nobaloney
NoBaloney Internet Svcs - In Memoriam †
I'm not sure if I want to be bothered with separate ISP custom rules; ISPs can change over time. How about just leaving out those aggressive rules completely? Will the remainder help?
Jeff
SpamBlocker-Powered exim.conf, Version 4
- Thread starter nobaloney
- Start date
Jeff
just to mention that njabl.org doesn't exist anymore and should be removed from then default spamblocker.
like said here...
http://www.njabl.org/
like said here...
http://www.njabl.org/
Richard G
Verified User
Just a little question, since I'm not that good in Exim acl's.
What's the difference between those two lines?
Or better... what does the ! mean?
Code:
domains = +use_rbl_domains
domains = !+skip_rbl_domainsOr better... what does the ! mean?
LawsHosting
Verified User
Just a guess, not? i.e in an if statement, != means not equal to
Richard G
Verified User
Aren't both lines contradictory then?
Or is the second line even needed? I would like to understand the working and why there are two lines, because in the standard exim.conf (spamblocker 2.0), the second line isn't present in any rbl list statement. Which makes me curious why.
Or is the second line even needed? I would like to understand the working and why there are two lines, because in the standard exim.conf (spamblocker 2.0), the second line isn't present in any rbl list statement. Which makes me curious why.
Traditionally /etc/virtual/use_rbl_domains is a symlink to /etc/virtual/domains, thus you can not disable RBL checks for a single domain (if you still want to handle MX records for it on directadmin powered server), if you are using spamblocker 2.x.
In SB 4, the issue is solved, so you can add any domain in skip_rbl_domains list, and that's it.
In SB 4, the issue is solved, so you can add any domain in skip_rbl_domains list, and that's it.
Richard G
Verified User
Thank you for the explanation zEitEr!
nobaloney
NoBaloney Internet Svcs - In Memoriam †
Thanks for bringing this to my attention; I'll remove it from my masters and from the servers for which I have a monthly maintenance contract within the next day or two. And to any servers I've installed as a one-time service within the last month.
Jeff
ericovk
Verified User
Is it possible to log all the mails that have been blocked by SpamBlocker? I'd like to check if SpamBlocker works properly on my server.
nobaloney
NoBaloney Internet Svcs - In Memoriam †
They're all logged in /var/log/exim/rejectlog.
Jeff
Jeff
ericovk
Verified User
Thanks! 
ericovk
Verified User
Hi, it's me again. Spamblocker is doing its thing pretty nicely in the past week. There are only a few .ru spam messages coming through, and the log messages I receive from my NAS are actually blocked. I have black-/whitelisted them in spamassassin, but since I've been running Spamblocker, it seems like spamassassin has become a bit useless. Is there a way to use the spamassassins lists in DA (and maybe connect spamassassin tot spamblocker?
I've already uncommented the spamblocker option:
#EDIT#50:
spamcheck_director:
driver = accept
condition = "${if and { \
{!def:authenticated_id} \
{!def:h_X-Spam-Flag:} \
{!eq {$received_protocol}{spam-scanned}} \
{!eq {$received_protocol}{local}} \
{exists{/home/${lookup{$domain}lsearch{/etc/virtual/domainowners}{$value}}/.spamassassin/user_prefs}} \
{<{$message_size}{100k}} \
} {1}{0}}"
retry_use_local_part
transport = spamcheck
no_verify
Eric
I've already uncommented the spamblocker option:
#EDIT#50:
spamcheck_director:
driver = accept
condition = "${if and { \
{!def:authenticated_id} \
{!def:h_X-Spam-Flag:} \
{!eq {$received_protocol}{spam-scanned}} \
{!eq {$received_protocol}{local}} \
{exists{/home/${lookup{$domain}lsearch{/etc/virtual/domainowners}{$value}}/.spamassassin/user_prefs}} \
{<{$message_size}{100k}} \
} {1}{0}}"
retry_use_local_part
transport = spamcheck
no_verify
Eric
northtones
Verified User
- Joined
- May 2, 2013
- Messages
- 25
I was going to implement your exim config file, and had it loaded in a tab in my browser. I got to my computer today and reloaded my browser, and those exim config pages are now all gone. I am unable to find a new link to them. Did you discontinue this?
SeLLeRoNe
Super Moderator
LawsHosting
Verified User
Any news on the Edit #40 yet (Paypal), for other TLD checks?
I'm encountering a big problem. One of my user accounts is being HAMMERED with "Mail delivery failed:" email messages. I'm 99.9% certain that the original messages that are causing these "Mail delivery failed" notifications are NOT originating from my client's network or from my DA server. Instead, I think the messages are being kicked to my client's account because his email address is being used as the originating "from" user. Here's a snippet of my mainlog file:
I've picked out the offending IPs and hostnames from which these messages are being received an populated them in the bad_sender_hosts and bad_sender_hosts_ip lists of SB4, but the messages just keep flowing in.
I've also cross-referenced the IP addresses from which these messages are originating and find them all listed as abusive on the RBLs.
I'm really at a loss to know how to block these messages from flowing to my server.
Help me please?
I've picked out the offending IPs and hostnames from which these messages are being received an populated them in the bad_sender_hosts and bad_sender_hosts_ip lists of SB4, but the messages just keep flowing in.
I've also cross-referenced the IP addresses from which these messages are originating and find them all listed as abusive on the RBLs.
I'm really at a loss to know how to block these messages from flowing to my server.
Help me please?
nobaloney
NoBaloney Internet Svcs - In Memoriam †
No, because SpamBlocker blocks before even seeing the email body, and SpamAssassin doesn't work until after the email body is read.
SpamBlocker has it's own whitelists and blacklists.
If SpamAssassin is using Blocklists that SpamBlocker doesn't use, you can implement them in SpamBlocker for more efficiency in receiving email but remember if you do that SpamBlocker will block on them, not just score them.
Jeff
nobaloney
NoBaloney Internet Svcs - In Memoriam †
Version 4.1 was replaced by Version 4.2. Always follow my link, as shown by SeLLeRoNe in post 334 to this thread.I was going to implement your exim config file, and had it loaded in a tab in my browser. I got to my computer today and reloaded my browser, and those exim config pages are now all gone. I am unable to find a new link to them. Did you discontinue this?
Jeff
nobaloney
NoBaloney Internet Svcs - In Memoriam †
I no longer like the feature at all; it results in all email from PayPal being blocked if the recipeint address is a forwarder. I'm probably going to make it optional in my next full version. Too many people these days using IMAP stores, where all incoming addresses go to one mailbox (especially if you're using a commercial service where you pay by the mailbox) and then later filter using Sieve.
Jeff
nobaloney
NoBaloney Internet Svcs - In Memoriam †
If you believe mail is being received from an IP# even after you've entered it into bad_sender_hosts_ip, then either you're misunderstanding and doing something wrong, or you've somehow really messed up your exim.configuration file.
It's possible you're the victim of a joe job (look it up) and badly configured servers are sending emails back to you even if you didn't send the email. The only thing you really can do then is block those servers. If you're saying you're getting these from many, many servers, then either you're the victim of a very sophisticated targed attack designed to DOS your server, or you're wrong, and your server really is sending out those messages (perhaps running a rogue email server so the outgoing emails aren't ending up in your logs.
Scan your server for malware.
Turn of the php mail function.
Hire someone to investigate the problem.
Jeff