Atomicorp

Security for Everyone
https://forums.atomicorp.com/

DNSBL on plesk?

https://forums.atomicorp.com/viewtopic.php?t=2482

Page 1 of 1

DNSBL on plesk?

Posted: Tue Aug 26, 2008 1:41 pm
by exi1ed0ne
Here is something that I've been toying with for a couple hours and I thought I'd pick peoples brains to see if I'm just being crazy here.

I'd like to start up my own local DNSBL in Plesk's bare bones DNS tools. I've created a domain (blacklist.pessimists.net) and added A records for a few spammer domains that are pummeling Qmail at the moment. I added the "-r blacklist.pessimists.net" to the /etc/xinetd.d/smtp_psa file, and nada. I then tried wildcarding the domain with the same disappointing results.

Is this even possible?

Posted: Tue Aug 26, 2008 2:20 pm
by exi1ed0ne
Ok, I'm an idiot. DNSBL operates on IP address, not domain name. Still doesn't work, even though a dig returns a 127.0.0.2 for my test case.

Posted: Wed Aug 27, 2008 7:21 pm
by faris
It is quite easy to do, but somewhat convoluted.

1) Create an A record: blacklist.yourdomain.com -> youripaddress
2) For each IP you want to block, add an A record with the IP backwards, plus blacklist.yourdomain.com, pointing to 127.0.0.2 (which is the univeral-ish way to indicate a positive hit in a dnsbl.

For example if you want to block 1.2.3.4 you would have an A record like this:

4.3.2.1.blacklist.yourdomain.com A 127.0.0.2

(you can also add a TXT record for 4.3.2.1.blacklist.yourdomain.com saying "bog off spammer" or something.)

Then in your /etc/xinetd.d/smtp_psa you'd have -r blacklist.yourdomain.com

Job done.
(incidentally you can also use the same thing for a whitelist - just add "-a whitelist.yourdomain.com" in the smtp_psa and use whitelist instead of blacklist when addint the IP A recrords)

On this subject, would anyone like to educate me on how to use wildcards for blacklists, for the A records and the TXT records?

*.x.x.x.blacklist.yourdomain.com don't seem to work.

Maybe I should just leave off the last (first) digit completely?

Faris.

Posted: Thu Aug 28, 2008 7:15 am
by exi1ed0ne
Yup, did all that. (Although I created a separate domain rather than just an A record to keep the DNS lists a bit separated.) The goal was to look for class C networks that sent a threshold of spam, say 5 a day (configurable) and blacklist them for 24 hours.

It was the wildcarding that I couldn't get working correctly. I suppose I could just add the naughty folks to the qgreylist blacklist. . .
All times are UTC-04:00
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited