Linode Forum
https://forum.linode.com/

Linode DNSBL Service?
https://forum.linode.com/viewtopic.php?f=11&t=11908		 Page 1 of 1
Author:  ioplex [ Wed Jun 10, 2015 12:30 am ]
Post subject:  Linode DNSBL Service?
Does Linode have a DNSBL service?

My understanding is that to use one of the free DNSBL services you have to run a caching server locally to run queries. That's a nuisance. It would be a great plus if Linode subscribed to the various DNSBL services (and paid them as necessary).
Author:  tknarr [ Wed Jun 10, 2015 3:01 am ]
Post subject:  Re: Linode DNSBL Service?
You don't need a local caching server. I use the Spamhaus Zen list in Postfix just by including it in main.cf, and used to use SORBS the same way. Generally the caching servers are for commercial subscriptions (high-volume use), which you probably won't need unless your inbound e-mail traffic exceeds 100K messages/day.
Author:  EmmaT [ Wed Jun 10, 2015 7:09 am ]
Post subject:  Re: Linode DNSBL Service?
Hi,

If the IP is listed in the DNS blacklist then the mail is rejected. You can go through several good lists - Spamhaus, SORBS, SCBL and CBL. You can list them under smtpd_recipient_restrictions = with the directive reject_rbl_client, for example:

smtpd_recipient_restrictions =
permit_sasl_authenticated,
(...),
reject_rbl_client multihop.dsbl.org,
(...),
permit

OR


you can list the DNSBL's under maps_rbl_domains and just add reject_maps_rbl to smtpd_recipient_restrictions:

maps_rbl_domains = zen.spamhaus.org,
dnsbl.sorbs.net,
list.dsbl.org,
bl.spamcop.net,
cbl.abuseat.org
smtpd_recipient_restrictions =
(...),
reject_maps_rbl,
permit
Author:  ioplex [ Wed Jun 10, 2015 12:37 pm ]
Post subject:  Re: Linode DNSBL Service?
tknarr wrote:
You don't need a local caching server. I use the Spamhaus Zen list in Postfix just by including it in main.cf, and used to use SORBS the same way. Generally the caching servers are for commercial subscriptions (high-volume use), which you probably won't need unless your inbound e-mail traffic exceeds 100K messages/day.

But if everyone did this then eventually ns{1,2,3,...}.linode.com would be generating a lot of traffic and the DNSBL services would block them (unless they subscribed).

No?
Author:  sanvila [ Wed Jun 10, 2015 4:19 pm ]
Post subject:  Re: Linode DNSBL Service?
These are the usage terms for the Spamhaus DNSBLs:

http://www.spamhaus.org/organization/dnsblusage/

Quote:
Use of the Spamhaus DNSBLs via DNS queries to our public DNSBL servers is free of charge if you meet all three of the following criteria:

1) Your use of the Spamhaus DNSBLs is non-commercial*,
and
2) Your email traffic is less than 100,000 SMTP connections per day,
and
3) Your DNSBL query volume is less than 300,000 queries per day.

*Definition: "non-commercial use" is use for any purpose other than as part or all of a product or service that is resold, or for use of which a fee is charged. For example, using our DNSBLs in a commercial spam filtering appliance that is then sold to others requires a data feed, regardless of use volume. The same is true of commercial spam filtering software and commercial spam filtering services.

A company that uses our DNSBLs solely to filter their own email qualifies as a non-commercial user and may use our free public DNSBLs if that company's email volume and DNSBL query volume is below the free use limits. The same is true for any non-profit organization, school, religious organization, or private individual who operates their own mail server.


Running your own caching DNS server is a good idea anyway (as you help them to save bandwidth) and it's quite easy indeed. In Debian/Ubuntu with fixed IP it would be something like this:
Code:
apt-get install bind9
grep -v ^nameserver /etc/resolv.conf > /etc/resolv.conf.new
echo "nameserver 127.0.0.1" >> /etc/resolv.conf.new
mv /etc/resolv.conf.new /etc/resolv.conf

i.e. not something I would call a "nuisance".
Page 1 of 1 All times are UTC-04:00
Powered by phpBB® Forum Software © phpBB Group
http://www.phpbb.com/