DNSRBL services (sometime simply called RBL) are
mechanisms used by SMTP servers to check whether a client about
to deliver some email is blacklisted or not. The transport is based on-top of
DNS and is relatively cheap and straight forward to implement.
An SMTP server getting a connection from a peer may verify if
that host is blacklisted by a specific resource by simply combining the
RBL resource domain (e.g: dnsrbl.example.net) with the
peer address reversed, and look up over DNS if this address has
a resource-record of type A associated.
Additionally, if an A-record exists for that hostname, the
SMTP server may issue an additional request for a
TXT-record to retrieve the listing explanation if any.
Here is how an MTA such as Postfix would proceed to
block a blacklisted peer:
| smtp-client | smtp-server | |
connect("a.mx.example.net") |
||
| <--- | 220 a.mx.example.net Service ready | |
| EHLO random.host.example.net | ---> | |
| <--- | 250 Requested mail action okay, completed | |
| MAIL FROM: <user@domain.com> | ---> | |
| <--- | 250 OK | |
| RCPT TO: <recipient@example.net> | ---> | |
<--- |
getpeername(fd, [addr = 194.2.218.254], ..)554 Service unavailable: host [194.2.218.254] blocked using dnsrbl.example.net |
our RBL system works the same way but users have a bigger control as the hostname has some dynamic parts:
<h1>.<h2>.<h3>.<h4>.[hostname.]geobl.spamanalysis.org h1-h3: 1-16 bytes of hexadecimal characters [mandatory] hostname: 1-8 bytes of hexadecimal characters [optional]
the desired set of blocked countries is defined by the first 4 prefixes. Optionally, the peer address of the
host can be specified in the 5th suffix if monitoring was chosen.
examples:
0.0.0.0.geobl.spamanalysis.org |
allows everything |
0.0.0.0.7033bf58.geobl.spamanalysis.org |
allows everything but logs origin for node 88.191.51.112 |
0.40000000.0.2000000.geobl.spamanalysis.org |
denies US and Israel |
