reverse dns blocking home : internet : mail : toaster : filtering : RBL (real time blacklists) should I use RBLs?

Realtime BlackLists deny SMTP connections to your server. They have no concept of email addresses and can only block connections based on whether the remote address is listed or not. If someone is blacklisted, you only have a few choices:

  • a) use the blacklist and deny their connections
  • b) use the blacklist and whitelist specific IP's
  • c) don't use the blacklist

I prefer b. I strongly desire to block volumes of crap before my SMTP server has to deal with it. In the few cases where a remote server is misconfigured and gets blacklisted, I have no problems being one of many servers they can't send mail to until they get it fixed. This is a form of policing the internet and making careless, ill-informed, or just plain naughty mail server owners become good netizens.

Each RBL operator sets their policy for what they do and do not list. It is wise to read their policies and understand them. If a RBL is unjustly blocking too much for your organizations policies, you'll want to disable it.

You configure your blacklists in toaster-watcher.conf. The defaults are pretty reasonable for most situations.

How do I allow email from a blacklisted server?

  • set RBLSMTPD="" for the IP(s) in tcp.smtp

Additional Blacklist Info

A list of active RBL's is available here:

And a list of dead RBL's is here: If you have a RBL in that list being used, it might be wise to disable it.

How do I know RBLs are effective?

The ones we recommend using are all enabled by default in toaster-watcher.conf. You are welcome to adjust those as you see fit. The maillogs script will keep track of how many blocks each RBL collects. If you use RRDutil, it will read the maillogs counts and generate a pretty graph like this one:

should I use RBLs?

Last modified on 5/26/05.