BLD(8) System Manager's Manual BLD(8)NAME
bld - A black list daemon
SYNOPSIS
bld -h | [option]
OPTIONS -v Output version information and exit
-n Do not fork to become a daemon
-a address
Address to bind to
-p port
Port to listen to
-l number
Log verbosity (between 0 and 3)
-t number
Minimum time interval before blacklisting
-m number
Maximum submissions in time interval
-i number
IP list size
-b number
Blacklist size
-e number
Blacklist expiration
-P filename
Filename where to save PID
-T number
Timeout for client connections
-u user
User to run as
-g group
Group to run as
-f filename
Use a specific configuration file
-A filename
Filename where to find ACLs
-W filename
Filename where to find whitelist
-B filename
Filename where to store blacklist
-I filename
Filename where to store whole IP list
DESCRIPTION
By default, the bld daemon listens to requests on port 2905. Requests are either IP addresses submissions or checks against the black
list.
bld uses a very simple algorithm to decide whether to add IP addresses to the blacklist or not. The first time an IP address is submitted,
it is added to an internal list with a timestamp and all further requests increment a counter for this IP. As soon as the minimum time
interval is elapsed (default: 30 seconds), and if a maximum requests ratio is reached (default: 10 submissions in the 30 seconds interval),
the IP is put in the blacklist. It is then blacklisted for a configurable time (default: 900 seconds).
PROTOCOL
Requests sent to bld are rather simple. Each request or reply is followed by a linefeed and a carriage return. A client may only send one
request per TCP session. As of now, two commands may be used: ip (address submission) and ip? (ask if address is blacklisted).
ip=a.b.c.d submits an IP address. The server acknowledges either with a 200 code if the address is not blacklisted or a 421 if it is.
ipdecr=a.b.c.d decrements the internal counter for an IP address. The lowest value for the counter is zero. The server always acknowl-
edges with a 200 code.
ip?=a.b.c.d asks if address is blacklisted. The server reply may be 421 if it is or 200 if it's not.
ipbl=a.b.c.d forces the insertion in the blacklist. The server acknowledges with a 200 code.
If using IP based restrictions, the server reply may be 600 if the client is not in the correct ACL to perform a request. Any other error
will generate a reply with a 500 error code.
NOTES
bld binds to localhost by default and accepts any local request, so please make sure that only trusted users can establish a connection to
the daemon. Please check that all authorized hosts meet the minimal security requirements before changing this parameter even if using an
access control list (see bld_acl.conf(5)).
bld will log some statistics if it receives the SIGUSR1 signal. SIGUSR2 is used to force a dump of both lists in bld working directory.
FILES
/etc/bld/bld.conf /etc/bld/bld_acl.conf /etc/bld/bld_whitelist.conf /var/run/bld/bld.pid /var/run/bld/bld_iplist.dump
/var/run/bld/bld_blacklist.dump
SEE ALSO bld.conf(5)bld_acl.conf(5)bld_whitelist.conf(5)bldread(8)bldquery(8)bldsubmit(8)blddecr(8)AUTHOR
Olivier Beyssac <obld@r14.freenix.org>
August 2004 BLD(8)
Check Out this Related Man Page
DNSBLOG(8) System Manager's Manual DNSBLOG(8)NAME
dnsblog - Postfix DNS white/blacklist logger
SYNOPSIS
dnsblog [generic Postfix daemon options]
DESCRIPTION
The dnsblog(8) server implements an ad-hoc DNS white/blacklist lookup service. This may eventually be replaced by an UDP client that is
built directly into the postscreen(8) server.
PROTOCOL
With each connection, the dnsblog(8) server receives a DNS white/blacklist domain name, an IP address, and an ID. If the IP address is
listed under the DNS white/blacklist, the dnsblog(8) server logs the match and replies with the query arguments plus an address list with
the resulting IP addresses, separated by whitespace, and the reply TTL. Otherwise it replies with the query arguments plus an empty
address list and the reply TTL; the reply TTL is -1 if there is no reply, or a negative reply that contains no SOA record. Finally, the
dnsblog(8) server closes the connection.
DIAGNOSTICS
Problems and transactions are logged to syslogd(8).
CONFIGURATION PARAMETERS
Changes to main.cf are picked up automatically, as dnsblog(8) processes run for only a limited amount of time. Use the command "postfix
reload" to speed up a change.
The text below provides only a parameter summary. See postconf(5) for more details including examples.
config_directory (see 'postconf -d' output)
The default location of the Postfix main.cf and master.cf configuration files.
daemon_timeout (18000s)
How much time a Postfix daemon process may take to handle a request before it is terminated by a built-in watchdog timer.
postscreen_dnsbl_sites (empty)
Optional list of DNS white/blacklist domains, filters and weight factors.
ipc_timeout (3600s)
The time limit for sending or receiving information over an internal communication channel.
process_id (read-only)
The process ID of a Postfix command or daemon process.
process_name (read-only)
The process name of a Postfix command or daemon process.
queue_directory (see 'postconf -d' output)
The location of the Postfix top-level queue directory.
syslog_facility (mail)
The syslog facility of Postfix logging.
syslog_name (see 'postconf -d' output)
A prefix that is prepended to the process name in syslog records, so that, for example, "smtpd" becomes "prefix/smtpd".
SEE ALSO smtpd(8), Postfix SMTP server
postconf(5), configuration parameters
syslogd(5), system logging
LICENSE
The Secure Mailer license must be distributed with this software.
HISTORY
This service was introduced with Postfix version 2.8.
AUTHOR(S)
Wietse Venema
IBM T.J. Watson Research
P.O. Box 704
Yorktown Heights, NY 10598, USA
Wietse Venema
Google, Inc.
111 8th Avenue
New York, NY 10011, USA
DNSBLOG(8)