Michael Robinton > Net-DNSBL-MultiDaemon > Net::DNSBL::MultiDaemon

Download:
Net-DNSBL-MultiDaemon-0.39.tar.gz

Dependencies

Annotate this POD

View/Report Bugs
Module Version: 0.39   Source  

NAME ^

Net::DNSBL::MultiDaemon - multi DNSBL prioritization

SYNOPSIS ^

  use Net::DNSBL::MultiDaemon qw(
        :debug
        run
        bl_lookup  
        set_extension
  );

  run($BLzone,$L,$R,$DNSBL,$STATs,$Run,$Sfile,$StatStamp,$DEBUG)
  bl_lookup($put,$mp,$rtp,$sinaddr,$alarm,$rid,$id,$rip,$type,$zone,@blist);

DESCRIPTION ^

Net::DNSBL::MultiDaemon is the Perl module that implements the multi_dnsbl daemon.

multi_dnsbl is a DNS emulator daemon that increases the efficacy of DNSBL look-ups in a mail system. multi_dnsbl may be used as a stand-alone DNSBL or as a plug-in for a standard BIND 9 installation. multi_dnsbl shares a common configuration file format with the Mail::SpamCannibal sc_BLcheck.pl script so that DNSBL's can be maintained in a common configuration file for an entire mail installation.

Because DNSBL usefulness is dependent on the nature and source of spam sent to a specific site and because sometimes DNSBL's may provide intermittant service, multi_dnsbl interrogates them sorted in the order of greatest successful hits. DNSBL's that do not respond within the configured timeout period are not interrogated at all after 6 consecutive failures, and thereafter will be retried not more often than once every hour until they come back online. This eliminates the need to place DNSBL's in a particular order in your MTA's config file or periodically monitor the DNSBL statistics and/or update the MTA config file.

In addition to optimizing DNSBL interrogation, multi_dnsbl may be configured to locally accept or reject specified IP's, IP ranges and to reject specified countries by 2 character country code. By adding a DNSBL entry of in-addr.arpa, IP's will be rejected that do not return some kind of valid reverse DNS lookup. In addition, IP's can be rejected that have a PTR record that matchs a configurable GENERIC 'regexp' set.

Reject codes are as follows:

  query 2.0.0.127.{zonename}    127.0.0.2
  blocked by configured DNSBL   127.0.0.2
  no reverse DNS                127.0.0.4
  BLOCKED (local blacklist)     127.0.0.5
  Blocked by Country            127.0.0.6
  Blocked GENERIC               127.0.0.7

OPERATION ^

The configuration file for multi_dnsbl contains optional IGNORE (always pass), optional BLOCK (always reject), and optional BBC (block by country) entries against which all received queries are checked before external DNSBL's are queried. IP's which pass IGNORE, BLOCK, and BBC test are then checked against the prioritized list of DNSBL's to try when looking up an IP address for blacklisting. Internally, multi_dnsbl maintains this list in sorted order (including 'in-addr.arpa') based on the number of responses that resulted in an acceptable A record being returned from the DNSBL query. For each IP address query sent to multi_dnsbl, a query is sent to each configured DNSBL sequentially until all DNSBL's have been queried or an acceptable A record is returned.

Let us say for example that blackholes.easynet.nl (below) will return an A record and list.dsbl.org, bl.spamcop.net, dynablock.easynet.nl, will not.

                LIST
        9451    list.dsbl.org
        6516    bl.spamcop.net
        2350    dynablock.easynet.nl
        575     blackholes.easynet.nl
        327     cbl.abuseat.org
        309     dnsbl.sorbs.net
        195     dnsbl.njabl.org
        167     sbl.spamhaus.org
        22      spews.dnsbl.net.au
        6       relays.ordb.org
        1       proxies.blackholes.easynet.nl
        0       dsbl.org

A query to multi_dnsbl (pseudo.dnsbl in this example) looks like this

        QUERY
  1.2.3.4.pseudo.dnsbl
          |
          V
  ####################
  #    multi_dnsbl   #
  ####################
   |                                  RESPONSE
   +--> 1.2.3.4.list.dsbl.org         NXDOMAIN
   |
   +--> 1.2.3.4.bl.spamcop.net        NXDOMAIN
   |
   +--> 1.2.3.4.dynablock.easynet.nl  NXDOMAIN
   |
   +--> 1.2.3.4.blackholes.easynet.nl A-127.0.0.2

The A record is returned to originator of the Query and the statistics count on blackholes.easynet.nl is incremented by one.

