DSBL offline

[dan]

Just an FYI, I got a complaint this morning from one of my clients that they weren't receiving any emails. It turns out that the DSBL spam filter is no longer operational, and the nameservers no longer exist. If you use this spam filter, you'll need to comment it out of your /etc/exim.conf. You're looking for this;

  deny message = Email blocked by DSBL - to unblock see http://www.example.com/
       hosts = !+relay_hosts
       domains =+use_rbl_domains
       !authenticated = *
       dnslists = list.dsbl.org

Just comment it all out, and restart exim. Because of a lack of nameservers, it's returning false (or blocked) for every single email that goes through it.

Whoever maintains the DA config for exim, might be worth removing it in the next update?

 

[dan]

That is, of course, until you realise that the post on DSBL's website was written in 2008. Either way, something's happened in the last 24 hours that's making it block everything. My guess is they kept the nameservers running, and have only just switched them off, perhaps.

And unless this has already been spotted and removed from new DA installed (mine was installed in 2008!)

 

[Arieh]

http://files.directadmin.com/services/exim.conf - I don't see it in the current config, luckily I don't have it in my installs either. But your reasoning seams plausible, so in case there are others good thing you posted it.

http://files.directadmin.com/services/exim.conf.filterchange It is listed in this one though, not sure when it was taken out exactly.

 

[Tristan]

Yup, experienced that as well on an old server. Thanks for the heads up.

Strangely enough the settings on custombuild were:

Exim: no
exim.conf update: yes

Any idea why exim.conf wasn't updated?

 

[Nerigal]

thanks for the message, still have this with a hold setup

 

[zEitEr]

Any idea why exim.conf wasn't updated?

How did you try to update it?

 

[Tristan]

How did you try to update it?

I thought it would be updated with the normal ./build update_versions?

 

[zEitEr]

You should run

./build exim_conf

 

[nobaloney]

The DSBL list hasn't been included in either the DirectAdmin exim.conf file, or mine, for many years.

The reason exim.conf isn't automatically updated when you update exim, or otherwise through custombuild without manual intervention, is because most of us use (all of us should use) customized versions. To better understand why you should customize the file included with DirectAdmin, grep the file for example.com; this is the default message people get if their server is blocked; unless you create your own page for people to visit, and edit your exim.conf file, anyone erroneously blocked won't have an easy way to get unblocked.

My version doesn't have example.com in the error message but you may still want to give people a way to notify you if they get blocked. We unblock everyone who asks, and we've NEVER gotten spam because of that; spammers don't ask.

If you're running any version of SpamBlocker 4.x or above you should definitely do some customizations; read the special readme file (nobaloney.net). If you need my help in updating, customizing or reinstalling SpamBlocker Version 4.x, I offer a low-priced commercial service here (nobaloney.net).

Jeff

 

[dan]

I had a feeling that, after I saw the date of the post on DSBL's website, it may not have been in DA's installer config for some time (hence my second post, after I clocked the date posted!), though I figured though that any server installed before that time, this would be included, and since mine hasn't updated, I dare say there are many others out there that will also have been affected by this (whatever "this" is that made it break everything).

At least now this post exists, anyone Googling around for the same symptoms should come across this thread, and be helped to a resolution

 

[Tristan]

So what does the eximconf=yes flag do exactly?

 

[zEitEr]

Nothing, but allows to update exim.conf with a command

./build exim_conf

without settings eximconf= to yes, you'll see a error. Just check it out with

eximconf=no

 

[Tristan]

Thanks for your reply Alex, that clears it up, still seems like an illogical switch to me though.

 

[zEitEr]

Please feel free to suggest a better solution in a sub-forum for custombuild http://www.directadmin.com/forum/forumdisplay.php?f=61

 

[Tristan]

Just posted it here: http://www.directadmin.com/forum/showthread.php?t=44307&p=226037

 

[nobaloney]

whatever "this" is that made it break everything

What made it break is an intentional decision to set a positive DNS return for every query. Shutting off the authoritative nameservers for the blocklist would result in the blocklist no longer working, but no false positives. Removing all the records from the authoritative nameservers would result in the blocklist no longer working, again with no false positives. Only using wildcards to allow false positives for every query will return those false positives.

Why do the blocklist people do that? Because they figure that years after they publicly announce that it no longer works if you're still using it they need to more forcefully tell you, and they decide the best way to do that is to make sure your mail server no longer works unless you take their blocklist out of your configuration.

Jeff