BLD: blacklist daemon

What is it?

BLD stands for "blacklist daemon" and is intended to serve a blacklist. The blacklist is built by simply inserting IP addresses or by using submission rate limits based on a maximum number of submissions of the same IP address within a minimum time interval. You can build a BLD cluster by configuring the daemon to notify other similar daemon(s) every time an IP address is added to the blacklist. BLD was primarily designed to fight against dictionary-based spams (by making the MTA report to BLD any host that tries to send a mail to an unknown user) but can be used by any program.

As of now, it is highly recommended to USE IT IN A SAFE ENVIRONMENT: access control is based on clients IP addresses. This is why, by default, BLD binds to localhost and should not accept requests from a machine where non-trusted users can be logged in or establish network connections to via other means (PHP for example).

How does it work?

BLD requests can be insertions (to add an address to the list), submissions (to add an address if its submission rate is too high) queries (to ask if an address is blacklisted) or decrements (to decrease the internal counter of submissions for an IP).

BLD uses a very simple algorithm to decide whether to add submitted IP addresses to the blacklist or not. The first time an IP address is submitted, it is added to an internal list with a timestamp and all further requests increment a counter for this IP. As soon as the minimum time interval is elapsed (default: 30 seconds), and if a maximum requests ratio is reached (default: 10 submissions in the 30 seconds interval), the IP is put in the blacklist. It is then blacklisted for a configurable time (default: 900 seconds).

Can I use it with Postfix?

Yes. BLD v.0.3.1 and later versions come with a README.postfix file and tools allowing BLD to be used as a policy server for Postfix. You will need at least Postfix 2.1.

How can I configure a BLD cluster?

Since v0.3.0, a BLD daemon is able to notify other BLD daemons about new addresses insertions in its blacklist. You can do this with the notifies_to parameter in bld.conf(5). There is a simple mechanism preventing loops, allowing you to put a notifies_to=B on host A and a notifies_to=A on host B. You should then configure your ACL correctly (see the insert action in bld_acl.conf(5)) to give the right permissions to each host.

Where to find more information?

More details may be found in the manual page and the ChangeLog. BLD is released under the BSD license. Full documentation is included in the source tarball.


BLD can be downloaded here.

Who did it?

BLD has been written by Olivier Beyssac and is released under the BSD license. Its home page is at
Many thanks to:

Pierre Beyssac for his fixes

Jean-Marc Drouaud for his advices.

And also to the following contributors:

Samuel Tardieu

Cyril Bouthors

Oleg Milaenko

Tim Bynum

Bertrand Demiddelaer