MikeL's FreeBSD howto - MAPS RBL-PLUS
If you get anywhere near as much spam junk as I get, you need
Mail Abuse Prevention System (MAPS)
RBL-PLUS! Here's some details to get it going...
First thing is to send them the money. $200/year [Sep-2002]. (Click
MAPS link above, find "Subscription Policies" link, then "Fee
structure" link.) They will email you when your check arrives. There
may be a delay for a day or so before they approve your subscription.
They will then email you with acknowledgement that your IP address has
been enabled.
When you send in your money, they will need:
- Your machines IP address. Please note that you must have a fixed
IP address. If your machine answers to multiple IP addresses, you
may have problems (I don't have this config -- this
is a warning from RBL Tech Supp.).
- Your email address. This cannot be fake, it's the real contact
info. Without it, you're out of luck.
- The appropriate contract from the Fee Structure page.
- And of course, your money
On your server, you need to make the following config changes:
- You should be using M4 for sendmail config. If not, this is the
time to make the change. Trust me, it's worth it.
- In your .mc file, simply add:
FEATURE(dnsbl, `rbl-plus.mail-abuse.org')
or, if you prefer a more specific response to spam, something like
this:
FEATURE(dnsbl, `rbl-plus.mail-abuse.org', `"550 Mail from " $&{client_addr} " rejected; see http://mail-abuse.org/cgi-bin/lookup?" $&{client_addr}')
A note on .mc files: Anything following a "dnl" is a
comment. You do not need a trailing "dnl" on .mc file lines,
regardless of how many examples of this you see on the web. You can
test this yourself, by 'make'ing your config file, then removing all
trailing "dnl"s, remaking the file and 'diff'ing them.
- Check your DNS configuration (
/etc/named/namd.conf)
-- you cannot use "forwarder"s. Remember that RBL-PLUS is
specifically configured to allow your server to make
queries -- it is unlikely that your
forwarder(s) are also enabled -- if it is,
you just saved yourself $200!
Note: when sendmail makes a request to RBL-PLUS, it
simply does a direct DNS lookup of a hypothetical address at
mail-abuse.org.
Testing your config:
- Check your logs (
/var/log/maillog) -- search for
rbl-. If it's working, you'll see "status=reject" entries.
Troubleshooting:
- Use 'named-xfer' to fetch the public systems at
mail-abuse.org.
At this time you'll find west1, east1, and
europe1 -- you may want to use one of these others as
your configured default.
- Use 'traceroute' to see if you can contact west1.mail-abuse.org.
Try 127.0.0.2 -- lookups are done backwards:
> # nslookup
Default Server: [my server/address edited out]
Address: [my server/address edited out]
> 2.0.0.127.rbl-plus.mail-abuse.org
Server: [my server/address edited out]
Address: [my server/address edited out]
Name: 2.0.0.127.rbl-plus.mail-abuse.org
Address: 127.1.0.5
> #
If you get a "host/domain not found" error, it's not working.
Possibly MAPS has not enabled your IP, or you're going through a
forwarder.
- Test if MAPS is talking to you:
Do the same test as above, but
ask their server directly. (Use the zone load from above to determine
their server IP addresses.) Use the magic address 127.0.0.2 (in
reverse order). If you're not enabled at their end, you'll get a
timeout error:
# nslookup
Default Server: [my server/address edited out]
Address: [my server/address edited out]
> server 157.22.13.82
Default Server: 82.13.22.157.zocalo.net
Address: 157.22.13.82
> 2.0.0.127.rbl-plus.mail-abuse.org
Server: 82.13.22.157.zocalo.net
Address: 157.22.13.82
Name: 2.0.0.127.rbl-plus.mail-abuse.org
Address: 127.1.0.5
> #
Copyright © 1995-2024
Mike Lempriere
(running on host bayanus)