Emergency SpamBlocker3 release candidate update

nobaloney

NoBaloney Internet Svcs - In Memoriam †
Joined
Jun 16, 2003
Messages
26,113
Location
California
An emergency SpamBlocker3 Release Candidate (RC) update has been released today because one of the blocklists used appears to be broken and to be returning false positives.

If you're using any of the release candidates (version 3.2.x) from the NoBaloney Download Site you should immediately fix it either by installing the latest release candidate, or by making the following edit:

Find these lines in your exim.conf file:
Code:
       rhsbl.ahbl.org/$sender_address_domain : \
       block.rhs.mailpolice.com/$sender_address_domain
and edit them to appear as one line only:
Code:
       rhsbl.ahbl.org/$sender_address_domain
Then be sure to restart exim.

I apologize for the inconvenience but I'm sure you understand the importance of removing blocklists even though they may occasionally need to be adjusted.

If you have any questions, suggestions or issues, please post in this thread.

Thanks.

Jeff
 
PANIC MODE HERE!!!

I made changes as you suggested to my exim.conf (rc 3.2.5) file as you suggested and restarted Exim. Unforunately, exim failed to start throwing the error:
Code:
Exim configuration error in line 704 of /etc/exim.conf:
  error in ACL: unknown ACL condition/modifier in "rhsbl.ahbl.org/$sender_address_domain"
Warning: bad syntax, perhaps a bogus '-'? See /usr/share/doc/procps-3.2.7/FAQ
I then reverted to the a backup copy of the exim.conf file that I had just edited, tried to start Exim, and it threw a similar error. Presently my email is down. Help??
 
The only thing I did was removing the lines below and restarted exim.
deny message = Email blocked by $dnslist_domain
hosts = !+relay_hosts
domains = +use_rbl_domains
!authenticated = *
dnslists = \
rhsbl.ahbl.org/$sender_address_domain : \
block.rhs.mailpolice.com/$sender_address_domain
 
Yes, thanks. I just finished doing the same thing. Restarted Exim and mail is flowing again.

Jeff... I honestly can't thank you enough for sharing SpamBlocker. Aside from this little snaffu (not your fault) SpamBlocker has been incredibly effective at blocking countless junk messages!
 
Thanks!

@jlpeifer: you may have neglected to delete the : \ properly? Or forgot a line ending? My code is now working for all our machines (I didn't try until after I'd posted).

Jeff
 
jlasman, I basically just eliminated the lines that you suggested and replaced it (copy/paste) with the new code you provided. Not sure why things didn't work. I was specially confused after I restored the exim.conf file in its original state before the modification and things still didn't work. Regardless, as of this moment, after commenting out the section referenced in daveyw's reply, all is working.

Do you think there will be a point in the future when I can re-enable that portion of code (when the blocklist stops providing false-positives)?
 
As I've written, I've removed that blocklist from the master. I don't support use of that blocklist any longer and can't see that I'd trust them again even if they came back.

I do support use of the rhsbl.ahbl.org blocklist, and I do support use of the code as it now appears at my downlide site. Other than offer my guaranteed (commercial) service to install the file for you, and test it, I really can't troubleshoot it on your system.

Jeff
 
mailpolice.com seems be renewed again. However, I wonder about its accuracy in spam-filter?
 
It has no nameservers provided; see the output of:
Code:
$ dig mailpolice.com +trace
Jeff
 
Code:
  # RC 3,2,5 11-APR-2010
  # Mailer-Daemon messages must be for us
    accept senders = :
	   domains = +relay_domains
This should go after the RBLs to make sure that Exim doesn't accept bounce messages from compromised servers
 
This is simply an accept. It won't block anything. Please explain your logic on where it belongs so I can look into it.

Thanks.

Jeff
 
The logic is that the sender should first be checked against the RBLs before blindly accepting it, especially if it's a bounce message.
If you leave it there, then all a spamer has to do is to send his messages using an empty "from" and it will go straight to the user's INBOX.
I think this has been discussed before.
 
So possibly remove it? Is spam from empty senders a problem?

Please tell me exactly where you'd put it? After which lines? Or before which lines.

Thanks.

Jeff
 
Back
Top