[Greylist-users] How about implementing greylisting in rbldns ?

[Sirko Zidlewitz]

Hello Ed,

what I mean is implementing a new feature to  a dns server.

Typically every rbl solution like rblsmtpd in
qmail rejects a message when it gets an A record
back from a rbl dns server.

For instance, when sbl-xbl.spamhaus.org is the
rbl dns server and a connection ist made from
1.2.3.4 rblsmtpd makes a dns query for
4.3.2.1.sbl-xbl.spamhaus.org.

When the connecting ip is listed as a spam source,
typically the A record is a 127.0.0.X and the TXT record
is returned as error message in smtp dialog.

Now my suggestion:
(replace "rblsmtpd" with the rbl implementation
of your favourite MTA)

Modify rbldns to return a A record 127.0.0.X
when an ip is requested for the first time.
The returned TXT record should be something
like "451 Try again later, you are greylisted."

When the remote host connects again after
a recent intervall, the dns server returns
a host not found to rblsmtpd and the connection
to the MTA is allowed.

Got the point? For greylisting rbldns needs
to operate in a totally different way.

Maybe it would be better to write a totally
new dns server (maybe "greydnsd";-)), because
it has to store not only the usual A and TXT records,
but entries like firstseen, lastseen.
All entries with firstseen=lastseen<recent interval
have to be deleted regularly. The same for
entries firstseen<lastseen<another recent interval.

The advantage is you can use the normal
rbl implementation from your MTA for a simple greylisting.
It would work for mail clusters, because of a central greylist
database. And as long there is a rbl implementation for it,
it could be used with any MTA.


Regards
Sirko