Barracuda Reputation Block List (BRBL) – How to Use

Barracuda Reputation Block List (BRBL) – A Standard DNSBL Implementation

The Barracuda Reputation Block List (BRBL) utilizes a standard DNSBL (Domain Name System Block List) implementation that can be used to reduce spam volume on many popular email systems, including Microsoft Exchange, IBM Lotus Domino, sendmail, Postfix, and qmail, as well as by many antispam solutions such as the Barracuda Spam & Virus Firewall. DNSBL systems list IP addresses, often those that have been observed by the list operator to be sending spam or hosting spammers. By adding DNSBL entries to an email server configuration, those email servers can either reject connection attempts from listed IP addresses or use that listing to apply appropriate filtering policy.

DNSBLs are sometimes called RBLs (Realtime Blackhole Lists), or just BLs (Block/Black lists).

It is important to note that a DNSBL cannot stop anyone from sending email. A DNSBL only prevents delivery at the receiving end at the receiver's instruction. DNSBLs are strictly defensive tools, and they cannot do any offensive damage such as denial of service attacks.

In general, DNSBL queries are structured by the inverse IP address as a subdomain of the DNSBL zone. For example, to check that the general DNSBL test address of 127.0.0.2 is listed in BRBL, you can query 2.0.0.127.b.barracudacentral.org with any DNS lookup tool. Examples are below:

Linux/Unix systems:

$ host 2.0.0.127.b.barracudacentral.org
2.0.0.127.b.barracudacentral.org has address 127.0.0.2

Windows systems:

C:\>nslookup 2.0.0.127.b.barracudacentral.org
Server: {Your DNS server hostname}
Address: {Your DNS server IP addresses}

Non-authoritative answer:
Name: 2.0.0.127.b.barracudacentral.org
Address: 127.0.0.2

Why use a DNSBL? (DNS Block List)

Doing a DNSBL lookup on a message at SMTP connect time is cheap in hardware cycles and system time. Your DNS server may even have it cached from the last time the spammer tried.

If your email system already knows the incoming message is spam, it can deny a spam message before having to pass it to a mail scanner (medium cost), through a virus scanner (medium to expensive), bayesian filtering (medium), or full spam rules scoring analysis (e.g., SpamAssassin) (medium - high).

Mail rejected by a DNSBL during delivery is not silently discarded or lost. A DNSBL realtime rejection creates a delivery status notification (DSN) to the sender identifying the cause of the rejection, thereby allowing troubleshooting on the sender's end. (i.e., no "lost messages")

By rejecting the connection attempt in real-time, a DNSBL also avoids any "backscatter" problems associated with an email system accepting delivery, closing the connection, and then trying to return the mail to a potentially forged address after the message is determined to be spam.

Why use a DNSBL? (DNS Block List)

These answers presume you are running your own mail servers!

The first step is to request access to the BRBL. Once your name server (DNS server) IP addresses have been approved for access, you will need to configure your mail server. All modern mail servers have a 'DNSBL' feature (sometimes called 'RBL Servers' or 'Blacklist'). If you are not sure whether yours does, read its 'Help' file or ask your mail server vendor.

Testing your BRBL Setup

After you have registered your nameserver IP addresses with Barracuda and have been approved for access, you manually test access from the command line interface of your mail server operating system.

Linux/Unix systems:

$ host 2.0.0.127.b.barracudacentral.org

Windows systems:

C:\>nslookup 2.0.0.127.b.barracudacentral.org

If the blacklist is accepting queries from your nameserver, you should receive a response of 127.0.0.2:

Linux/Unix systems:

2.0.0.127.b.barracudacentral.org has address 127.0.0.2

Windows systems:

Non-authoritative answer:
Name: 2.0.0.127.b.barracudacentral.org
Address: 127.0.0.2

Querying the BRBL servers will use a lot of bandwidth, won't it?

DNS is inherently very efficient, using minimal amounts of bandwidth. Using BRBL will use much less bandwidth than having to accept every spam and virus email sent to your email system. By rejecting these spam messages during the SMTP connection, no further data is sent thereby reducing overall bandwidth requirements. DNS caching by your local DNS server also prevents redundant queries from utilizing excessive bandwidth.


Company

© 2009-2015 Barracuda Networks. All Rights Reserved.