Please note that this is not the actual http://www.rfc-ignorant.org/how_to_domain.html webpage, but a suggested revised version of it by Allen Smith.

How to Use Domain-Based Blacklist Zones

General Concepts

If someone presents you with:

MAIL FROM: <foo@example.tld>

then you should do a lookup on example.tld.dsn.rfc-ignorant.org, and bounce or reject as you see fit.

Quick reference for adding domain-based DNSBL support to popular packages (if you don't see yours, figure it out and send admin@rfc-ignorant.org a description of how to use it):

Sendmail

The standard dnsbl package in sendmail is useful for "standard" DNS-based blacklists, where you want to compare IP addresses. Unfortunately, it doesn't work at all when you want to do comparisons based on the right-hand-side of the address.

That's where rhsbl.m4 comes in. It is designed to be copied into cf/feature, and be referenced just like you would dnsbl, except that lookups will have the right-hand-side of the address attached to the lookup. (NOTE: Sendmail 8.11.x and lower will have to replace the string "dnsbl" with the string "host" in the rules, as it is designed to work with current 8.12 betas.)

For example, you might use:

FEATURE(rhsbl,`dsn.rfc-ignorant.org',`550 You do not accept bounces. This violates RFC 821/2505/2821 - see http://www.rfc-ignorant.org/')

FEATURE(rhsbl,`postmaster.rfc-ignorant.org',`550 Mail rejected as your domain does not have a working postmaster address - see http://www.rfc-ignorant.org/')

Also available is a revised dnsbl.m4 which allows for a fourth argument `h', which will toggle hostname lookups on. This is useful so that you could reject based on the hostname of the connecting machine, say, for rejecting servers where <postmaster@servername> doesn't work, or where <abuse@servers_main_domain> doesn't work. (See disclaimers about dnsbl.m4 at http://www.megacity.org/software.html.)

Essentially, since you're working with domain names in these zones, there's two potential places you care about: Does the sender meet some criteria (as determined by rhsbl.m4), and does the machine connecting to you meet some criteria (as defined by the revised dnsbl.m4). Which ones you use are up to you.

Exim

provided by Philip Hazel <ph10@cus.cam.ac.uk>

It is possible to make use of rfc-ignorant.org from Exim, but in the current 3.xx releases, the error message that is given when a message is rejected is

550 rejected: cannot route to sender <x@example.tld>

which, although in some sense true, is not very helpful. In the forthcoming Exim 4 release (ETA 1Q2002) it will be possible to use rfc-ignorant.org "properly".

QMail

provided by Ask Bjoern Hansen <ask@develooper.com>

Ask has done some experimental work with mating qmail and the domain based dnsbls. His work can be found at http://develooper.com/code/qpsmtpd/.

Valid HTML 4.01!