -b option is supplied, rblsmtpd uses a
553 error code for entries found in the RBL.
If an RBL lookup fails temporarily, and the -R option is
supplied, rblsmtpd blocks mail temporarily, whether or not
the -b option is supplied. If the -R option is not sup
plied, rblsmtpd does not block mail; this is unsafe, since
a knowledgeable attacker can force the RBL lookup to fail
temporarily.