RBL filtering - Returning Results

[Bschneider]

Hello,

I am coming from a Qmail environment that was using rblsmtpd. In that setup when an IP is on an RBL it returns with one of the following:

451 Blocked - see http://cbl.abuseat.org/lookup.cgi?ip=41.232.3.17
451 Dynamic IP Addresses See: http://www.sorbs.net/lookup.shtml?83.204.69.131

Is is possible to do the same with exim.conf without manually putting in something like this in that file:

Dynamic IP Addresses See: http://www.sorbs.net/lookup.shtml?$sender_host_address

Thanks!

-B

 

[resolveit]

Hello,

I am coming from a Qmail environment that was using rblsmtpd. In that setup when an IP is on an RBL it returns with one of the following:

451 Blocked - see http://cbl.abuseat.org/lookup.cgi?ip=41.232.3.17
451 Dynamic IP Addresses See: http://www.sorbs.net/lookup.shtml?83.204.69.131

Is is possible to do the same with exim.conf without manually putting in something like this in that file:

Dynamic IP Addresses See: http://www.sorbs.net/lookup.shtml?$sender_host_address

Thanks!

-B

Yes this is possible, you simply have to add the domains to /etc/use_rbl_domains and edit the file /etc/exim.conf do display the messages you want for each of the individual blocklists.

Regards,

 

[Bschneider]

Thank you. I understand that as I am currently doing just that.

I thought that the deny message that I was getting in qmail was the response it was getting from the RBL services when it did a lookup and it was just passing it on.

 

[nobaloney]

Nope. The RBL blocklists are DNS based. All they do is return an IP#, generally 127.0.0.1, to indicate that the IP# you've sent to it (in a standard DNS query, using your local resolver) is in their blocklist. It's up to the software to decide how to present the error back to the user. I'd bet that if you look at the code in rblsmtpd you'd find something similar to what we do in /etc/exim.conf.

Jeff

 

[Bschneider]

Understood.

Thanks for the lesson.

 

[Bschneider]

Jeff -

After looking into it more, I hate to say it but I am correct. I'll take that bet. The RBL not only returns a 127.0.0.1 or 127.0.0.2. But it can ALSO return a TXT record which contains the text for rblsmtpd.

Do any multi rbl check such as on www.dnsstuff.com and you'll see a TXT record also that is associated with the IP.

Also do a google search using the words: rbl TXT record

So I guess I'll need to rephrase my question. I would like to pass on the TXT record recieved during an RBL look up within the 'deny message'. Doing so will not only benefit the sender but also the admin. It just let's the sender go right the source of the block.

So Jeff, how hard would it be?

-Bryan

 

[nobaloney]

It appears that some (but certainly not all) RBLs do publish text records. I didn't know that.

Instructions may be found here; search for 46.1.

I won't recommend it, though, because I recommend you publish a page on your server and whitelist anyone who asks to be whitelisted.

Why? Because it's easy, and it works, and since spammers don't go to websites to find out how to get an address whitelisted, it doesn't increase spam.

You can of course ask DirectAdmin if they include it in their install, and if not, to do so. I don't know if that'll break the SpamBlocker configuration or not. It may.

Jeff

 

[Bschneider]

Doing my 'homework' , it appears that exim already has it included:

http://www.exim.org/exim-html-3.20/doc/html/spec_46.html

If a TXT record associated with the host is found in the RBL domain, its contents are returned as part of the 550 rejection message, unless prohibition_message is set (see section 46.5), in which case a locally-specified message is used. This can include any TXT data by referring to $rbl_text. It may also refererence the RBL domain that caused the rejection by referring to $rbl_domain (and, of course, the incoming host IP address is available in $sender_host_address).

So if I am reading it correctly, I just need to do this?

# deny using cbl
  deny message = $rbl_text
       hosts = !+relay_hosts
       domains = +use_rbl_domains
       !authenticated = *
       dnslists = cbl.abuseat.org

 

[Bschneider]

..
Instructions may be found here; search for 46.1.
..

You must have just added that..

 

[nobaloney]

Added what? The page? It's on the exim site. All I did was google it .

My post. Yes, a few minutes before you added yours.

Try it, and let us know if it works.

Jeff

 

[Bschneider]

Yes your post..

I did a google too.. what a great thing!

Making the change it comes back with :

failed to expand ACL message "$rbl_text": unknown variable name "rbl_text"

 

[nobaloney]

Which may mean our version of Exim doesn't have it compiled in.

Check with DirectAdmin support. Or compile your own exim.

Jeff

 

[DirectAdmin Support]

I you need to compile your own exim, use the Makefile from here:
http://www.directadmin.com/Makefile
and place it into the "Local" directory in the exim source, then type "make" form the exim source directory.

Related:
http://help.directadmin.com/item.php?id=125

You'd need to figure out how to enable the option though, I'm not farmiliar with it.

John

 

[Bschneider]

Ok.. my homework is done.. I've figured it out..

No recompiling is needed.

Its not $rpl_text it is $dnslist_text

# deny using cbl
  deny message = ${dnslist_text}
       hosts = !+relay_hosts
       domains = +use_rbl_domains
       !authenticated = *
       dnslists = cbl.abuseat.org

Thanks Jeff and John