SYNOPSIS

       rblsmtpd opts prog



DESCRIPTION

       rblsmtpd works with any SMTP server that can run under tcpserver(1).
       It accepts a series of getopt-style options opts while prog consists of
       one or more arguments.

       Normally rblsmtpd runs prog.  prog is expected to carry out an SMTP
       conversation to receive incoming emails.

       However, rblsmtpd does not invoke prog if it is told to block emails
       from this client.  Instead it carries out its own limited SMTP
       conversation, temporarily rejecting all attempts to send an email.
       Meanwhile it prints one line on descriptor 2 to log its activity.

       rblsmtpd drops the limited SMTP conversation after 60 seconds, even if
       the client has not quit by then.



RBL LOOKUP OPTIONS

       -t n   Change the timeout to n seconds.

       Blocked clients

       If the RBLSMTPD environment variable is set and is nonempty, rblsmtpd
       blocks emails. It uses RBLSMTPD as an error message for the client.
       Normally rblsmtpd runs under tcpserver(1); you can use tcprules(1) to
       set RBLSMTPD for selected clients.

       If RBLSMTPD is set and is empty, rblsmtpd does not block emails.

       If RBLSMTPD is not set, rblsmtpd looks up TCPREMOTEIP in the RBL, and
       blocks emails if TCPREMOTEIP is listed.  tcpserver sets up TCPREMOTEIP
       as the IP address of the remote host.

       -r base
              Use base as an RBL source. An IPv4 address a.b.c.d is listed by
              that source if d.c.b.a.base has a TXT record.  An IPv6 address
              is expanded in it's inverse nibble format.  rblsmtpd uses the
              contents of the TXT record as an error message for the client.

       -a base
              Use base as an anti-RBL source. An IPv4 address a.b.c.d is anti-
              listed by that source if d.c.b.a.base has an A record. In this
              case rblsmtpd does not block emails. The same holds for IPv6
              addresses (see below) and a corresponding AAAA record.

       You may supply any number of -r and -a options.  rblsmtpd tries each
       source in turn until it finds one that lists or anti-lists TCPREMOTEIP.

       There are several error-handling options for RBL lookups:

       -B     (Default.) Use a 451 error code for IP addresses listed in the
              RBL.

       -b     Use a 553 error code for IP addresses listed in the RBL.

       -C     (Default.) Handle RBL lookups in a ``fail-open'' mode.  If an
              RBL lookup fails temporarily, assume that the address is not
              listed; if an anti-RBL lookup fails temporarily, assume that the
              address is anti-listed.  Unfortunately, a knowledgeable attacker
              can force an RBL lookup or an anti-RBL lookup to fail
              temporarily, so that his email is not blocked.

       -c     Handle RBL lookups in a ``fail-closed'' mode.  If an RBL lookup
              fails temporarily, assume that the address is listed (but use a
              451 error code even with -b). If an anti-RBL lookup fails
              temporarily, assume that the address is not anti-listed (but use
              a 451 error code even if a subsequent RBL lookup succeeds with
              -b). Unfortunately, this sometimes delays legitimate emails.




INTERROGATION MODE

       rblsmtpd may be used to only query RBLs and to present the results to
       qmail-smtpd in an interrogation mode.

       -i     interrogation mode; the RBL information is written on descriptor
              2 and available via the environment variable RBLSMTPD for
              further decisions.



GREETDELEY OPTIONS

       Introduce a certain delay in the SMTP connection; either before or
       after the RBL, the anti-RBL lookups respectively, depending whether
       this option is defined before or after the lookups.

       -w n   provides a delay of 'n' seconds for all connections.

       -W     evaluate the environment variable GREETDELAY and potentially
              delay the call to qmail-smtpd.



IPv4/IPv6 INVERSE NIBBLE FORMAT

       rblsmtpd constructs from the incoming IP address TCPREMOTEIP by means
       of it's inverse nibble format the resulting inverse domain name. If
       PROTO=TCP the standard inverse IPv4 address scheme is used, whereas in
       case of PROTO=TCP6 the IPv6 inverse domain name is computed based on
       the expanded IPv6 address:

              fe80::1 =>
              1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.(tld)

       rblsmtpd recognizes IPv4-mapped IPv6 addresses and strips the IPv6 prefix
       piror to build the IPv4 inverse address for the RBL lookup.

SEE ALSO

       tcpserver(1),
       tcprules(1),
       tcprulescheck(1),
       tcp-environ(5)




                                                                   rblsmtpd(1)

Man(1) output converted with man2html and me