From FreeBSDwiki
Revision as of 17:19, 21 June 2007 by Jimbo (Talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

RBL is an acronym for Real-time Black-hole List - a list of IP addresses and/or URLs that nobody wants anything to do with, updated constantly in (you guessed it) real time. RBL's are most frequently used to filter out various types of spam, including the "traditional" email variety as well as the newer but increasingly more problematic comment spam.

A typical RBL server is a very simple purpose-oriented DNS server which returns "no answer" if the IP being fed to it isn't on its list, and returns a special answer - usually - if the IP is found. In order to check against the RBL, the IP is deconstructed and put together backwards in front of the RBL server's domain name - for example, in order to check the IP address against the fictitious RBL server, you would try to resolve the URL

server# dig +short A

Aha - the RBL returned, so it looks like the IP address is on their list. Most RBLs will give you a little information about what's on their list, if you query them for a TXT record. Usually, the TXT record gives you an URL for a webpage which will tell you more about the list, whether or not the IP is still listed, and possibly (but possibly not) something about why it's listed or for how long it is scheduled to remain listed.

server# dig +short TXT
"Blocked - see"

By comparison, if we ask about an address that isn't on the list, we get no answer at all for either A or TXT records:

server# dig +short A
server# dig +short TXT

See also Mail toaster, a special configuration of Qmail and several other mail applications which includes built-in RBL filtering.

Personal tools