This patch adds DNSBL checks to qmail MTA software.

Code is written using qmail function libraries and coding standards, so if you can run qmail, you can run this patch too.

Because DNSBL allows you to reject spam and virus looking at the sender's ip address.

Existing software performs the DNSBL check mainly in two places:

• just after the client connects (like rblsmtpd)

this excludes the capability of the client to authenticate in any manner (smtp-auth, tls-cert), and so dialup authorized users (whose ip address is in the DNSBL databases) cannot send using the MTA

• in the queue pipeline (like qmail-rblchk)

this implies that the email was fully received and stored locally, and that the qmail-queue program (or some surrogate of it) has been executed (and this is more resource-consuming)

This patch lets the client to authenticate (using any method implemented), and then decides to perform the DNSBL check looking at the authentication status before the DATA SMTP command is performed. If the check fails, the server closes the SMTP conversation before receiving the mail, avoiding resource wasting.

 CONTROL FILES

        dnsbllist
             A list of dnsbl providers  that  qmail-smtpd  checks  to  identify
             blacklisted ip addresses.

             Exception:  If  the  environment variable DNSBLSKIP is set, qmail-
             smtpd ignores dnsbllist, and the dnsbl  check  is  not  performed.
             The check is skipped even if some other authentication method suc-
             cedeed and authorized the client to relay (smtp-auth or tls client
             certificate), or if RELAYCLIENT enviromnent variable is set.

Fabio Busatto