tcats.stop-spam.org
- Root Site
- TCATS Project
- Debt Collectors
- Tools
- News
- Global Whitelist
- Botnet Blacklist
- SnowShoe Blacklist
- Opt-Out Blacklist
- Combined Blacklist
© 2001 - 2009, stop-spam.org
Primary menu
-
BEST PRACTICES
- Our Policies
- Frequently Asked Questions
- Definitions and Terms
- Press Releases
- In the news
- Important Articles
- Can you join
- Can you use the list
- Implementing the list
- How much does it cost
- Service Providers
- Bulk Mailers
- General Businesses
- Mission Statement
NEWS & MEDIA
ONLINE APPLICATION
ADDITIONAL INFORMATION
CHARTER
www.stop-spam.org
1.253.475.5316
3831 Fawcett Avenue
Tacoma, WA US 98418
Welcome to the Carrot and the Stick BotNet Blacklist Project
Direct DNS Query
Sendmail
qmail
Exim
Procmail
Mercury 32
For example, TCATS' mail server IP is 64.142.96.151. The mail server or spam filter using our whitelist would attempt to resolve the address resource record (A RR) for 151.96.142.64.accept.tcats.stop-spam.org. The nameserver for accept.tcats.stop-spam.org will return the address 127.0.0.5 if the address exists on the whitelist. The IP address is arbitrary, but will not change. If the address does not exist, the DNS lookup will fail indicating that the sender is not on the whitelist.
For senders, after registering your address with TCATS, simply do a DNS lookup to verify that your address has been entered into the whitelist. For example, to test TCATS' mail server IP, you can run the following at your DOS or shell prompt:
If the IP has been entered into DNS, the above command will display the address 127.0.0.5
Using our blacklist is just as simple - instead of querying "accept.tcats.stop-spam.org" you would query "reject.tcats.stop-spam.org". Entries in the blacklist will return 127.0.0.10 instead of 127.0.0.5. Again, this is arbitrary and will not change.
Although we recommend using our official DNS servers, some larger organizations may prefer to do zone transfers to their local DNS servers. Zone transfers are currently open to anyone who wishes to do so. If you would like to run an official TCATS secondary name service, please feel free to contact us at support@stop-spam.org.
Exim provides flexible support for DNS blacklists and whitelists in its new ACL format, which was introduced in version 4.00. To configure Exim to use TCATS, add the following line to one or more of its ACL's (such as "acl_check_rcpt" in Exim's default configuration):
accept dnslists = accept.tcats.stop-spam.org=127.0.0.5
reject dnslists = bnbl.tcats.stop-spam.org=127.0.0.10
Since Exim's ACL rules are applied in the same order in which they're specified, the TCATS rules should be placed above any existing spam filtering rules.
"Add accept.tcats.stop-spam.org as an IP-address-based whitelist DNSbl with an expected result of 127.0.0.5 (if your MTA specifies expected results).
"Add bnbl.tcats.stop-spam.org as an IP-address-based blacklist DNSbl with an expected result of 127.0.0.10 (again, if your MTA specifies expected results)."
These instructions will work for Mercury/32 without modification (whitelists don't specify an expected result, but blacklists do).
To:
It is necessary for the -a argument to be called before any -r arguments, since the first list with a match will be the one applied. In this case, TCATS would only override any entries in the RBL database.
Then rebuild your sendmail cf by running "make" in /etc/mail, then restart sendmail.
NOTE: the set up below is not yet functional, but the list of IP addresses is available currently at
"http://bnbl.tcats.stop-spam.org/bnbl".
This list is easy to explain; it is a list of machines that are exploited and have sent spam to us or our clients. The machines on this list should NOT be sending any email at all. These are home computers and servers with viruses or that have been rooted or otherwise send spam.
This list is mostly to reject spam for illegal content such as drug spam, 419 scams, Rolex and other such sundry garbage.
