What is it?
BLD stands for "blacklist daemon" and is intended to serve a
blacklist. The blacklist is built by simply inserting IP addresses
or by using submission rate limits based on a maximum number of
submissions of the same IP address within a minimum time interval.
You can build a BLD cluster by configuring the daemon to notify other
similar daemon(s) every time an IP address is added to the blacklist.
BLD was primarily designed to fight against dictionary-based spams
(by making the MTA report to BLD any host that tries to send a mail
to an unknown user) but can be used by any program.
As of now, it is highly recommended to USE IT IN A SAFE ENVIRONMENT:
access control is based on clients IP addresses. This is why,
by default, BLD binds to localhost and should not accept requests
from a machine where non-trusted users can be logged in or establish
network connections to via other means (PHP for example).
How does it work?
BLD requests can be insertions (to add an address to the list),
submissions (to add an address if its submission rate is too high),
queries (to ask if an address is blacklisted) or decrements (to
decrease the internal counter of submissions for an IP).
BLD uses a very simple algorithm to decide whether to add submitted
IP addresses to the blacklist or not. The first time an IP address
is submitted, it is added to an internal list with a timestamp and
all further requests increment a counter for this IP. As soon as
the minimum time interval is elapsed (default: 30 seconds), and if
a maximum requests ratio is reached (default: 10 submissions in the
30 seconds interval), the IP is put in the blacklist. It is then
blacklisted for a configurable time (default: 900 seconds).
Can I use it with Postfix?
Yes. BLD v0.3.1 and later versions come with a README.postfix
file and tools allowing BLD to be used as a policy server for
Postfix. You will need at least Postfix 2.1.
How can I configure a BLD cluster?
Since v0.3.0, a BLD daemon is able to notify other BLD daemons about
new addresses insertions in its blacklist. You can do this with the
"notifies_to" parameter in bld.conf(5). There is a simple mechanism
preventing against loops, allowing you to put a "notifies_to=B"
on host A and a "notifies_to=A" on host B. You should then configure
your ACL correctly (see the `insert' action in bld_acl.conf(5)) to
give the right permissions to each host.
Who did it?
BLD has been written by Olivier Beyssac <firstname.lastname@example.org>
and is released under the BSD license. Its home page is at
Many thanks to:
Pierre Beyssac <email@example.com> for his fixes
Jean-Marc Drouaud <firstname.lastname@example.org> for his advices.
And also to the following contributors:
Samuel Tardieu <email@example.com>
Cyril Bouthors <firstname.lastname@example.org>
Tim Bynum <email@example.com>
Bertrand Demiddelaer <firstname.lastname@example.org>
David Cary Hart <DavidHart@TQMcube.com>