(for use with Sendmail)

A recent trend among spammers is to start up their own mail servers connecting to the internet via the likes of ADSL for a short time to send a large amount of spam, disconnecting and then reconnecting. Every time they reconnect they get a different IP address.

This kind of behaviour will not usually be caught by third party relay checks like ORDB (Open-relay Database) because sometimes SMTP connections are filtered from outside and/or because the SMTP server is not running permanently on a fixed IP address.

In place of this you can use to block connections but it takes a few reports of a spammer's activity before the IP address is registered in that RBL. We've found in the past that this hasn't been so useful because by the time an IP address gets registered in the database the spammer has usually reconnected and has a different IP address.

Here at, volunteers analyse any spam they get an register it straight away into the RBL. Once registered the IP address will become effective in the RBL no later than 30 mins after registration.

Because the IP addresses registered in are automatically deleted after 2 days there should be no problems caused for the next user who is allocated the IP address that the spammer was using.

How to use

You will need an MTA (Mailer Transport Agent) such as Sendmail. For Sendmail, add the following to your sendmail .mc file:
and then rebuild Once you've rebuilt it copy into the fixed location and restart Sendmail.

Now once an IP connects to your server, the IP is reversed (eg. becomes, prepended to "" and a DNS query is perfomed using this hostname. If the IP address is registered in then the DNS query will yield a reply of upon which Sendmail will block the connection. Otherwise there will be simply no IP returned from the DNS query and the connection will be allowed to the SMTP server.

Confirming things are working

After a little bit of time has passed (for a registered server to try and connect to your mail server) look at the maillog. Run the following command:
$ grep /var/log/maillog
If you get one or more results similar to the following (with different IPs/addresses most probably) then things are working. Of course nothing will be logged uf no connections have been refused.

Nov 16 22:10:54 mail sendmail[55512]: ruleset=check_relay,, arg2=, [], reject=550 5.7.1 Rejected: listed at

Warning: If you want to use both and please refer to's information here for the appropriate configuration.

RBL.JP Services Top