http://www.rfc-ignorant.org/
http://www.rfc-ignorant.org/how_to_domain.php
http://www.megacity.org/software_downloads/rhsbl.m4
http://www.megacity.org/software_downloads/dnsbl.m4
http://www.rfc-ignorant.org/tools/lookup.php?domain=example.tld


How to Use Domain-Based Blacklist Zones

General Concepts

If someone presents you with:

MAIL FROM: <foo@example.tld>

then you should do a lookup on example.tld.dsn.rfc-ignorant.org, and bounce
or reject as you see fit.

The following is a quick reference for adding domain-based DNSBL support to
popular packages (if you don't see yours, figure it out and send
admin@rfc-ignorant.org a description of how to use it):

Sendmail

The standard dnsbl package in sendmail is useful for "standard" DNS-based
blacklists, where you want to compare IP addresses. Unfortunately, it
doesn't work at all when you want to do comparisons based on the
right-hand-side of the address.

That's where rhsbl.m4 comes in. It is designed to be copied into cf/feature,
and be referenced just like you would dnsbl, except that lookups will have
the right-hand-side of the address attached to the lookup. (NOTE: Sendmail
8.11.x and lower will have to replace the string "dnsbl" with the string
"host" in the rules, as it is designed to work with current 8.12 betas.)

For example, you might use:

FEATURE(rhsbl,`dsn.rfc-ignorant.org',`"550 Mail from domain " $`'&{RHS} " refused. MX of domain do not accept bounces. This violates RFC 821/2505/2821 - see http://www.rfc-ignorant.org/"')

FEATURE(rhsbl,`postmaster.rfc-ignorant.org',`"550 Mail from domain " $`'&{RHS} " refused. MX of domain does not have a working postmaster address - see http://www.rfc-ignorant.org/"')

Also available is a revised dnsbl.m4 which allows for a fourth argument `h',
which will toggle hostname lookups on. This is useful so that you could
reject based on the hostname of the connecting machine, say, for rejecting
servers where <postmaster@servername> doesn't work, or where
<abuse@servers_main_domain> doesn't work. (See disclaimers about dnsbl.m4 at
http://www.megacity.org/software.html.)

Essentially, since you're working with domain names in these zones, there's
two potential places you care about: Does the sender meet some criteria (as
determined by rhsbl.m4), and does the machine connecting to you meet some
criteria (as defined by the revised dnsbl.m4). Which ones you use are up
to you. 


How to Use IP-Based Blacklist Zones

General Concepts

The IP-based zones of the rfc-ignorant.org project use the standard "flipped
octets" notation of performing lookups.

If host 10.18.24.50 is connecting to you, you might perform a DNS lookup of
50.24.18.10.ipwhois.rfc-ignorant.org. If an A-record is returned, then the IP
address "meets the criteria for the zone".

Quick reference for adding DNSBL support to popular packages (if you don't
see yours, figure it out and send admin@rfc-ignorant.org a description of
how to use it):

Sendmail

Sendmail 8.10.x and above can make easy use of the included dnsbl m4 feature,
via adding the following line (or one like it) to your sendmail.mc file that
you build your .cf from:

FEATURE(dnsbl, `ipwhois.rfc-ignorant.org',`"550 Mail from " $&{client_addr} " refused. Rejected for bad WHOIS info on IP of your SMTP server - see http://www.rfc-ignorant.org/"')