zen.spamhaus.org syntax

evil_smurf

Verified User
Joined
Mar 3, 2006
Messages
123
I am confused by the two settings for using black lists, and specifically with zen.spamhaus.org.


I have the following in my exim.conf:

# deny using .spamhaus
deny message = Email blocked by SPAMHAUS - to unblock contact us at http://www.example.com/support.php
# only for domains that do want to be tested against RBLs
domains = +use_rbl_domains
dnslists = zen.spamhaus.org


However I see others on the directadmin forum that have the following to use zen:

# deny using spamhaus
deny message = Email blocked by SPAMHAUS - to unblock see http://www.example.com/
# only for domains that do want to be tested against RBLs
hosts = !+relay_hosts
domains = +use_rbl_domains
!authenticated = *
dnslists = zen.spamhaus.org



My question is, what exactly do the "hosts = !+relay_hosts and !authenticated = * lines do? I am a little confused regarding the two sections I see in exim.conf that both use dns black lists, but are separated by this comment:

# Next deny stuff from more "fuzzy" blacklists
# but do bypass all checking for whitelisted host names
# and for authenticated users





EDIT: When using zen, it seems to accidentally block some users from sending emails within the server itself (IE, from one domain to another that are both hosted on the server). When changing the setup for zen to the second one above, it doesn't block them anymore. It looks like telling it to use relay_hosts means don't block anyone that is authenticated against the server.

Correct?
 
Yes, you're right. I sent a private message to you after reading your deleted message, because I hadn't yet seen this one.

Over time I've learned a few things about using blocklists. That, however doesn't mean you shouldn't try to get out of the zen list :).

Jeff
 
This particular user's IP was being hit on PBL because:

Outbound Email Policy of PenTeleData for this IP range:

PenTeleData policy stipulates to no smtp connections should originate from these networks, unless it is directed to the designated PenTeleData mail servers. PenTeleData customers with questions regarding this policy should contact Technical Support.




So wasn't actually a spam issue =)

Thanks for clearing up my question for me!
 
This particular user's IP was being hit on PBL because:

Outbound Email Policy of PenTeleData for this IP range:
While a major part of me is for a completely open Internet, another part of me, the part that fights spam, applauds ISPs who block mailservers on their networks and require all outgoing unauthenticated email go through their own servers, where at least their abuse desks can deal with it. About 90% of the spam I see comes from ISP networks.

Responsible ISPs should (in my opinion) go further than PenTeleData has gone; they should actually block port 25 through those IP#s, or they should invisibly redirect them (as AOL does); the former is infinitely more desirable than the latter, but both eliminate a lot of spam and force accountability to the ISPs when it does occur.

The latest SpamBlocker technology (going to RC status today) uses a whitelist of ISPs official outgoing mailservers and is beginning to use blacklists which ISPs are encouraged to publish, of the IP#s which they prohibit, under their terms of service, from using mailservers.

Though these lists are in their infancy, the amount of spam blocked in incredibly huge. And of course SpamBlocker technology always allows you to turn on easy whitelisting for anyone caught in a false positive situation.
PenTeleData policy stipulates to no smtp connections should originate from these networks, unless it is directed to the designated PenTeleData mail servers. PenTeleData customers with questions regarding this policy should contact Technical Support.

So wasn't actually a spam issue =)
Was client using his own server for outgoing mail? Or just trying to reach your server for outgoing mail? If just trying to reach your server, then note that all recent SpamBlocker technology exim.conf files for DirectAdmin have allowed authenticated traffic through port 587 (the official email submission port) before using blocklists, for some time. Simply tell your client to use plain-text authentication on port 587.

If client is using their own mail server, then they need to contact PenTeleData, as suggested :). If PenTeleData allows that, they'll remove his static IP# from their blocklist submission.

Jeff
 
They were using my server for sending mail, and authentication was turned on. But the email was staying within my server (IE, the sending and receiving domain were both on my server), hence why the PBL hit on their host address instead of my server's.


And that's great that SpamBlocker 3 is going RC! Congrats!
 
Back
Top