GRBL — Gnoppix Real-time Blocking List
RBL stands for Real-time Blackhole List (also frequently called a Remote Block List or DNSBL). It is essentially a dynamic, crowd-sourced blacklist used by email servers to block spam, phishing attempts, and other malicious email traffic before it ever reaches an inbox.
This solution is part of a project that our client has released under a Business Source License (BSL / BUSL). It includes a simple web interface and an administrative API through which IP addresses—such as those associated with terrorist activity—are automatically added to the RBL via a Suricata IDS (Intrusion Detection System). Currently, the system has approximately 15,000 IP addresses listed.
How to Use GRBL
Section titled “How to Use GRBL”Enter an IP address on the GRBL lookup page to check whether it is listed. The lookup queries rbl.gnoppix.org on port 53 and returns the current blocking status.
Manual query example:
dig @rbl.gnoppix.org -p 53 4.3.2.1.rbl.gnoppix.org +shortAdding it to Postfix:
Section titled “Adding it to Postfix:”main.cf:smtpd_recipient_restrictions = check_client_access cidr:/etc/postfix/network_service.cidr, permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_recipient, reject_unknown_recipient_domain, reject_unauth_destination, check_policy_service unix:private/policyd-spf, reject_rbl_client rbl.gnoppix.org=127.0.0.2, reject_rbl_client zen.spamhaus.org=127.0.0.[2..11], permitOur client wanted to protect his email server from hackers. Knowing that an exploit typically starts by querying server versions, such as passwords and open relay, it was relatively easy to access the data with an IDS and then populate the list. Of course, we fully agree with him; if someone is clearly trying to compromise an internet service, that IP address poses a threat to the public. Therefore, we decided to make this service freely accessible. Perhaps someone has ideas for expanding it, such as a weekly IP list in text format. Enjoy!
GRBL Tools
Section titled “GRBL Tools”- More Info
- Project code
- Live Site
- IP Reputation Check — Full reputation analysis for any IP address
- Contact Support — Get help from the Gnoppix team