File: README

package info (click to toggle)
bld 0.3.4.1-4
  • links: PTS
  • area: main
  • in suites: buster, jessie, jessie-kfreebsd, squeeze, stretch, wheezy
  • size: 576 kB
  • ctags: 268
  • sloc: ansic: 2,333; sh: 175; makefile: 157; perl: 135; python: 36
file content (65 lines) | stat: -rw-r--r-- 3,162 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
 
What is it?
    BLD stands for "blacklist daemon" and is intended to serve a
    blacklist.  The blacklist is built by simply inserting IP addresses
    or by using submission rate limits based on a maximum number of
    submissions of the same IP address within a minimum time interval.
    You can build a BLD cluster by configuring the daemon to notify other
    similar daemon(s) every time an IP address is added to the blacklist.
    BLD was primarily designed to fight against dictionary-based spams
    (by making the MTA report to BLD any host that tries to send a mail
    to an unknown user) but can be used by any program.

    As of now, it is highly recommended to USE IT IN A SAFE ENVIRONMENT:
    access control is based on clients IP addresses.  This is why,
    by default, BLD binds to localhost and should not accept requests
    from a machine where non-trusted users can be logged in or establish
    network connections to via other means (PHP for example).


How does it work?
    BLD requests can be insertions (to add an address to the list),
    submissions (to add an address if its submission rate is too high),
    queries (to ask if an address is blacklisted) or decrements (to
    decrease the internal counter of submissions for an IP).

    BLD uses a very simple algorithm to decide whether to add submitted
    IP addresses to the blacklist or not.  The first time an IP address
    is submitted, it is added to an internal list with a timestamp and
    all further requests increment a counter for this IP.  As soon as
    the minimum time interval is elapsed (default: 30 seconds), and if
    a maximum requests ratio is reached (default: 10 submissions in the
    30 seconds interval), the IP is put in the blacklist.  It is then
    blacklisted for a configurable time (default: 900 seconds).


Can I use it with Postfix?
    Yes.  BLD v0.3.1 and later versions come with a README.postfix
    file and tools allowing BLD to be used as a policy server for
    Postfix.  You will need at least Postfix 2.1.

How can I configure a BLD cluster?
    Since v0.3.0, a BLD daemon is able to notify other BLD daemons about
    new addresses insertions in its blacklist.  You can do this with the
    "notifies_to" parameter in bld.conf(5).  There is a simple mechanism
    preventing against loops, allowing you to put a "notifies_to=B"
    on host A and a "notifies_to=A" on host B.  You should then configure
    your ACL correctly (see the `insert' action in bld_acl.conf(5)) to
    give the right permissions to each host.

Who did it?
    BLD has been written by Olivier Beyssac <obld@r14.freenix.org>
    and is released under the BSD license.  Its home page is at
    http://sites.google.com/a/r14.freenix.org/bld/

    Many thanks to:
	Pierre Beyssac <pb@fasterix.freenix.org> for his fixes
	Jean-Marc Drouaud <jm@drouaud.com> for his advices.

    And also to the following contributors:
	Samuel Tardieu <sam@rfc1149.net>
	Cyril Bouthors <cyril@bouthors.org>
	Oleg Milaenko
	Tim Bynum <tjbynum@timsplace.org>
	Bertrand Demiddelaer <bert@b3rt.org>
	Omniflux <omniflux@omniflux.com>
	David Cary Hart <DavidHart@TQMcube.com>