How to use the PBL blacklist with DCC?

Vernon Schryver vjs@calcite.rhyolite.com
Tue Apr 3 00:29:47 UTC 2007


> From: Gary Mills <mills@cc.umanitoba.ca>

> I've been using the XBL DNS-based blacklist with DCC for some time
> with satisfactory results.  XBL is a database of known spam sources.
> Spamhaus recently announced their PBL (Policy Block List), a database
> of IP ranges that should only be sending unauthenticated SMTP e-mail
> to their respective ISPs.  Is anybody using this now within DCC?
>
> I'm concerned that some of our users will have their e-mail blocked by
> this blacklist.  For example, the IP address of my cable-modem-
> connected home computer is on the PBL.  We expect our users to send
> e-mail through our e-mail server, although we require them to
> authenticate if they wish to relay through it.  Will the dcc_notspam
> macros in sendmail.cf override the blacklist?

The dcc_notspam sendmail macros work for me, but I've only tested with
SMTP-TSL authentication.  I have heard reports that dcc_notspam does
work with SMTP-AUTH.  You must set the TrustAuthMech class to include
whatever flavors of SMTP authentication you use, and I have vague hopes
that was not done.

If you do use the PBL with `dccm -B`, you might want to arrange to not
use the PBL to check MX, NS, and probably HTTP servers.  The PBL includes
the IP addresses of MX, NS, and probably HTTP servers that never send
any mail but that are mentioned in or associated with legitimate mail.
It would be necessary to use something like
  ... -B domain1 -B set:no-body -B set:no-MX -B set:no-NS -B domain2 ...
to turn off MX, NS, and body URL checks for DNSBL domain2 while enabling
them for domain1.


Vernon Schryver    vjs@rhyolite.com



More information about the DCC mailing list

Contact vjs@rhyolite.com by mail or use the form.