As mentioned in the introduction, the anti-spam tools provided by djb work with Realtime Blackhole Lists, or RBLs. These tools include the following:
This software is already included in your djb installation so far, ready to go:
Note that the installation procedure for ucspi-tcp did include a couple of patches specific to rblsmtpd. Our discussion of rblsmtpd will assume the presence of these patches.
Before continuing, remember that spam is often made possible by the presence of "open relays". These are mail servers naively installed or misconfigured to freely permit the forwarding of mail from any address, to any address. They are the ideal springboard for spammers. Unfortunately, their numbers seem to be in the billions.
In the fight against spam, start by making sure your own qmail installation is not an open relay. To briefly review, the following two mechanisms should be used to lock down qmail against spammers:
control/rcpthosts should be set up to include only those domains your qmail-smtpd service will accept for local delivery. This generally means the combined entries found in control/localhosts and control/virtualdomains. In any case, your qmail installation must have a rcpthosts control file. Otherwise, it will function as an open relay, serving at the whim and delight of a multitude of spammers. Then your own server will be subject to the possibility of being blacklisted!
/etc/tcprules/smtp.rules should be set up to allow only selective relaying (through the use of RELAYCLIENT=""), and only for clients on the local (or otherwise authorized) network.
The first disables the use of your server as an open relay by anyone. The second permits a selective override of the first, so that only the clients of your choosing may forward deliveries to outgoing destinations.
Now that your own server is configured against malevolent use, you are ready to further protect it from spam deliveries with rblsmtpd.
Copyright © 2003, 2004, Wayne Marshall.
All rights reserved.
Last edit 2004.09.30, wcm.