Spam blocking HOWTO using smtpfront-qmail for sme server

Release supported: sme 6.0, 6.0.1 (Note that 6.0beta release is not supported)

Author: Ray Mitchell -

Updated: 12 August 2004 v4c


Your sme server receives a lot of spam email and you want to reject it before it enters your servers mail system.

Current methods typically use Spamassassin or similar spam detection software. These methods are processor & memory intensive and still require user intervention to administer when reviewing spam email in the junk folder or Inbox prior to deletion.



sme server v6.0 (final release or better) has a feature in smtpfront-qmail which allows incoming messages to be rejected if the sender is on nominated Real Time Blacklist or Blocklist (RBL) lists. Note that this function was not available in earlier versions of sme server by default.

Email messages are rejected if the sender is identified on nominated RBL list(s), and as a result there is no further processing or manual checking required. In practice a large number of spam messages will be rejected, perhaps 50 - 75 % depending on which lists you use and the type of spam your system (email addresses) are exposed to.

A by product is that there will also be a significant reduction in virus infected email messages entering the server, probably due to the fact that virus infected messages come from similar sources as spam messages.

This method works OK for servers configured as Server & Gateway or Server Only as long as the mail server components are enabled (smtpfront-qmail & qmail) and the server has access to the Internet via another sme server or firewall.


Additional Information:

This feature should be used in conjunction with spam filtering software and virus scanning software, although these programs will have a lot less work to do. It has been tested on a server with Spamassassin and Clamavis-ng installed and works very effectively.

The RBL blocking feature and ASSP are not compatible with each other. You need to uninstall ASSP before using RBL blocking feature. Effectively ASSP is obseleted by RBL blocking.

RBL blocking should be compatible with other brands of spam & virus software based programs. They generally scan or filter the message after it has been accepted by the servers mail system.

RBL blocking occurs before the message is accepted, and if a detection occurs the message is rejected so it would never be scanned by secondary software based systems. Incompatibilities are therefore unlikely except with other programs that also use this method.

An additional feature which may be worth implementing is "Pattern matching blocking" using smtpfront-qmail, to reject messages that have executable content in attachments, which effectively includes a large number of currently known viruses. Additional patterns can be created to cover "new" viruses as they are "developed". Pattern matching acts as a "gross filter" to reject many known virus types, but a regularly updated virus scanner is still required to catch new viruses. See separate HOWTO for details on this.



This how to is based on forum posts and my own investigations, thanks particularly to Greg Zartman and thanks to Charlie Brady for implementing this feature in sme v6.0. Thanks also to Gordon Rowell for reviewing the HOWTO and suggesting some improvements.



Instal Procedure: (v6.0, 6.0.1 sme server only)

You will first need to decide which RBL list (or lists) to use.

See separate section below for information on RBL lists.

WARNING: Choose lists carefully and verify that the list characteristics match your requirements. DO NOT just add all the lists to the RBLList property as you may not receive email that you wish to receive. A safer approach is to add lists one at a time and verify that your system is functioning as required, then add further lists as needed (also one at a time).

All the lists shown below as "conservative" appear safe to use, and I have them all enabled on my system.

The lists shown below as "aggressive" block too many sites (also applies to some other lists not shown), and I DO NOT recommend their use.

Your requirements may be different to mine, so please assess the suitability of the lists for your own purposes.


Checking your installed version of e-smith-mailfront rpm

The RBLList feature only works if the correct version of e-smith-mailfront is installed.

It should be installed by default in a properly installed or upgraded system running sme server v6.0 or v6.0.1. Note that v6beta has an older version of the rpm & needs to be upgraded.

You MUST have this rpm installed (or a more recent version)


Note that if you have updated your system to support Pattern Matching (see seperate HOWTO) you may already have a more recent version




To check if the correct version is installed do

rpm -qi e-smith-mailfront

It should show (or similar)

Name : e-smith-mailfront
Version : 1.3.0 Release : 11
Build Date: Thu 11 Sep 2003 06:06:30 AM WST
Install date: Sat 10 Jan 2004 07:51:05 AM WST
Build Host:

If you have an older version of rpm listed


you should upgrade your system to the latest version of the sme operating system.

WARNING: Only proceed to the next step if you have the correct rpm installed, otherwise update your operating system first.



To enable RBL blocking for a single list do the following

/sbin/e-smith/config setprop smtpfront-qmail RBLList

/sbin/e-smith/expand-template /var/service/smtpfront-qmail/runenv

svc -t /service/smtpfront-qmail


To enable RBL blocking for multiple lists do the following

To add multiple RBLs to the RBLList property, delimit (separate) them with a colon

Note that using more lists will result in more queries being sent & received over your Internet connection. Some lists are included on other lists so be careful not to include "double listings" as these only result in extra unnecessary queries.


