In my qmail config, I use rblsmtpd with two RBLs to filter incoming SMTP connections. One is the Zen RBL from Spamhaus. The second is a local RBL that blocks all SMTP connections from a particular country. Admittedly, blocking all SMTP traffic from an entire country isn’t very practical for anyone hosting email service for a community of users. One of the advantages of running my own email server, however, is that I don’t have to ask anybody’s permission to block whatever I want.
But I don’t want this post to be about the advisability of blocking email from entire countries. I want to talk about making my email server as efficient as possible.
When I first started using RBLs with qmail, I was only using the Zen RBL. Only later did I start using the country based blocklist. Not surprisingly, Zen appeared first in qmail’s call to rblsmtpd. Here is a snippet from my qmail-smtpd startup script that invokes rblsmtpd.
/usr/local/bin/rblsmtpd -b -r zen.spamhaus.org -r country.blocklist
The ordering of the blocklists is important because Zen is a remote blocklist while the country-based RBL is served by my DNS server on my local network. Queries to my local RBL list will be much quicker than queries to Zen and so it benefits me if I can filter out as many incoming SMTP connections as possible using the RBL with the quickest response time. It also benefits Spamhaus and the internet in general if I can eliminate unnecessary network traffic and remote DNS queries.
Here is the same snippet after I changed the order of the RBLs.
/usr/local/bin/rblsmtpd -b -r country.blocklist -r zen.spamhaus.org
To illustrate my point, here is a week’s worth of statistics showing incoming SMTP connections blocked by rblsmtpd before I changed the order of my blocklists.
And here is another week’s worth of statistics after I made the change.
As you can see, the proportion of connections rejected by each blocklist has completely reversed showing that most of the connections caught by Zen were coming out of the country covered by the country-based RBL. The numbers were taken from my qmail logs for the same days of the month exactly one month apart. In case anyone is wondering, the daily number of connections rejected by rblsmtpd was increasing even before I reversed the order of the RBLs.
Using dig to query the two blocklists, I found that queries to the country-based RBL returned results in 0 to 2 milliseconds. Queries to the Zen RBL, on the other hand, took anywhere between 30 and 120 milliseconds. That represents over an order of magnitude difference in processing time.
Still, the difference isn’t all that significant for my system given how few SMTP connections it has to process on any given day. But part of running my own email and DNS servers is finding ways to make them run as efficiently as possible and properly ordering my RBLs is a big step towards that goal. On the other hand, anyone running even a moderately busy email server would benefit substantially by calling their locally served RBLs first when using a program like rblsmtpd.