pavement

RBL

From FreeBSDwiki
Revision as of 14:05, 5 May 2007 by Jimbo (Talk | contribs)
Jump to: navigation, search

RBL is an acronym for Real-time Black-hole List - a list of IP addresses and/or URLs that nobody wants anything to do with, updated constantly in (you guessed it) real time. RBL's are most frequently used to filter out various types of spam, including the "traditional" email variety as well as the newer but increasingly more problematic comment spam.

A typical RBL server is a very simple purpose-oriented DNS server which returns "no answer" if the IP being fed to it isn't on its list, and returns a special answer - usually 127.0.0.2 - if the IP is found. In order to check against the RBL, the IP is deconstructed and put together backwards in front of the RBL server's domain name - for example, in order to check the IP address 1.2.3.4 against the fictitious RBL server rbl.spammersarebad.net, you would try to resolve the URL 4.3.2.1.rbl.spammersarebad.net.

server# dig +short A 4.3.2.1.rbl.spammersarebad.net
127.0.0.2

Aha - the RBL returned 127.0.0.2, so it looks like the IP address 1.2.3.4 is on their list. Most RBLs will give you a little information about what's on their list, if you query them for a TXT record. Usually, the TXT record gives you an URL for a webpage which will tell you more about the list, whether or not the IP is still listed, and possibly (but possibly not) something about why it's listed or for how long it is scheduled to remain listed.

server# dig +short TXT 4.3.2.1.rbl.spammersarebad.net
"Blocked - see http://rbl.spammersarebad.net/bl.shtml?1.2.3.4"

By comparison, if we ask about an address that isn't on the list, we get no answer at all for either A or TXT records:

server# dig +short A 5.4.3.2.rbl.spammersarebad.net
server# dig +short TXT 5.4.3.2.rbl.spammersarebad.net
server#

See also Mail toaster, a freebsdwiki.net special configuration of Qmail and several other mail applications which includes built-in RBL filtering.

Personal tools