RELAYDB(8) BSD System Manager's Manual RELAYDB(8)NAMErelaydb — spam relay database
SYNOPSISrelaydb [-46bdlnrvw] [-B [+-]num] [-W [+-]num] [-m [+-]days]
[-f filename] [-i filename] [-t filename]
DESCRIPTIONrelaydb is a mail header analyzer that builds a database of IP addresses
either known as legitimate senders or spammers.
relaydb doesn't itself classify mails as legitimate or spam, that deci‐
sion needs to be reached through other means. Neither does relaydb block
spam itself. It merely provides a list of IP addresses to block through
other means, like spamd(8) and pf(4).
relaydb reads a single mail from stdin, analyzes the Received: header
lines and updates blacklist and whitelist counters for each IP address.
The options are as follows:
-4 Use only IPv4 addresses, ignoring IPv6 addresses.
-6 Use only IPv6 addresses, ignoring IPv4 addresses.
-a address
Use the given IP address directly.
-b Blacklist the sender of the mail.
-w Whitelist the sender of the mail.
-B [+-]num
Match addresses based on blacklist counter. +num matches coun‐
ters larger than num, -num matches counters smaller than num, num
matches counters equal to num.
-W [+-]num
Match addresses based on whitelist counter.
-d Delete addresses from the database that match the criteria
imposed by flags -46bwBWm.
-f filename
Database file, defaults to $HOME/.relaydb if not specified.
-i filename
Import a plain text file into the database. The format must
match that of relaydb-vl output, only the last field (last modi‐
fication time) is optional, defaulting to the current time.
-l List the IP addresses of the database. If -b is specified, only
hosts considered spammers are listed. If -w is specified, only
hosts considered non-spammers are listed. Otherwise, all hosts
are listed.
-m [+-]num
Match addresses based on their last modification time. The last
modification time of an address is set to the current time when
the address is inserted and whenever an address' counters are
changed. +num matches last modified more than num days ago, -num
matches less than num days ago, and num matches exactly num days
ago.
-n Don't read past the first Received: header. By default, relaydb
will process all Received: headers as long as the previous header
contained an address of a host in the whitelist, trusting the
previous host to not have inserted a fake Received: header. This
is useful to blacklist senders that send spam through mailing
list servers (or other known-good relays), but allows an attacker
to first establish a new whitelist entry for a new host, then
send spam from the same address, faking further Received: head‐
ers, to cause relaydb to blacklist those addresses, causing a
denial of service for these addresses.
-r Revert a previously made decision. For instance, if a mail has
been run through relaydb-b by mistake, running the same mail
through relaydb-rb will correct the mistake. This merely
reverts the first run, it doesn't count the mail as the opposite
type. To achieve this, the same mail has to be run through
relaydb-w additionally.
-t filename
Parse a spamd syslog file and increase the last modification time
of matching database entries to the time of the most recent spamd
connection. The file is expected to have the following format,
other lines are ignored:
Nov 20 09:32:19 host spamd[123]: 12.24.56.78: connected (1)
-v Produce more verbose output.
Using procmail recipes like the following ones, each incoming mail can be
run through a spam classifier (SpamAssassin, for instance) which tags any
detected spam with a X-Spam-Status: header. After tagging, all mails are
piped through relaydb with either the -b or -w option, to update the
database.
:0fw
| /usr/local/bin/spamc
:0c
* ^X-Spam-Status: Yes
| /usr/local/bin/relaydb -b
:0:
* ^X-Spam-Status: Yes
in-x-spam
:0c
| /usr/local/bin/relaydb -w
EXAMPLES
analyze mail and increase sender's blacklist counter
$ cat mail | relaydb-b
undo mistaken blacklist counter increment
$ cat mail | relaydb-rb
list whitelist entries which have blacklist counters > 100
$ relaydb-vlw -B +100
update last modification times of hosts that connected to
spamd recently
$ relaydb-t /var/log/daemon
delete all blacklist entries with zero whitelist counters
that haven't been updated within a month
$ relaydb-db -W 0 -m +30
SEE ALSOpf.conf(5), pfctl(8), spamd(8), spamd-setup(8)HISTORY
The relaydb command appeared in OpenBSD 3.3.
BSD Jan 8, 2003 BSD