Scribd
Upload
112 views3 pages

Rbldns Howto

This document provides instructions for setting up and running your own RBL (Real-time Blackhole List) DNS blacklist. It involves installing rbldnsd software, creating a MySQL database to store IP addresses, configuring rbldnsd to rebuild flat files from the database periodically, and configuring a DNS subdomain and mail servers to use the custom RBL database.

Uploaded by

linda
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as ODT, PDF, TXT or read online on Scribd
112 views3 pages

Rbldns Howto

This document provides instructions for setting up and running your own RBL (Real-time Blackhole List) DNS blacklist. It involves installing rbldnsd software, creating a MySQL database to store IP addresses, configuring rbldnsd to rebuild flat files from the database periodically, and configuring a DNS subdomain and mail servers to use the custom RBL database.

Uploaded by

linda
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as ODT, PDF, TXT or read online on Scribd

Running Your Own RBL DNS Blacklist

Ever notice how the public RBL databases aren't enough? spamcop and spamhaus are great, but there
are spammers still getting through. Did you ever want to do it yourself?
This procedure explains how to run your own RBL DNS Blacklist. It uses a mysql table to store the IP
address you want to blacklist and whitelist. Based on this data, it rebuilds a flatfile that the dns server
uses on a regular basis. I prefer every 5 minutes. I run it on a Blue Quartz server which is CentOS
Linux (Red Hat EL4) based. You will need a local mysql server.

Step 1:Download the RBL DNS Daemon


Download the rbldns server rbldnsd RPM
If on the latest Blue Quartz server, please get the version for Red Hat Enterprise Linux 4 for i386 (el4-
i386)
Make sure you are not already running a DNS server on this machine. Turn off "named" if its on.
service named stop

Step 2:Install the RPM


useradd rbldns
rpm -Uvh rbldnsd*.rpm

Step 3: Create a mysql table


Make sure the MySQL server is running.
CREATE TABLE `ips` (
`ipaddress` varchar(15) NOT NULL default '',
`dateadded` datetime NOT NULL default '0000-00-00 00:00:00',
`reportedby` varchar(40) default NULL,
`updated` datetime default NULL,
`attacknotes` text,
`b_or_w` char(1) NOT NULL default 'b',
PRIMARY KEY (`ipaddress`),
KEY `dateadded` (`dateadded`),
KEY `b_or_w` (`b_or_w`)
) ENGINE=MyISAM DEFAULT CHARSET=latin1 COMMENT='spammer list';

You may want to create a mysql user just for this purpose with limited permissions.

Step 4: Download the perl script that rebuilds the flat file from a mysql database
rebuild_rbldns.pl script
Put this script in /usr/local/bin
wget -O /usr/local/bin/rebuild_rbldns.pl
http://www.blue-quartz.com/rbl/rebuild_rbldns.txt
chmod 750 /usr/local/bin/rebuild_rbldns.pl

You will want to put this in the root cron and run it every 5 minutes
crontab -e
*/5 * * * * /usr/local/bin/rebuild_rbldns.pl
Please edit lines 25-27 of this perl script to change your mysql user and password.

Step 5: Edit the /etc/sysconfig/rbldnsd config file


# My boot rbldnsd options
# -----------------------------------------
# TTL 35m, check files every 60s for changes, -f = smooth reloads
# -l logfilepath
# Please change 101.102.103.104 to your real public IP that you want the dns daemon
to listen on
# Please change mydomain.com to your real domain name.
#
RBLDNSD="dsbl -l /var/lib/rbldns/log/rbl.log -f -r/var/lib/rbldns/dsbl -b
101.102.103.104 \
rbl.mydomain.com:ip4set:spammerlist,whitelist \
rbl.mydomain.com:generic:forward
"

Step 6: Create directory structure for flat file


mkdir /var/lib/rbldns/dsbl
touch /var/lib/rbldns/dsbl/forward
touch /var/lib/rbldns/dsbl/spammerlist
touch /var/lib/rbldns/dsbl/whitelist
touch /var/lib/rbldns/dsbl/rbl.log
chown -R rbldns:rbldns dsbl

Step 7: Add some records to the MySQL database you have of known spammers
INSERT INTO ips SET
ipaddress='123.456.789.1',
reportedby='101.102.103.104',
attacknotes='dictionary attack from badboy.com',
b_or_w='b',
dateadded=now(),
updated=now();

Step 8: Run the script to build the flat file


/usr/local/bin/rebuild_rbldns.pl and if you want to see if it actually created the file type this:
cat /var/lib/rbldns/dsbl/spammerlist

Step 9: Start the rbldns service


service rbldnsd start

Step 10: Create a DNS subdomain zone for rbl.mydomain.com


You must create a DNS zone (subdomain) in your main DNS server for rbl.mydomain.com and point it
to your rbldnsd server.
; subdomain delegation
rbl.mydomain.com. in ns rbl.mydomain.com.
rbl.mydomain.com. in a 101.102.103.104
Step 11: test rbl.mydomain.com lookups
If a blacklisted IP address is in your rbl database it will "exist" in the DNS system.
For example:
if you blacklisted IP 89.40.1.32
then doing a regular DNS lookup like this:
nslookup 32.1.40.89.rbl.mydomain.com

should result in a match of 127.0.0.2


Every entry in your RBL database will return a match of 127.0.0.2
If an IP address is not in your RBL database it will fail to find an entry. This is how mail servers know
how to block relays of email from known spammers.

Step 12: Having Your Mail Servers Use This RBL database
If you are using sendmail, and want it to use this database, do this:
cd /etc/mail
vi sendmail.mc
make

add this line right below the "blacklist_recipients" line:


FEATURE(dnsbl, `rbl.mydomain.com', `Rejected - known spammer')dnl

Now sendmail will reject messages from bad IP addresses in your database. You can monitor your
/var/log/maillog file to see if sendmail really did block a specific IP.

Step 13: Filling your database with known spammers


Now you need to decide how you are going to add records to your MySQL table. I suggest you write a
script that monitors mailboxes or mail server logs. This is a great way to discover those spammers that
are getting through the system.
I also wrote some PHP web pages with forms to allow me to quickly add IP's to my blacklist. You
might want to try that.

You might also like