rblsmtpd(8)
NAME
rblsmtpd - block mail from RBL-listed sites
SYNTAX
rblsmtpd [ -b ] [ -l ] [ -R ] [ -r domain [ :replystring ] ] [ -t timeout ] smtpd [ arg ... ]
DESCRIPTION
Normally rblsmtpd runs smtpd with the given arguments. smtpd is expected to carry out an SMTP conversation to
receive incoming mail messages.However, rblsmtpd does not invoke smtpd if it is told to block mail from this client. Instead it carries out its
own limited SMTP conversation, temporarily rejecting all attempts to send a message. Meanwhile, if the -l flag is used, it prints one line on stderr to log its activity.rblsmtpd drops the limited SMTP conversation after timeout seconds if the -ttimeout option is supplied, or after 60 seconds by default, even if the client has not quit by
then.BLOCKED CLIENTS
If the $RBLSMTPD environment variable is set and is nonempty, rblsmtpd blocks mail. It uses $RBLSMTPD as an error message for the client.
If $RBLSMTPD is set and is empty, rblsmtpd does not block mail.
If $RBLSMTPD is not set, and the $TCPREMOTEIP environment variable shows an IP address listed in the RBL, rblsmtpd blocks mail. Normally rblsmtpd is invoked under tcpserver to handle an SMTP connection from a remote host; tcpserver sets up $TCPREMOTEIP as the IP address of the remote host.
The RBL source is set by the -rdomain option. By default domain is rbl.maps.vix.com; see http://maps.vix.com/rbl/ for more information. An IP address a.b.c.d is listed in
the RBL if d.c.b.a.domain has a TXT record. rblsmtpd uses the contents of the TXT record as an error message for the client.If domain does not include TXT records, an alternative reply string may be specified with -r with a colon sepa
rating it from the domain. rblsmtpd then uses an A lookup instead of TXT, and uses the alternative reply string in the error message. If replystring contains the string IP, then the value of $TCPREMOTEIP will be substituted at that point in the error message.TEMPORARY ERRORS
Normally rblsmtpd uses a 451 error code in its limited SMTP conversation. This tells legitimate clients to try
again later. It gives innocent relay operators a chance to see the problem, prohibit relaying, get off the RBL, and get the mail delivered.However, if $RBLSMTPD begins with a hyphen, rblsmtpd removes the hyphen and uses a 553 error code. This tells
legitimate clients to bounce the message immediately.Furthermore, if the -b option is supplied, rblsmtpd uses a 553 error code for entries found in the RBL.
If an RBL lookup fails temporarily, and the -R option is
supplied, rblsmtpd blocks mail temporarily, whether or not the -b option is supplied. If the -R option is not sup plied, rblsmtpd does not block mail; this is unsafe, since a knowledgeable attacker can force the RBL lookup to fail temporarily.