-
-
Notifications
You must be signed in to change notification settings - Fork 3
surblfilter.8
surblfilter - qmail SURBL blocklist interface
surblfilter [ -v ] [ -c ] [ -t ]
SURBLs are lists of web sites that have appeared in unsolicited messages. Unlike most lists, SURBLs are not lists of message senders.
Web sites seen in unsolicited messages tend to be more stable than the rapidly changing botnet IP addresses used to send the vast majority of them. Sender lists like zen.spamhaus.org can be used in a first stage filter to help identify 80% to 90% of unsolicited messages. SURBLs can help find about 75% of the otherwise difficult, remaining unsolicited messages in a second stage filter. Used together with sender lists, SURBLs have proven to be a highly-effective way to detect 95% of unsolicited messages. surblfilter reads an rfc822 email on stdin, extracts URL and checks them against SURBL.
surblfilter can be used as a filter using qmail-qfilter(1), or as a qmail-multi(8) filter by setting FILTERARGS environment variable to the path of surblfilter executable (with arguments if any). surblfilter can also be used as a qmail-queue(8) frontend by setting QMAILQUEUE environment variable to a wrapper /usr/sbin/surblqueue. You can define SURBLQUEUE environment variable to make surblqueue execute something other than qmail-multi(8). You can set SURBLOPTS environment variable to pass options to surblfilter.
surblfilter uses QMAILRCPTS environment variable to get the recipient list. You can whitelist recipients by having the email addresses in surblrcpt control file. You can change the name of this control file by setting SURBLRCPT environment variable. QMAILRCPTS environment variable is set by the qmail-qfilter(1) program.
surblfilter uses the control file surbldomainwhite to whitelist a domain. You can change the name of this control file by setting the SURBLDOMAINWHITE environment variable.
The default SURBL list that is used is multi.surbl.org. You can use a different list by setting the surbldomain control file.
surblfilter caches results in /etc/indimail/control/cache directory. The filename of files in this directory represents the domain. If a file has permission 0600, it means that the domain was blacklisted. The entries are cached for a default of 300 seconds. You can change this by setting CACHELIFETIME environment variable or setting this value in cacheliftime control file. The cache directory should be owned by the uid of the running qmail-smtpd(8).
surblfilter removes all leading host names, subdomains, www., randomized subdomains, etc. In order to determine the level of domain check, it uses the control files level3-tlds and level2-tlds. For any domain found in level3-tlds, it checks the domain at level4. For any domain found in level2-tlds, it checks the domain at level3. For all domains not found in these two control files, it checks the domain at level2. Please look at http://www.surbl.org/guidelines for more details.
-v
Use debug mode to make surbfilter write debug information on
descriptor 5. If SURBL_DEBUG_FN is set, surblqueue will redirect
descriptor 5 to the filename set by SURBL_DEBUG_FN.
-c
Do not cache results
-t
Do dns text query to get the reason. This option will slow
surblfilter. Remember that last octet of the IP address obtained for
the domain gives you the reason for the block
surbfilter returns 88 if the domain is blocked and prints the reason on standard error. This allows for qmail-smtpd(8) to print a permanent error during a SMTP session. It returns 111 for all temporary errors. It returns 0 if the message does not contain any domain blocked by SURBL.