reresolv

Perl regular expression RBL DNS server

While studying various spam-fighting techniques, it has started to become clear to me that the correct solution is (and has always been) stopping spam from even entering your network. This means blocking email at the front door and rejecting anything from identified IP addresses.

"Realtime Blackhole Lists" are managed via DNS queries. They act like standard "in-addr.arpa" lookups, but use a different domain, and look up "A" records instead of "PTR" records. If a record is found as "127.0.0.2" then the IP address is considered to be part of that RBL. Sendmail and many other MTAs support arbitrary RBLs.

RBLs are built usually by hand, and list individual IP addresses, and sometimes whole network segments. This is difficult to maintain, and while looking at the lists of hosts sending me email, it became obvious that two major patterns existed for hosts that sent spam:

  1. Have no DNS name (DNS queries return 'NXDOMAIN').
  2. Hosts with IP, MAC, or inventory numbers encoded in their name.
It seemed to me that a simple set of regular expressions could flag almost 85% of the hosts, and I set out to find a way to use regexs as an RBL.

As it turns out, there didn't appear to be any regex-based DNS servers, which makes sense, considering all DNS servers are written to serve specific information. RBLs are just kind of a hack, piggybacking on the DNS protocols. Lucky for me, Perl has some excellent DNS server modules already written. I just had to harness their power, and hook up regexs.

To Do

The Software

Requirements

$Id: index.html,v 1.3 2003/08/10 10:22:56 nemesis Exp $