Bind, Sendmail and RBL

Thu Sep 28 22:20:17 UTC 2000

You have set up your name server as slave to the zone rbl.maps.vix.com so 
that you don't have to query over the internet to resolve these names. You 
still need to look them up as is.  You are not in any way modifying the 
zone, just moving it closer (possibly onto the same server).

Your problem is not with bind but with your sendmail configuration.  You 
are trying to tell sendmail to use your local server but instead have told 
it to look up 2.0.0.127.your.name.server. 

For proper configuration:

Point your resolver to your local name server in /etc/resolv.conf or 
appropriate depending on your os.

Use FEATURE(dnsbl) within your sendmail mc file.  This is the same as FEATURE(dnsbl, rbl.maps.vix.com) which is the 
default.

dnsbl stands for DNS Block.  rbl.maps.vix.com is the default domain if one 
is not specified.  If you specify a domain it is used instead.  The 
"FEATURE(dnsbl, example.com) allows you to define your own dns database 
,example.com, for rejection instead of using the one from MAPS.

DNS queries will go to the local configured server which as slave is 
authoritative and will respond without the need for recursion. 

Good Luck,

Mike

--
Mike Ashcraft, Sr. Network Engineer
epixtech, Inc.
M.Ashcraft at epixtech.com

"Jorg B." <jorg_b at cwo.com>
Sent by: bind-users-bounce at isc.org
09/27/00 09:20 PM

        To:     bind-users at isc.org
        cc: 
        Subject:        Bind, Sendmail and RBL

Hello,

I have a problem using the RBL with sendmail (8.11.0) and since it ties in 
with
Bind I thought this may be a good place to ask this question:

I'm running Bind 8.2.2P5 on a dedicated Linux Box.
The DNS server has been running fine for years (serving ~8000 users) and
everything seems to be working the way it should be. I have a subscription 
via
DNS to be a stealth slave of the rbl.maps.vix.com zone. 
I'm getting regular updates (zone transfers) from the master RBL server,
therefore I know that this part works.

Here is what I have within my named.conf file:

zone "rbl.maps.vix.com" 
{ 
  type slave; 
  file "sec/rbl.maps.vix.com"; 
  allow-transfer { none; }; 
  masters {204.152.184.74; }; 
};

Now to sendmail:

I have FEATURE(dnsbl, `ns.domain.com') within my sendmail mc file... 
(where
ns.domain.com is my DNS server that is our RBL stealth slave).
Now, when I run the following test I don't pass the test.... even as 
127.0.0.2
the ruleset doesn't reject the request... (as 127.0.0.2 it should reject 
the
message).

        $ sendmail -bt -C /config/to/test/sendmail.cf
        .D{client_addr}127.0.0.1
        Basic_check_relay <>
        rewrite: ruleset 192   input: < >
        rewrite: ruleset 192 returns: OK
        .D{client_addr}127.0.0.2
        Basic_check_relay <>
        rewrite: ruleset 192   input: < >
        rewrite: ruleset 192 returns: OK
        CTRL/D

When I use FEATURE(dnsbl) within my sendmail mc file, which uses the 
public
RBL server, it seems to work just fine (see below).

        $ sendmail -bt -C /config/to/test/sendmail.cf
        .D{client_addr}127.0.0.1
        Basic_check_relay <>
        rewrite: ruleset 192   input: < >
        rewrite: ruleset 192 returns: OK
        .D{client_addr}127.0.0.2
        Basic_check_relay <>
        rewrite: ruleset 192   input: < >
        rewrite: ruleset 192 returns: $# error $@ 5 . 7 . 1 $: "Mail from 
" 127 . 0 . 0 . 2 " refused; see http://maps.vix.com/cgi-bin/lookup?127.0.0.2"
        CTRL/D

Does anybody have experience with this ? What am I missing ?

Thanks for your help.

Jorg B.