(for use with Sendmail)

Along with spam, another problem that has recently been plaguing businesses and people all over the world is computers infected with virii that send copies of themselves by e-mail to any e-mail addresses they find stored on an infected computer (eg. addresses found from the address book). Such virii send themselves as e-mail attachments and all it takes is for the recipient to open the attachment and then another computer becomes infected. keeps a list of IP addresses of servers found to be sending virus-infected e-mails for 2 days. MTAs (Mailer Transport Agents), such as Sendmail, do a DNS lookup to see if the IP address of a machine attempting to connect to it is registered in If there is a matching registered IP address, is returned, upon which the MTA refuses the machine's connection. Otherwise a non-existing hostname error is returned and the connection is accepted. Once 2 days has past since the registration of an IP address, the IP address' corresponding DNS record is removed. Read below for more information on how everything works.

How to use

To use you must setup an MTA, such as Sendmail, to perform a DNS query against

In your Sendmail .mc file add
and create a new configuration file. Then copy to the fixed location for your version of Sendmail. Finally, restart Sendmail.

When a machine attempts to connect to your MTA, the MTA does a DNS lookup against and if the IP is registered in is returned and the MTA rejects the connection.

The process can be illustrated more clearly with an example:

Lets say we have an SMTP server/PC X whose IP address is A volunteer (see Data Updating below for more information about registering IP addresses in finds X trying to send a virus-infected e-mail to one of his mail servers and registers X's IP address in The Anti-virus RBL system then creates a DNS entry in the form (this DNS record will exist for no more than 2 days (48 hours)).

Now say we have an MTA server Y configured to use X tries to make a connection to Y to deliver an e-mail (regardless of whether or not it is a virus-infected e-mail). Before Y will let X connect to its MTA, it does a DNS lookup based on X's IP in the format If the returned IP address is the MTA knows that X's IP address is registered in and rejects the connection. For any other mail server/computer whose IP address is not registered in (and hence there is no matching DNS record for (where x.x.x.x is its IP reversed)) then the DNS query results in a non-existing hostname error and the MTA knows it can accept the connection.

You can see if your address is registered in here.

Confirming things are working

After some time has elapsed there will be records in your maillog (/var/log/maillog). Run the following command to see:
$ grep /var/log/maillog
Warning: If you want to use both and please refer to's information here for the appropriate configuration.

RBL.JP Services Top