Home

virbl.tee.gr

2006/06/28

Actually my previous post, together with me using virbl.dnsbl.bit.nl made me think how one can share such data between many email servers under the same administrative domain. Well the answer is fairly easy:

Publish them using rbldnsd. Rbldnsd reads text files, so all you have to do is dump the B-Tree data to a text file of type ip4tset (read rbldnsd(8)):

makemap -u btree /var/cache/local/virbl/virbl.db | awk '{print $1}'

Then instruct sendmail / postfix / whatever email server you are using to use the zone you publish with rbldnsd as a DNSBL.

At this time we have a rate of blocking ~3500 connections daily from infected machines with no complaints by any user (ours or remote).

You may use virbl.tee.gr at your own risk. Machines are listed in and delisted from it automatically. Any machine that gets listed is delisted within an hour. Sending viral email to our mail servers results in relisting it. It’s governing policy is described at http://www.postmaster.tee.gr/ in Greek.

An interesting observation I have made is that (infected) machines that target one set of mail servers do not necessarily target another set (eg. your servers) within the hour. So instead of using virbl.tee.gr (if you find it a good idea) it might suit you better to implement a similar scheme for your servers.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: