SpamBlocker-Powered exim.conf, Version 4

nobaloney

NoBaloney Internet Svcs - In Memoriam †
Joined
Jun 16, 2003
Messages
26,113
Location
California
SpamBlocker-Powered exim.conf, Version 4 is ready!

After four years or so, the new SpamBlocker-powered exim.conf file is now released for immediate availability.

Features:
  • Much better documentation; almost every line is documented
  • Optional defined smtp connect-time ACL for more control
  • Better detection of incorrect hostnames at helo time
  • Rejection of mailer-daemon replies if server didn't send email
  • Choice of blocking order: choose either block for all domains except those on exclusion list, or block for no domains except those on inclusion list
  • Local and DNS-based whitelists
  • Local and DNS-based blocklists
  • A newly-updated selection of DNS-based blocklists, including some which may not be free to use depending on your usage patterns
  • A single list of DNS-based blocklists makes it easier to see what you're using, and to make changes as required/desired
  • Optional blocking of local relay submission on localhost
  • Blocking of .html attachments by default to block recent attacks
  • Optional integration with SpamAssassin
  • Optional integration with ClamAV
  • Easy Spam Fighter (ESF)
  • Block Cracking (BC)
Requirements:
  • Exim 4.60 or later, compiled for DirectAdmin
  • Dovecot / Maildir
New: Installation is available

More information and download available at the NoBaloney Internet Services website.
 
Fantastic, congrats on the release, does this also mean version 4 is suitable for production servers as of now?
 
It's suitable for mine. It's been working on two of them for about a week since the last change.

That's one of the reasons for the delay; another reason was so I could release it with the documentation.

Jeff
 
I just updated one of our servers to the new SpamBlockerTechnology powered conf file along with exim.pl. Everything appears to be working fine, but I am seeing the following error in the "/var/log/exim/mainlog" file.

Code:
2010-09-24 16:09:29 unknown named host list "+relay_hosts"

Any idea what would be causing this?
 
Last edited:
Does your newly-installed copy of exim.conf have these lines:
Code:
#EDIT#16:
# hostlist relay_hosts = net-lsearch;/etc/virtual/pophosts : 127.0.0.1

The # mark at the beginning of the second line is an error. (I'll fix it in our distribution file within an hour or two.)

Remove the # mark and restart exim.

Jeff
 
Thanks for bringing the error to my attention.

Update made in our distribution file. Note we're no longer adding version numbers for very minor changes; instead the date-time stamp will be the indicator.

Jeff
 
Will this version be used by JBMC by default in time, or will it be just for manual (self) installs?
 
That will be entirely up to them. I know John has looked at it already.

There are some additional files required, and of course it requires that Maildir/Dovecot be installed. It may require contents of one file to be moved to two other files.

DirectAdmin and in fact anyone else can reuse or redistribut it in any manor; as long as it stays under the GNU General Public License.

Jeff
 
it seems that SpamBlocker4 breaks compatibility with 'pop before smtp' and only accepts smtp authentication via username/password.

there are several embedded email clients (in fax machines for example) that support only "pop before smtp" and cannot send email

R1: HELO should be a FQDN or address literal (See RFC 2821 4.1.1.1)

any suggestions how to fix this?
 
Have you read the README file? This is covered in the README (nobaloney.net) file, at EDIT#27.

Jeff
 
I have read the README (many times actually) but it's doesn't give an answer to what I was pointing out.

I DO want my SMTP to require authentication but also to accept it in the form of POP before SMTP.

The da-popb4smtp keeps track of logins by writing to file pophosts_user. Is there a way to use this file to enable this kind of access?
 
I've made no changes to exim.conf to disable popb4smtp, and the file still exists and should work. My feeling is the problem is that the helo requirement is blocking the user, and the only way I know how to solve that is to change the helo requirement.

Because you posted
R1: HELO should be a FQDN or address literal (See RFC 2821 4.1.1.1)
I presume that's what you think as well.

Jeff
 
I'm also getting various "R1" messages with SpamBlocker 4 in my mainlog from valid users of our SMTP server:
"R1: HELO should be a FQDN or address literal (See RFC 2821 4.1.1.1)".

Users are using Outlook, and didn't have any problems sending with SpamBlocker 3.

How do I debug such problems further? Can I detect/find out which HELO they did send?
 
For your information, below the exact messages, both are valid users, it's their own IP, they try to send valid e-mails, and they are customers of us:

Code:
2010-10-06 10:29:43 H=###-84-106-208.adsl.xs4all.nl (GebruikerPC) [83.163.5.###] F=<info@###.nu> rejected RCPT <###@gmail.com>: R1: HELO should be a FQDN or address literal (See RFC 2821 4.1.1.1)
2010-10-06 10:29:43 H=###-84-106-208.adsl.xs4all.nl (GebruikerPC) [83.163.5.###] incomplete transaction (QUIT) from <info@###.nu>
2010-10-06 10:29:45 H=###-163-177-140.adsl.xs4all.nl (hoofdpc) [83.163.177.###] F=<info@###.nl> rejected RCPT <###@###.nl>: R1: HELO should be a FQDN or address literal (See RFC 2821 4.1.1.1)
2010-10-06 10:29:53 H=###-163-177-140.adsl.xs4all.nl (hoofdpc) [83.163.177.###] incomplete transaction (QUIT) from <info@###.nl>
 
Last edited:
Sorry for my double-double post, but the problems seem to be related to popb4smtp;

If you use POP-authentication before SMTP, error "R1: HELO should be a FQDN or address literal (See RFC 2821 4.1.1.1)" is triggered, because the user isn't authenticated.

If you let the user change his/her settings to use SMTP-authentication with user/pass, all problems are solved. At least this worked for my users.

Is it possible to change the message if the user isn't authenticated, instead of trowing a confusing "HELO"-error? Because the problem isn't the HELO but the authentication that's missing.
 
You can change the message to anything you want.

However the problem IS because HELO is incorrect. If the user is authenticated, then HELO isn't checked.

HELO is incorrect because local (desktop) machines generally don't identify themselves ins HELO with as fully qualified domain name.

If you remove the HELO check and the user isn't authenticated, then another ACL will catch that an unauthenticated user is trying to relay through the server, and a different error will be generated.

However, then spammers who send email from their desktop machines (generally compromised desktop machines) will be able to spam recipients on your server.

Be sure to restart exim after making any changes to the exim.conf file.

Jeff
 
Does your newly-installed copy of exim.conf have these lines:
Code:
#EDIT#16:
# hostlist relay_hosts = net-lsearch;/etc/virtual/pophosts : 127.0.0.1

The # mark at the beginning of the second line is an error. (I'll fix it in our distribution file within an hour or two.)

Remove the # mark and restart exim.

Jeff

I've made this modify but messages in paniclog persist, any ideas on how to resolve this?

010-10-06 14:44:35 unknown named host list "+relay_from_hosts"
 
You've found another error in the new file. It's not a critical error mail delivery, because it stops delivery, but without notice to the sending (spamming) server, as it should, but it still needs to be fixed so it will notify the sending server.

Replace
Code:
+relay_from_hosts
with
Code:
+relay_hosts
and restart exim.

I've changed the distribution code.

I'll create a new thread with a changelog in the next few days.

Jeff
 
Back
Top