Linode DNSBL Service?
My understanding is that to use one of the free DNSBL services you have to run a caching server locally to run queries. That's a nuisance. It would be a great plus if Linode subscribed to the various DNSBL services (and paid them as necessary).
4 Replies
If the IP is listed in the DNS blacklist then the mail is rejected. You can go through several good lists - Spamhaus, SORBS, SCBL and CBL. You can list them under smtpdrecipientrestrictions = with the directive rejectrblclient, for example:
smtpdrecipientrestrictions =
permitsaslauthenticated,
(…),
rejectrblclient multihop.dsbl.org,
(…),
permit
OR
you can list the DNSBL's under mapsrbldomains and just add rejectmapsrbl to smtpdrecipientrestrictions:
mapsrbldomains = zen.spamhaus.org,
dnsbl.sorbs.net,
list.dsbl.org,
bl.spamcop.net,
cbl.abuseat.org
smtpdrecipientrestrictions =
(…),
rejectmapsrbl,
permit
@tknarr:
You don't need a local caching server. I use the Spamhaus Zen list in Postfix just by including it in main.cf, and used to use SORBS the same way. Generally the caching servers are for commercial subscriptions (high-volume use), which you probably won't need unless your inbound e-mail traffic exceeds 100K messages/day.
But if everyone did this then eventually ns{1,2,3,…}.linode.com would be generating a lot of traffic and the DNSBL services would block them (unless they subscribed).
No?
> Use of the Spamhaus DNSBLs via DNS queries to our public DNSBL servers is free of charge if you meet all three of the following criteria:
1) Your use of the Spamhaus DNSBLs is non-commercial*,
and
2) Your email traffic is less than 100,000 SMTP connections per day,
and
3) Your DNSBL query volume is less than 300,000 queries per day.
*Definition: "non-commercial use" is use for any purpose other than as part or all of a product or service that is resold, or for use of which a fee is charged. For example, using our DNSBLs in a commercial spam filtering appliance that is then sold to others requires a data feed, regardless of use volume. The same is true of commercial spam filtering software and commercial spam filtering services.
A company that uses our DNSBLs solely to filter their own email qualifies as a non-commercial user and may use our free public DNSBLs if that company's email volume and DNSBL query volume is below the free use limits. The same is true for any non-profit organization, school, religious organization, or private individual who operates their own mail server.
Running your own caching DNS server is a good idea anyway (as you help them to save bandwidth) and it's quite easy indeed. In Debian/Ubuntu with fixed IP it would be something like this:
apt-get install bind9
grep -v ^nameserver /etc/resolv.conf > /etc/resolv.conf.new
echo "nameserver 127.0.0.1" >> /etc/resolv.conf.new
mv /etc/resolv.conf.new /etc/resolv.conf
i.e. not something I would call a "nuisance".