Why do you need your own blacklist, bl, RBL or DNSBL?
Because
1. It takes very long time to add IP you want to the blacklist while spam mails keep coming everyday.
2. You have to register, verify, login and you have to submit sample spam mail to the DNSBL site.
3. For your own list, you can add, delete or query as many times as you want.
How does a DNSBL work?
DNSBL is a non-recursive DNS server. The mail server convert the IP address of every incoming SMTP connection and check against one or more blacklist sites.
Single blacklist IP 180.250.93.188
09/15/14 05:51:19:868 — (6352) Connection from: 180.250.93.188 – Originating country : Indonesia
09/15/14 05:51:21:743 — (6352) Resolving 180.250.93.188 – Error resolving IP address (DNS Server Reports Query Server Error)
09/15/14 05:51:21:743 — (6352) 180.250.93.188 – Mail from: coventrieszh6@bk.ru To: f6e14b6@lvknet.com will be rejected
Class C blacklist IP 196.27.76.x
09/15/14 17:22:21:964 — (10640) Connection from: 196.27.76.223 – Originating country : Mauritius
09/15/14 17:22:27:058 — (10640) Resolving 196.27.76.223 – ADSL-TPLUS-76-223.telecomplus.net
09/15/14 17:22:27:073 — (10640) 196.27.76.223 – Mail from: order@zodiacsalespromotions.co.uk To: f6e14b6@lvknet.com will be rejected
Class B blacklist IP 189.111.x.x
09/15/14 19:12:26:042 — (10556) Connection from: 189.111.251.26 – Originating country : Brazil
09/15/14 19:12:48:244 — (10556) Resolving 189.111.251.26 – 189-111-251-26.dsl.telesp.net.br
09/15/14 19:12:48:244 — (10556) 189.111.251.26 – Mail from: order@zodiacsalespromotions.co.uk To: f6e14b6@lvknet.com will be rejected
If the blacklist IP is 180.250.93.188
You can check if that IP is in blacklist by using nslookup
C:\Users>nslookup
Default Server: google-public-dns-a.google.com
Address: 8.8.8.8
> 188.93.250.180.dnsbl.lvknet.com
Server: google-public-dns-a.google.com
Address: 8.8.8.8
*** google-public-dns-a.google.com can’t find 188.93.250.180.dnsbl.lvknet.com: N
on-existent domain
(This means 180.250.93.188 is not in blacklist)
> 188.93.250.180.dnsbl.lvknet.com
Server: google-public-dns-a.google.com
Address: 8.8.8.8
Non-authoritative answer:
Name: 188.93.250.180.dnsbl.lvknet.com
Address: 127.0.0.2
(This means 180.250.93.188 is blacklist)
> 223.76.27.196.dnsbl.lvknet.com
Server: google-public-dns-a.google.com
Address: 8.8.8.8
Non-authoritative answer:
Name: 223.76.27.196.dnsbl.lvknet.com
Address: 127.0.0.3
(This means 196.27.76.223 or 196.27.76.1 to 196.27.76.254 are blacklist)
> 26.251.111.189.dnsbl.lvknet.com
Server: google-public-dns-a.google.com
Address: 8.8.8.8
Non-authoritative answer:
Name: 26.251.111.189.dnsbl.lvknet.com
Address: 127.0.0.4
(This means 189.111.251.26 or 189.111.0.1 to 189.111.255.254 are blacklist)
How to build your own blacklist?
Since Azure is free for 30 days, I’m going to implement DNSBL on Azure.
Once you setup virtual machine in Azure,
1. Add DNS server role.
2. Add DNS zone name (lvknet.com)
dnscmd localhost /zoneadd lvknet.com /primary /file lvknet.com.dns
3. Add BL deligation zone (DNSBL) (ns1 is a DNS server name or FQDN)
dnscmd localhost /recordadd lvknet.com dnsbl ns ns1
4. Add DNS sub zone name (dnsbl.lvknet.com)
dnscmd localhost /zoneadd dnsbl.lvknet.com /primary /file dnsbl.lvknet.com.dns
5. Add blacklist IP to dnsbl.lvknet.com
dnscmd DNSServerName /RecordAdd DNSZoneName ReverseBLip RecordType IPAddress
dnscmd ns1 /RecordAdd dnsbl.lvknet.com 188.93.250.180 A 127.0.0.2
dnscmd localhost /RecordAdd dnsbl.lvknet.com *.76.27.196 A 127.0.0.2
dnscmd 138.91.3.244 /RecordAdd dnsbl.lvknet.com *.111.189 A 127.0.0.2
Using excel to reverse your IP.
=D1&”.”&C1&”.”&B1&”.”&A1
Download DNSBL.txt from 1 Aug 2014 – 21 Sep 2014
DNSBL script
MySQL
PHP
Oracle VirtualBox
Windows Server
Exchange Server
Lync Server
SharePoint Server