IMPLIMENTING THE LISTS
Querying TCATS' DNS servers directly
The Carrot and the Stick Project uses the same DNS query/response syntax as DNSBL (DNS black list) systems. Given an email sender's IP address in its dotted-quad form, the octets are reversed and queried under accept..tcats.stop-spam.org for the whitelist and reject.tcats.stop-spam.org for the blacklist.For example, TCATS' mail server IP is 64.142.96.151. The mail server or spam filter using our whitelist would attempt to resolve the address resource record (A RR) for 151.96.142.64.accept.tcats.stop-spam.org. The nameserver for accept.tcats.stop-spam.org will return the address 127.0.0.5 if the address exists on the whitelist. The IP address is arbitrary, but will not change. If the address does not exist, the DNS lookup will fail indicating that the sender is not on the whitelist.
For senders, after registering your address with TCATS, simply do a DNS lookup to verify that your address has been entered into the whitelist. For example, to test TCATS' mail server IP, you can run the following at your DOS or shell prompt:
> nslookup 151.96.142.64.accept.tcats.stop-spam.org |
If the IP has been entered into DNS, the above command will display the address 127.0.0.5
Using our blacklist is just as simple - instead of querying "accept.tcats.stop-spam.org" you would query "reject.tcats.stop-spam.org". Entries in the blacklist will return 127.0.0.10 instead of 127.0.0.5. Again, this is arbitrary and will not change.
Although we recommend using our official DNS servers, some larger organizations may prefer to do zone transfers to their local DNS servers. Zone transfers are currently open to anyone who wishes to do so. If you would like to run an official TCATS secondary name service, please feel free to contact us at support@stop-spam.org.
Exim 4.0x and up
Exim provides flexible support for DNS blacklists and whitelists in its new ACL format, which was introduced in version 4.00. To configure Exim to use TCATS, add the following line to one or more of its ACL's (such as "acl_check_rcpt" in Exim's default configuration):
accept dnslists = accept.tcats.stop-spam.org=127.0.0.5
reject dnslists = bnbl.tcats.stop-spam.org=127.0.0.10
Since Exim's ACL rules are applied in the same order in which they're specified, the TCATS rules should be placed above any existing spam filtering rules.
Mercury 32
"Add accept.tcats.stop-spam.org as an IP-address-based whitelist DNSbl with an expected result of 127.0.0.5 (if your MTA specifies expected results).
"Add bnbl.tcats.stop-spam.org as an IP-address-based blacklist DNSbl with an expected result of 127.0.0.10 (again, if your MTA specifies expected results)."
These instructions will work for Mercury/32 without modification (whitelists don't specify an expected result, but blacklists do).
Procmail
Procmail can be used to check for whitelist entries. Download procmail-TCATS-wl.sh and call it from your procmailrc config file. An example proccmailrc might look like:# send to default location if the sender is whitelisted :0 w * ! ? /usr/local/bin/procmail-TCATS-wl.sh ${DEFAULT} # insert spam filters here # resort to default :0: ${DEFAULT} |
qmail
qmail uses a wrapper program, rblsmtpd, to query RBL blacklists. It also has built-in support for DNS whitelists such as The Carrot and The Stick Project. To configure qmail to use the TCATS whitelist and blacklist, you need to call the rblsmtpd command with some extra arguments. For example, you could change your /var/qmail/run script from:exec /usr/local/bin/tcpserver smtp rblsmtpd \ -r blackholes.mail-abuse.org \ qmail-smtpd 2>&1 |
To:
exec /usr/local/bin/tcpserver smtp rblsmtpd \ -a accept.tcats.stop-spam.org \ -r bnbl.tcats.stop-spam.org \ -r blackholes.mail-abuse.org \ qmail-smtpd 2>&1 |
It is necessary for the -a argument to be called before any -r arguments, since the first list with a match will be the one applied. In this case, TCATS would only override any entries in the RBL database.
Sendmail
Configuring Sendmail to query our whitelist requires a custom m4 configuration macro to be installed under your sendmail cf directory. Download tcats.m4 and save it as /usr/share/sendmail/cf/feature/tcats.m4 (the exact path may vary depending on your system). To use this new macro, add the following lines to your sendmail mc file:FEATURE (tcats, `bnbl.tcats.stop-spam.org', `accept.tcats.stop-spam.org', `Sorry, your address is blacklisted') |
Then rebuild your sendmail cf by running "make" in /etc/mail, then restart sendmail.