If you have high mail traffic on your DA server, you may be accidentally whitelisting large amounts of spam. Specifically, I'd like to call your attention to this section in exim.conf:
This is under "EDIT#35" in /etc/exim.conf.
You see, DNSWL rate limits requests for people who don't pay for a subscription. If you make too many queries to their servers, they'll start returning a response of 127.0.10.3 as indicated here: https://www.dnswl.org/?p=120
This response of 127.0.10.3 isn't 127.0.0.255. Therefore, once you've exceeded their rate limit your exim will report that every IP afterward is whitelisted on DNSWL and treat it as such. It may sound hard to hit, but my servers with 700-1000 customers per server (admittedly email only, so still more email than an average shared web hosting server might have at same capacity) trigger it well. To prevent this, you should comment out (add # before each line) or delete that whole section in /etc/exim.conf and then restart exim. Note that it will be added back if you rebuild exim's configuration in an update.
Hope this helps someone else who may not even realize they're experiencing the same thing. It's very easy to overlook and your customers might report the problem to you in a variety of ways, if at all.
Code:
accept domains = +local_domains
sender_domains = !+blacklist_domains
hosts = !+bad_sender_hosts
hosts = !+bad_sender_hosts_ip
dnslists = list.dnswl.org&0.0.0.2
dnslists = list.dnswl.org!=127.0.0.255
logwrite = $sender_host_address whitelisted in list.dnswl.orgThis is under "EDIT#35" in /etc/exim.conf.
You see, DNSWL rate limits requests for people who don't pay for a subscription. If you make too many queries to their servers, they'll start returning a response of 127.0.10.3 as indicated here: https://www.dnswl.org/?p=120
This response of 127.0.10.3 isn't 127.0.0.255. Therefore, once you've exceeded their rate limit your exim will report that every IP afterward is whitelisted on DNSWL and treat it as such. It may sound hard to hit, but my servers with 700-1000 customers per server (admittedly email only, so still more email than an average shared web hosting server might have at same capacity) trigger it well. To prevent this, you should comment out (add # before each line) or delete that whole section in /etc/exim.conf and then restart exim. Note that it will be added back if you rebuild exim's configuration in an update.
Hope this helps someone else who may not even realize they're experiencing the same thing. It's very easy to overlook and your customers might report the problem to you in a variety of ways, if at all.