/sbin/e-smith/config setprop smtpfront-qmail RBLList

(the above should all be on one line)

/sbin/e-smith/expand-template /var/service/smtpfront-qmail/runenv

svc -t /service/smtpfront-qmail


To enable RBL blocking for all the conservative lists (as shown below) do the following

/sbin/e-smith/config setprop smtpfront-qmail RBLList

(the above should all be on one line)

/sbin/e-smith/expand-template /var/service/smtpfront-qmail/runenv

svc -t /service/smtpfront-qmail



To disable RBL blocking do the following

/sbin/e-smith/config delprop smtpfront-qmail RBLList

/sbin/e-smith/expand-template /var/service/smtpfront-qmail/runenv

svc -t /service/smtpfront-qmail


Real Time Blacklist or Blocklist (RBL) Information

As mentioned above, using more lists will result in more queries being sent & received over your Internet connection but should result in more spam being rejected.

Some lists are included on other lists so be careful not to include "double listings" as these only result in extra unnecessary queries, potentially slowing down the list servers response times.

Choose RBL lists carefully to ensure they meet your needs.

Some lists are very aggressive in the implementation of their "inclusion" policy, and while using those lists may block more spam they will also block legitimate messages.

You can read the "criteria for inclusion policies" on each list at the list owners web site. The web site addresses are readily discernible from the list names. See Web sites section below.

For example using the list will result in email messages from yahoo, hotmail & earthlink accounts being rejected. If you have legitimate users sending messages from those types of accounts, then do not use the list. This also applies to some other lists.

Inclusion on a list can happen for many reasons, including being a known spammer or having a dynamic dial up IP number or sending via open relay servers or having incorrect address information or being listed by a system admin after receiving a spate of unsolicited email. Inclusion on "conservative" lists usually requires a positive identification of spamming or similar type activity. It is possible for legitimate users to be listed as part of a "block listing" of an IP number range such as has happened with Telstra Bigpond, AOL & other "large" ISP's etc. These listings are generally temporary until the specific spam culprit is identified and has their account cancelled by the ISP.

Here is a list of what appear to be "conservative & safe" lists ie there is justifiable or provable reason for being included on these lists. This is by no means an exhaustive list but is the result of my own investigations and conclusions.

Note that all the lists except include open relays, so using these lists will block email sent via open relays.


Conservative lists - (a combination of the two spamhaus lists)

Registration required/Commercial list

Included on other lists mentioned above - (included in - (included in


Aggressive lists - (was


ISP non conforming list

(Note that too many legitimate ISPs do not conform to this lists requirements. The use of this list will cause too many legitimate messages to be blocked so its use is not recommended


Defunct lists



Web sites for further information

For a brief overview of the rblsmtpd program

For a brief overview of the tcpserver program


Checking the database entries

After you have enabled the RBLList property you can check your settings as follows

/sbin/e-smith/db configuration getprop smtpfront-qmail RBLList

which will give an output something like the following

(Note that your servers output may be different depending on your configuration)


If you want to check the complete entry for smtpfront-qmail do this

/sbin/e-smith/db configuration show smtpfront-qmail

which will give an output something like the following

(Note that your servers output may be different depending on your configuration)











For the benefit of users unfamiliar with some of the other settings:

MaxMessageSize controls the maximum size of smtp email messages including attachments

Patterns entries relate to the use of Pattern Matching blocking (see separate HOWTO)


Checking logs for effectiveness of blocking spam messages

By reviewing /var/log/smtpfront-qmail/current and var/log/smtpfront-qmail/* you can see the entries for rejected messages and generally enough information as to why the rejection occurred, and therefore see the effectiveness of RBL list blocking. Note that you will only see these type of entries after blocking has been enabled and messages have been rejected.

If you do not see all of the types of entries shown below, it would most likely be due to NOT having the particular RBL list enabled.

Enable more lists, as per the "conservative" lists above, then you will get a higher rejection rate and see more types of entries in the logs.

You can view date formatted logs using the Server Manager View log files panel


To see ALL the log entries do

grep "" /var/log/smtpfront-qmail/current | tai64nlocal



To see only the rejected message entries and the reason for rejection do

grep rblsmtpd /var/log/smtpfront-qmail/current | tai64nlocal

Here is an example of some typical entries

2004-04-15 13:19:17.256098500 rblsmtpd: pid 24955: 451 has inaccurate or missing WHOIS data at the RIR

2004-04-15 13:19:53.769569500 rblsmtpd: pid 24961: 451 Dynamic IP Address See:

2004-04-15 14:20:47.275359500 rblsmtpd: pid 26931: 451

2004-04-15 15:46:25.334425500 rblsmtpd: pid 29623: 451 Spam Received See:

2004-04-15 15:49:07.352709500 rblsmtpd: pid 29728: 451 Inaccurate or missing WHOIS data

2004-04-15 15:51:26.127937500 rblsmtpd: pid 29768: 451