rblsmtpd(1) - phpMan
rblsmtpd(1) General Commands Manual rblsmtpd(1)
rblsmtpd - blocks mail from RBL-listed sites. It works with any SMTP server that can run
rblsmtpd opts prog
opts is a series of getopt-style options. prog consists of one or more arguments.
Normally rblsmtpd runs prog. prog is expected to carry out an SMTP conversation to
receive incoming mail messages.
However, rblsmtpd does not invoke prog if it is told to block mail from this client.
Instead it carries out its own limited SMTP conversation, temporarily rejecting all
attempts to send a message. Meanwhile it prints one line on descriptor 2 to log its activ‐
rblsmtpd drops the limited SMTP conversation after 60 seconds, even if the client has not
quit by then.
-t n Change the timeout to n seconds.
If the $RBLSMTPD environment variable is set and is nonempty, rblsmtpd blocks mail. It
uses $RBLSMTPD as an error message for the client. Normally rblsmtpd runs under
tcpserver(1); you can use tcprules(1) to set $RBLSMTPD for selected clients.
If $RBLSMTPD is set and is empty, rblsmtpd does not block mail.
If $RBLSMTPD is not set, rblsmtpd looks up $TCPREMOTEIP in the RBL, and blocks mail if
$TCPREMOTEIP is listed. tcpserver sets up $TCPREMOTEIP as the IP address of the remote
Use base as an RBL source. An IP address a.b.c.d is listed by that source if
d.c.b.a.base has a TXT record. rblsmtpd uses the contents of the TXT record as an
error message for the client.
Use base as an anti-RBL source. An IP address a.b.c.d is anti-listed by that source
if d.c.b.a.base has an A record. In this case rblsmtpd does not block mail.
You may supply any number of -r and -a options. rblsmtpd tries each source in turn until
it finds one that lists or anti-lists $TCPREMOTEIP. It also tries an RBL source of
rbl.maps.vix.com if you do not supply any -r options. See http://maps.vix.com/rbl/ for
more information about rbl.maps.vix.com.
If you want to run your own RBL source or anti-RBL source for rblsmtpd, you can use rbldns
from the DNScache (djbdns) package.
Normally, if $RBLSMTPD is set, rblsmtpd uses a 451 error code in its limited SMTP conver‐
sation. This tells legitimate clients to try again later. It gives innocent relay opera‐
tors a chance to see the problem, prohibit relaying, get off the RBL, and get the mail
However, if $RBLSMTPD begins with a hyphen, rblsmtpd removes the hyphen and uses a 553
error code. This tells legitimate clients to bounce the message immediately.
There are several error-handling options for RBL lookups:
-B (Default.) Use a 451 error code for IP addresses listed in the RBL.
-b Use a 553 error code for IP addresses listed in the RBL.
-C (Default.) Handle RBL lookups in a ``fail-open'' mode. If an RBL lookup fails tem‐
porarily, assume that the address is not listed; if an anti-RBL lookup fails tempo‐
rarily, assume that the address is anti-listed. Unfortunately, a knowledgeable
attacker can force an RBL lookup or an anti-RBL lookup to fail temporarily, so that
his mail is not blocked.
-c Handle RBL lookups in a ``fail-closed'' mode. If an RBL lookup fails temporarily,
assume that the address is listed (but use a 451 error code even with -b). If an
anti-RBL lookup fails temporarily, assume that the address is not anti-listed (but
use a 451 error code even if a subsequent RBL lookup succeeds with -b). Unfortu‐
nately, this sometimes delays legitimate mail.
tcpserver(1), tcprules(1), tcprulescheck(1), fixcrio(1), recordio(1), rblsmtpd(1), tcp‐
client(1), who@(1), date@(1), finger@(1), http@(1), tcpcat(1), mconnect(1), tcp-environ(5)