Sendmail administrators using FEATURE(dnsbl) may have noticed that ruleset check_rcpt is executed after all connected milters have executed the corresponding xxfi_*() routines.

Wouldn’t it be better if a milter (in fact the first in order) could block a connection based on a list of DNSBLs?

That is why I wrote my first milter, milter-dnsbl (download). milter-dnsbl has no configuration file; on startup it takes a number of arguments that allow you to specify a number of DNSBLs, plus whitelists published via DNS, or based on the domain name of the connecting host. It requires a running lwresd(8) which it uses as a caching server. Read the manpage that comes with the source code distribution.

milter-dnsbl is distributed with an OpenBSD-style license and has been tested on an Ubuntu 6.06 i386 server.

4 Responses to “milter-dnsbl”

  1. stsimb Says:

    a) If sender is smtp-authenticated, how can you bypass this milter (or any milter) so that the email will be sent even though this (or another) milter would return discard/reject?

    b) How can you bypass the dnsbl checks for specific users (who want to receive all emails, even those from listed ip addresses) ?

    Just food for thought :)

  2. adamo Says:


    a) milter-dnsbl does not yet deal with SMTP-AUTH issues. It will deal with it when I implement it on our systems.

    b) milter-dnsbl as is designed right now, suits best the needs of an organization with a central, not a per user, policy.

  3. Rick Says:

    spamass-milter can and does get bypassed when using smtp-auth

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: