Spam Blocker "DNS based blocklists"

[sohaib]

DNS based blocklists

Edit your exim.conf file and add the following to

Look for LINE # 505 in exim.conf and do the changes below.

# Deny stuff from insecure hosts & spammers. No exceptions for known users.
# but do bypass all checking for whitelisted host names
deny message = to unblock $sender_host_name see http://www.EXAMPLE.COM/
# only for domains that do want to be tested against RBLs
domains = +use_rbl_domains
# only smtp.dnsbl.sorbs.net = 127.0.0.5
dnslists = sbl.spamhaus.org : \
relays.ordb.org : \
opm.blitzed.org : \
dnsbl.njabl.org : \
list.dsbl.org : \
relays.visi.com : \
multihop.dsbl.org : \
dul.dnsbl.sorbs.net : \
dul.dnsbl.sorbs.net : \
l1.spews.dnsbl.sorbs.net : \
l2.spews.dnsbl.sorbs.net : \
dnsbl.sorbs.net=127.0.0.5

Its usefull to add the above but I dont take any gurantee I am using the above in my server and its working 100% perfect.

Check the following also.

# Relays
relays.ordb.org # all usable
opm.blitzed.org
dnsbl.njabl.org
list.dsbl.org
relays.visi.com

# Multihops
multihop.dsbl.org # only use for accounts with LOTS of spam

# Dialups
dul.dnsbl.sorbs.net # stops most worms

# Spam-in-progress
client.dnsbl.docsnyder.de
xbl.spamhaus.org # "no false positives yet"
bl.spamcop.net # only use for accounts with LOTS of spam

# SPEWS
l1.spews.dnsbl.sorbs.net # hardcore spammers
l2.spews.dnsbl.sorbs.net # their assistants

# Hardcore spammers
sbl.spamhaus.org # Spamhaus Block List
blacklist.spambag.org
spamfriendly.dnsbl.docsnyder.de # manually maintained

# RHSBL
sender.rhsbl.docsnyder.de # manually maintained
helo.rhsbl.docsnyder.de # manually maintained
rhsbl.sorbs.net # experimental

# RFC-ignorant (DNSBL)
ipwhois.rfc-ignorant.org # experimental

# RFC-ignorant (RHSBL)
whois.rfc-ignorant.org # experimental
postmaster.rfc-ignorant.org # experimental
abuse.rfc-ignorant.org # experimental
dsn.rfc-ignorant.org # experimental

 

[nobaloney]

I fear your post may lead some readers to damage their exim.conf file as you don't note anywhere that this is NOT just code to add, because much of this is already installed.

You also don't point out where to put the code, nor do you point out that the additional sections you've included below the main section need to be rewritten in the proper syntax.

and by leaving in EXAMPLE.COM but not noting that it needs to be changed, you've made it impossible for any senders to notify you of any false positives.

Would you consider rewriting the post a bit more clearly?

Thanks.

Jeff

 

[sohaib]

Line # added

 

[nobaloney]

Thanks for the clarification. While it may not be the same line number in each user's exim.conf file, at least now the user knows where to look and what to do.

However What about those other sections you added? Surely they don't work like that; they need to be put in the right place with the right syntax.

And I'm still concerned about the EXAMPLE.COM as if you leave that you might as well not send any message back at all as no-one will ever be able to report a false positive.

I don't know much about some of those blocklists you're using; I'm pointing the post to a friend of mine who's very active in the anti-spam community; perhaps he'll join and post his comments, or else just write me so I can write back.

Jeff

 

[sohaib]

Sure no problem.