INSTALLATION / CONFIGURATION / OPERATION ^

multi_dnsbl can be installed as either a standalone DNSBL or as a plug-in to a BIND 9 installation on the same host. In either case, copy the rc.multi_daemon script to the appropriate startup directory on your host and modify the start, stop, restart scripts as required. Operation of the script is as follows:

  Syntax: ./rc.multi_dnsbl start    /path/to/config.file
          ./rc.multi_dnsbl start -v /path/to/config.file
          ./rc.multi_dnsbl stop     /path/to/config.file
          ./rc.multi_dnsbl restart  /path/to/config.file

  The -v switch will print the scripts 
  actions verbosely to the STDERR.

CONFIGURATION FILE

The configuration file for multi_dnsbl shares a common format with the Mail::SpamCannibal sc_BLcheck.pl script, facilitating common maintenance of DNSBL's for your MTA installation.

The sample configuration file multi_dnsbl.conf.sample is heavily commented with the details for each configuration element. If you plan to use a common configuration file in a SpamCannibal installation, simply add the following elements to the sc_BlackList.conf file:

  MDstatfile     => '/path/to/statistics/file.txt',
  MDpidpath      => '/path/to/pidfiles', # /var/run
  MDzone         => 'pseudo.dnsbl',

  # OPTIONAL
  MDstatrefresh => 300,       # seconds
  MDipaddr      => '0.0.0.0', # PROBABLY NOT WHAT YOU WANT
  MDport        => 9953,
  MDcache       => 10000,     # an entry takes ~400 bytes
                              # default 10000 (to small)

### WARNING ### failure to set MDipaddr to a valid ip address will result in the authority section return an NS record of INADDR_ANY This will return an invalid NS record in stand alone operation

STANDALONE OPERATION

For standalone operation, simply set MDport = 53, nothing more is required.

Interrogating the installation will then return the first match from the configured list of DNSBL servers.

  i.e.  dig 2.0.0.127.pseudo.dnsbl

        .... results

PLUGIN to BIND 9

multi_dnsbl may be used as a plugin helper for a standard bind 9 installation by adding a forward zone to the configuration file as follows:

  //zone pseudo.dnsbl
  zone "pseudo.dnsbl" in {
        type forward;
        forward only;
        forwarders { 
            127.0.0.1 port 9953;
        };
  };

You may also wish to add one or more of the following statements with appropriate address_match_lists to restrict access to the facility.

        allow-notify {};
        allow-query { address_match_list };
        allow-recursion { address_match_list };
        allow-transfer {};      

MTA CONFIGURATION

Access to DNSBL lookup is configured in the normal fashion for each MTA. Since MTA's generally must interrogate on port 53, multi_dnsbl must be installed on a stand-alone server or as a plugin for BIND 9.

A typical configuration line for sendmail M4 configuration file is shown below:

  FEATURE(`dnsbl',`pseudo.dnsbl',
  `554 Rejected $&{client_addr} found in http://www.my.blacklist.org')dnl

SYSTEM SIGNALS ^

multi_dnsbl responds to the following system signals:

PERL MODULE DESCRIPTION ^

Net::DNSBL::MultiDaemon provides most of the functions that implement multi_dnsbl which is an MTA helper that interrogates a list of DNSBL servers in preferential order based on their success rate.

The following describes the workings of individual functions used to implement multi_dnsbl.

DEPENDENCIES ^

  Unix::Syslog
  Geo::IP::PurePerl [conditional for country codes]
  NetAddr::IP
  Net::DNS::Codes
  Net::DNS::ToolKit

EXPORT_OK ^

        run
        bl_lookup  

EXPORT_TAGS :debug ^

  DEBUG is a set of semaphores for the 'run' function

  $D_CLRRUN    = 0x1;  # clear run flag and force unconditional return
  $D_SHRTHD    = 0x2;  # return short header message
  $D_TIMONLY   = 0x4;  # exit at end of timer section
  $D_QRESP     = 0x8;  # return query response message
  $D_NOTME     = 0x10; # return received response not for me
  $D_ANSTOP    = 0x20; # clear run OK flag if ANSWER present
  $D_VERBOSE   = 0x40; # verbose debug statements to STDERR 

AUTHOR ^

Michael Robinton, michael@bizsystems.com

COPYRIGHT ^

Copyright 2003 - 2014, Michael Robinton & BizSystems This program is free software; you can redistribute it and/or modify it under the terms as Perl itself or the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.

This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.

You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.

SEE ALSO ^

URBL::Prepare, Geo::IP::PurePerl, Net::DNSBL::Utilities, Net::DNS::Codes, Net::DNS::ToolKit, Mail::SpamCannibal

syntax highlighting: