build RBL DNS untuk anti spam based ip address
Requirements:
MySQL server. Menggunakan mysql server. pastikan telah terinstall dengan baik. pada percobaan kali ini dengan Os CentOs 6.5
persiapkan database, username dan password untuk akses mysql. create database misal: rbldns
mysql> create database rbldns;
mysql> grant all privileges on rbldns.* to 'rbldns'@'localhost' identified by 'rbl1231';
lalu create table ips di database rbldns;
CREATE TABLE `ips` (
`id` int(16) NOT NULL AUTO_INCREMENT,
`ipaddress` varchar(40) NOT NULL DEFAULT '',
`dateadded` datetime NOT NULL DEFAULT '0000-00-00 00:00:00',
`reportedby` varchar(40) DEFAULT NULL,
`updated` datetime DEFAULT NULL,
`attacknotes` text,
`b_or_w` char(1) NOT NULL DEFAULT 'b',
PRIMARY KEY (`id`),
KEY `dateadded` (`dateadded`),
KEY `b_or_w` (`b_or_w`)
) ENGINE=MyISAM AUTO_INCREMENT=189220 DEFAULT CHARSET=latin1 COMMENT='spammer list';
sampai di sini database untuk rbl dns sudah siap. RBL DNS daemon. menggunakan rbldnsd (http://www.corpit.ru/mjt/rbldnsd.html).
installasi
# wget -c "http://www.corpit.ru/mjt/rbldnsd/rbldnsd-0.997a.tar.gz"
# tar -xvf rbldnsd-0.997a.tar.gz
# cd rbldnsd-0.997a
# ./configure
# make
# cp -a rbldnsd /usr/local/sbin/rbldnsd
Konfigurasi
tambahkan user rbldns yang akan digunakan sebagai daemon user:
useradd rbldns
create directory
# mkdir -p /var/lib/rbldns/{dsbl,log}
create file konfig
# touch /var/lib/rbldns/dsbl/{dsbl,rbl,forward,spammerlist,whitelist,rbl.log}
# touch /var/lib/rbldns/log/rbl.log
unduh file rebuild rbldns yang akan digunakan untuk export dari mysql ke dalam bentuk file txt (spammerlist).
# wget -O /usr/local/bin/rebuild_rbldns.pl http://www.blue-quartz.com/rbl/rebuild_rbldns.txt
chmod 750 lalu edit
# chmod 750 /usr/local/bin/rebuild_rbldns.pl
# vim /usr/local/bin/rebuild_rbldns.pl
edit user, pass, nama database yang sesuai.
#!/usr/bin/perl
# rebuild_rbldns.pl
# Copyright (c) 2006 by Herb Rubin herbr@pfinders.com covered under GPL license
$version = "1.01"; # Mar 20, 2009
#
# Purpose: rebuild a flatfile of IP addresses from mysql ips table for RBL blacklist server
# Expects: database table named ips
#
# CREATE TABLE `ips` (
# `ipaddress` varchar(15) NOT NULL default '',
# `dateadded` datetime NOT NULL default '0000-00-00 00:00:00',
# `reportedby` varchar(40) default NULL,
# `updated` datetime default NULL,
# `attacknotes` text,
# `b_or_w` char(1) NOT NULL default 'b',
# PRIMARY KEY (`ipaddress`),
# KEY `dateadded` (`dateadded`),
# KEY `b_or_w` (`b_or_w`)
#) ENGINE=MyISAM DEFAULT CHARSET=latin1 COMMENT='spammer list';
#
# Begin User Defined Section
#----------------------------
my $blacklist_file = "/var/lib/rbldns/dsbl/spammerlist";
my $whitelist_file = "/var/lib/rbldns/dsbl/whitelist";
my $rbl_domain = "rbldns.abc.co.id";
my $mysql_user = "rbldns";
my $mysql_pass = "pass";
my $mysql_database = "rbldns";
my $mysql_host = "localhost";
my $datasource = "dbi:mysql:database=$mysql_database;host=$mysql_host";
my $temp_file = "/var/lib/rbldns/dsbl/templist";
#----------------------------
# End User Defined Section
$progname = $0;
$progname = $1 if ($progname =~ /([\w\._]+)$/); # trim off path
use Getopt::Std;
use DBI;
$pid = $$;
&getopts("fhvV",\%Options);
&usage if ($Options{'h'}); # then exit
my $dbh;
if ($Options{"V"}) {
print "$progname version $version\n";
exit 0; # good exit
}
if ($dbh = DBI->connect($datasource, $mysql_user, $mysql_pass, { PrintError => 0, RaiseError => 0 }) ) {
#########################
# Logged in to database #
#########################
&build_file($blacklist_file, "b");
&build_file($whitelist_file, "w");
$dbh->disconnect;
} else {
#################################
# failed to connect to database #
#################################
print DBI->errstr . "\n" if ($Options{'v'});
print "Error: Could not connect to local MySQL database. (did password change?)\n";
exit 1; # bad exit
}
exit;
##########################
# subroutines start here #
##########################
sub usage {
print <<EOF;
$progname usage:
$progname [-hmtvV]
Rebuild the rbl dns flat file from a mysql database.
rbl means relay blacklist.
Recommendation: Run this as a cronjob on a regular basis.
where:
-h Display this help
-v Verbose mode
-V Show $progname version.
EOF
}
sub build_file {
###########################################################
# create a file from mysql, either blacklist or whitelist #
###########################################################
my ($file, $type) = @_;
if (open RBL, ">$temp_file") {
#########################################
# first line of file is always the same #
#########################################
print RBL ":127.0.0.2:spammer must die -netsysadmin k24-\n";
my $sql = "SELECT ipaddress FROM ips WHERE b_or_w='$type' ORDER BY dateadded, ipaddress";
my $sth = $dbh->prepare($sql);
$sth->execute;
my $count = 0;
while ($hash_ref = $sth->fetchrow_hashref) {
my $ipaddress = $$hash_ref{'ipaddress'};
#my $dateadded = $$hash_ref{'dateadded'};
#my $reportedby = $$hash_ref{'reportedby'};
#my $updated = $$hash_ref{'updated'};
#my $attacknotes = $$hash_ref{'attacknotes'};
#my $borw = $$hash_ref{'borw'};
$count ++;
if ($type eq "w") {
print RBL "!$ipaddress\n";
} else {
print RBL "$ipaddress\n";
}
}
close RBL;
`mv $temp_file $file`;
print "$count ips of type $type\n" if ($Options{'v'});
} else {
print "Failed to open $file for writing\n";
}
}
create file script daemon untuk rbl dns seperti dibawah ini: simpan dengan nama /etc/sysconfig/rbldnsd:
# My boot rbldnsd options
# -----------------------------------------
# TTL 35m, check files every 60s for changes, -f = smooth reloads
# -l logfilepath
# Please change 101.102.103.104 to your real public IP that you want the dns daemon to listen on
# Please change mydomain.com to your real domain name.
#
#RBLDNSD="-u rbldnsd -l /var/lib/rbldns/log/rbl.log -f -r/var/lib/rbldns/dsbl -b 192.168.1.50 rbldns.abc.co.id:ip4set:spammerlist,whitelist rbldns.abc.co.id:generic:forward"
OPTIONS="-u rbldns -p /var/run/rbldnsd.pid -l /var/lib/rbldns/log/rbl.log -f -r/var/lib/rbldns/dsbl -b 0.0.0.0 rbldns.abc.co.id:ip4set:spammerlist,whitelist rbldns.abc.co.id:generic:forward"
simpan dengan nama /etc/init.d/rbldnsd:
#!/bin/bash
#
# chkconfig: 2345 85 15
# description: rbldnsd is a DNS server designed for dnsbls.
# processname: rbldnsd
# pidfile: /var/run/rbldnsd.pid
# source function library
. /etc/init.d/functions
prog="rbldnsd"
lockfile=/var/lock/subsys/$prog
PID_FILE=/var/run/rbldnsd.pid
[ -e /etc/sysconfig/rbldnsd ] && . /etc/sysconfig/rbldnsd
RETVAL=0
start() {
echo -n $"Starting rbldnsd service: "
daemon /usr/local/sbin/rbldnsd $OPTIONS
RETVAL=$?
echo
[ $RETVAL -eq 0 ] && touch /var/lock/subsys/rbldnsd
}
stop() {
echo -n $"Shutting down rbldnsd service: "
killproc rbldnsd
RETVAL=$?
echo
[ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/rbldnsd
}
case "$1" in
start)
start
;;
stop)
stop
;;
restart|reload)
stop
start
RETVAL=$?
;;
condrestart)
if [ -f /var/lock/subsys/rbldnsd ]; then
stop
start
RETVAL=$?
fi
;;
status)
status -p $PID_FILE rbldnsd
RETVAL=$?
if [ $RETVAL -eq 3 -a -f $lockfile ] ; then
RETVAL=2
fi
;;
*)
echo $"Usage: $0 {start|stop|restart|condrestart|status}"
exit 1
esac
exit $RETVAL
start daemon rbldns
# chmod a+x /etc/init.d/rbldnsd
# /etc/init.d/rbldnsd start
lalu cek service apakah sudah listen atau belum:
[root@rbldns ~]# netstat -ntlpu | grep rbldns
udp 0 0 0.0.0.0:53 0.0.0.0:* 7237/rbldnsd
[root@rbldns ~]#
Jika sudah listen smpai dengan langkah ini sudah ready untuk digunakan.
Setting DNS untuk rbldns.abc.co.id
Agar RBL DNS dapat digunakan di mail server, khususnya zimbra maka kita perlu menambahkan dns ns record rbldns.abc.co.id (misalnya) ke dns manager dari abc.co.id
setting NS record
lalu setting a records daripada a.rbldns.abc.co.id
Pastikan Firewall Mikrotik sudah disetup port forwarding 53 udp dari ip 202.169.239.180 ke ip internal 192.168.1.50
Testing:
Untuk menguji apakah RBL DNS sudah berjalan sebelum diterapkan di mail server bisa dengan cara berikut: insert ip dengan perintah:
mysql> INSERT INTO ips SET ipaddress='207.126.164.135', reportedby='manual', attacknotes='spammers', b_or_w='b', dateadded=now(), updated=now();"
Jika sudah, lalu build dan restart services rbldnsd:
[root@rbldns tmp]# /usr/local/bin/rebuild_rbldns.pl;/etc/init.d/rbldnsd restart
Shutting down rbldnsd service: [ OK ]
Starting rbldnsd service: rbldnsd: listening on 0.0.0.0/53
rbldnsd: ip4set:spammerlist,whitelist: 20150518 022140: e32/24/16/8=189204/0/0/0
rbldnsd: generic:forward: 20140617 122159: e=0
rbldnsd: zones reloaded, time 0.2e/0.2u sec, mem arena=280 free=129 mmap=2960 Kb
rbldnsd: rbldnsd version 0.997a (23 Jul 2013) started (1 socket(s), 1 zone(s))
[ OK ]
[root@rbldns tmp]#
cek file spammerlist
[root@rbldns ~]# cat /var/lib/rbldns/dsbl/spammerlist | grep 207.126.164.135
207.126.164.135
[root@rbldns ~]#
ip yang diblok sudah masuk kedalam list,.
cek terakhir via lookup dig dns.
dian@it-infra ~ $ dig 135.164.126.207.rbldns.abc.co.id @202.169.239.180
; <<>> DiG 9.9.5-3-Ubuntu <<>> 135.164.126.207.rbldns.abc.co.id @202.169.239.180
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 64533
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;135.164.126.207.rbldns.abc.co.id. IN A
;; ANSWER SECTION:
135.164.126.207.rbldns.abc.co.id. 2100 IN A 127.0.0.2
;; AUTHORITY SECTION:
rbldns.abc.co.id. 1800 IN NS a.rbldns.abc.co.id.
;; ADDITIONAL SECTION:
a.rbldns.abc.co.id. 1800 IN A 202.169.239.180
;; Query time: 302 msec
;; SERVER: 202.169.239.180#53(202.169.239.180)
;; WHEN: Mon May 18 10:21:36 WIB 2015
;; MSG SIZE rcvd: 109
Jika ada answer, dengan results 127.0.0.2 , maka ip sudah masuk ke RBL DNS. dan sudah bekerja dengan baik. Jika tidak ada results, maka ip tidak diblok.
dian@it-infra ~ $ dig 35.64.102.117.rbldns.abc.co.id @202.169.239.180
; <<>> DiG 9.9.5-3-Ubuntu <<>> 35.64.102.117.rbldns.abc.co.id @202.169.239.180
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 50561
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;35.64.102.117.rbldns.abc.co.id. IN A
;; Query time: 134 msec
;; SERVER: 202.169.239.180#53(202.169.239.180)
;; WHEN: Mon May 18 10:23:38 WIB 2015
;; MSG SIZE rcvd: 59
dian@it-infra ~ $
Langkah terakhir memasang RBL DNS di zimbra mudah sekali, cukup seperti digambar bawah ini lalu save dan restart services
restart services amavis dan milter
zmamavisdctl reload
zmmtactl reload
Results:
