search

tophitter / peerblock

Automatically exported from code.google.com/p/peerblock
Other
0 stars 0 forks source link

RBL support (Real-time Blackhole Lists) #277

Open GoogleCodeExporter opened 8 years ago

GoogleCodeExporter commented 8 years ago 
Request originally posted on our forums:
(http://forums.peerblock.com/read.php?5,4475)

Basically, the requestors would like to be able to use an anti-spam system
such as dnsbl.sorbs.net or slb-xlb.spamhaus.org to determine whether or not
a specific network packet should be blocked.

More information on RBLs can be found on Wikipedia:
(http://en.wikipedia.org/wiki/DNSBL)

Original issue reported on code.google.com by peerbloc...@gmail.com on 2 Mar 2010 at 8:01

GoogleCodeExporter commented 8 years ago 
I'm not too sure how well the concept of RBLs would apply to a whole-machine
filtering program like PeerBlock.  

My understanding is that this is generally used by mailservers to determine 
whether a
particular message should be routed or dropped as presumed-spam.  To query a 
RBL to
see if IP address 11.22.33.44 should be blocked you make a DNS Request to e.g.
11.22.33.44.rbl.example.net - if it responds with an IP address it should be 
blocked,
otherwise it says no such name exists in which case it can be allowed.

While mailservers would be much more tolerant of the lag time such a request 
would
induce, if we were delaying a packet by a few dozen msec that could cause 
problems
for most "regular" network applications.  Even if we cache results for a certain
period of time, the first time we encounter a new uncached IP address we will 
subject
that packet to an N msec delay while we check DNS.

Still, if people feel this would be a useful addition to PeerBlock, please Star 
this
issue and we will take note of it and look into it as a possible future 
feature.  If
you can comment on potential use-cases for such a feature - and/or correct any
misunderstanding of this that I may have - that would be even better.

Original comment by peerbloc...@gmail.com on 2 Mar 2010 at 8:12

GoogleCodeExporter commented 8 years ago 
I add my vote for this, i use peerblock as an antispam for my exchange gateway 
and it s very good for this.

I did build my own lists based on country IP adresses but i would love to see 
RBL implemented.

To reduce the delay i suggest adding the RBL checking on port 25 only.

Original comment by TomTh...@gmail.com on 20 Sep 2010 at 2:11