Note: This method is only for customers willing to pay for direct access to the blocklist. If you want information on using the blocklist in the normal, casual way see the How do I configure my mailserver FAQ.
The SCBL is a constantly changing real-time list. Therefore, downloading the whole list (doing a "zone transfer") is not as effective at blocking spam unless it is done every minute. Downloading it every minute would be very inefficient.
For this reason, we provide a more efficient option of running a mirrored server through transfer using rsync and ssh. You have the option of the mirror server being public or private as described below. rsync access is provided free of charge to sites willing to host a public mirror of the BL.
Private Mirror BL Server
The charge is $1000 per year per server for this service. To pay for private mirror access, make a $1000 payment through Stripe:
Be sure to include the email address you will be contacting us from in your Stripe payment to assist us in matching the payment to you.
First, create a new user and an ssh key:
useradd -G nobody bl
chown bl.nobody /home/bl
su - bl
ssh-keygen -t dsa -N "" -f ~/.ssh/id_dsa
Now, send us us the key. Include your Stripe receipt number and username so we can match the payment on our end.
Once you have been authorized to retrieve the blocklist, retrieve it once manually, accepting the host key from SpamCop (if it matches):
rsync -e ssh -i -L email@example.com:bl.data ~/bl.data
Or if you prefer to fetch the data in rbldnsd format: rsync -e ssh -L firstname.lastname@example.org:rbldnsdbl.data ~/rbldnsdbl.data
You should see:
DSA key fingerprint is b3:5f:4c:db:38:d5:4d:25:62:e6:c5:5d:9e:96:58:ba.
RSA key fingerprint is 18:aa:95:36:18:39:d3:0d:6c:e4:fb:5a:99:cc:16:ba.
If you do, answer yes. If you do not (very unlikely), abort!
You should now have an initial bl.data file in the user's home directory.
Now configure a cron to rsync this file every minute:
As bl user:
Add to file:
* * * * * rsync -e ssh -L email@example.com:bl.data ~/bl.data
Now, you will have a constantly-updated mirror of the SpamCop blocklist file You can do with it what you like (except share it with others). Ask to be added to the mailing list for mirror operators. Critical updates will be sent to this list when access information changes. Also monitor the cron output for errors (redirect bl's email to an address you read). You may get a few failure errors when Internet connectivity is congested or down. This is normal (the whole point of running a mirror).
One possible use is to republish it internally using the same software SpamCop uses, rbldns.
Here are some very brief instructions on setting up rbldns. For more detailed information, please see D.J. Bernstein's documentation.
# install rbldns and set up a cron which runs as the "bl" user:
# first daemontools from: http://cr.yp.to/daemontools/install.html
# (as root)
chmod 1755 /package
tar -xvzf daemontools-0.76.tar.gz
# tail /etc/rc.local for startup command instead of rebooting.
# next, djbdns from http://cr.yp.to/djbdns/install.html
tar -xvzf djbdns-1.05.tar.gz
make setup check
rbldns-conf bl bl /var/rbldns YOURIPADDR spamcopbl.YOURDOMAIN.TLD
chown -R bl.nobody /var/rbldns/root/
rm /var/rbldns/root/data ln -s ~bl/bl.data /var/rbldns/root/data
ln -s /var/rbldns /service
Now, edit your cron, add "; make -C /var/rbldns/root > /dev/null" to the every-minute cron, so that it will rebuild the rbldns data file after every sync. Make sure data.cdb remains up-to-date. You should now have a working DNS mirror of the SpamCop data under spamcopbl.YOURDOMAIN.TLD. You will need to set up NS records pointing to YOURIPADDR for spamcopbl.YOURDOMAIN.TLD.
Public Mirror BL Server
Free mirror service is provided to sites who are willing to host a public mirror (serving data to other free users).
To host a public mirror we require:
- Dedicated Intel PIII or better box running FreeBSD;
- Root access to the server;
- Minimum 1Mbit/sec sustained bandwidth;
- Reliable network and power configuration.
If you are interested, please contact us with a brief description of your network and the server. We will configure and maintain it with the software needed to provide the SpamCop blocklist service. Cable modem or xDSL connections are not sufficient.
[Append to This Answer]