EASY_DNS_BLACKLIST - where is RBL list?

erick85

Verified User
Joined
Oct 20, 2020
Messages
11
I would like the ESF to score for the presence of IP on the RBL, rather than rejecting messages immediately (as exim does). I found the EASY_DNS_BLACKLIST parameter in the ESF configuration, but I am not able to locate the list of blacklists that I could define for checking. Where it is? Alternatively, is it possible to configure Exim somehow to check RBL but not to reject the message (only score). I know SpamAssassin has this option, but I'd like to do it a level higher.
 

Richard G

Verified User
Joined
Jul 6, 2008
Messages
7,242
Location
Maastricht
The list is in exim.conf but you can change it by creating a custom configuration like this.

I don't know that quick where the setting is to only score, if present.
You might try to change scores in /etc/.easy_spam_fighter and create a variables.conf.custom in there.
Lower or higher values can be used like this:
EASY_DNS_BLACKLIST == 100
you have to use the = character twice.
 

erick85

Verified User
Joined
Oct 20, 2020
Messages
11
I know this manual. But it doesn't help, because if the IP is on one of these RBLs, the message is immediately rejected (even if I set the EASY_DNS_BLACKLIST == 1 parameter in the configuration). I cannot find just this dependence.
 

bdacus01

Verified User
Joined
Jul 22, 2017
Messages
3,005
Location
Murfreesboro
I know this manual. But it doesn't help, because if the IP is on one of these RBLs, the message is immediately rejected
That’s the point of a blacklist. You don’t control them. If the ip you have is on the blacklist. Follow the process to get off the list. These list are not owned by da.
 

Richard G

Verified User
Joined
Jul 6, 2008
Messages
7,242
Location
Maastricht
If it's only a few ip's, you probably could use whitelist options. I would not recommend to disable RBL's.
We had a too many ip's blocked by spamhaus, so we used the help option to remove spamhaus from the RBL list and kept the rest in place.
 

erick85

Verified User
Joined
Oct 20, 2020
Messages
11
My main assumption is bouncing e-mails if the IP is e.g. on spamhouse and scoring if the IP is e.g. on SORBS. This is because spamhaus has far less false positives, but would still like to use SORBS as an additional score indicator for ESF.
 

mxroute

Verified User
Joined
Sep 24, 2019
Messages
159
It sounds like you want to treat RBLs differently. Reject based on one, add a score based on another, just generally have control over a weighted reaction to listings.

I don't think you'll accomplish this with the built in functions. However, you might be able to disable RBLs in exim from the server config in the DA panel, then customize rspamd to handle them instead. https://rspamd.com/doc/modules/rbl.html
 

Richard G

Verified User
Joined
Jul 6, 2008
Messages
7,242
Location
Maastricht
t sounds like you want to treat RBLs differently.
I'm not sure. I just don't want to have an RBL blocking mails due to false positives. Issue here is that Zen was looking to my (and others) home ISP address, and blocks based on that. In any case it was blocking too many good mails. And we all used smtp-auth via the server so RBL shouldn't look at that, the others don't either. So I've only thrown Zen out.
One can easily adjust that via the exim.strings.conf.custom file like this:
Code:
RBL_DNS_LIST==cbl.abuseat.org : bl.spamcop.net : b.barracudacentral.org
this way only the zen list is left out.

At home I'm using Mailwasher Pro and in this I also tested sbl-xbl to see if that would be doing any better. But it wasn't.

At this moment we're figting spam fairly good, however we're not that big a company and it's only 3 servers..
I was thinking of changing from spamassassin to rspamd at a later time.
 

mxroute

Verified User
Joined
Sep 24, 2019
Messages
159
I'm not sure. I just don't want to have an RBL blocking mails due to false positives. Issue here is that Zen was looking to my (and others) home ISP address, and blocks based on that. In any case it was blocking too many good mails. And we all used smtp-auth via the server so RBL shouldn't look at that, the others don't either. So I've only thrown Zen out.
One can easily adjust that via the exim.strings.conf.custom file like this:
Code:
RBL_DNS_LIST==cbl.abuseat.org : bl.spamcop.net : b.barracudacentral.org
this way only the zen list is left out.

At home I'm using Mailwasher Pro and in this I also tested sbl-xbl to see if that would be doing any better. But it wasn't.

At this moment we're figting spam fairly good, however we're not that big a company and it's only 3 servers..
I was thinking of changing from spamassassin to rspamd at a later time.

If you want to benefit from my day to day work feel free to add bl.mxrbl.com. This is the direct result of daily log audits and very carefully selected choices. The intention is zero false positives.
 

Richard G

Verified User
Joined
Jul 6, 2008
Messages
7,242
Location
Maastricht
Oh that's great, thank you very much I will add it now, also in my Mailwasher Pro so I have a nice overview on it's results.
Cool, thanks!
 

shanti

Verified User
Joined
Apr 8, 2009
Messages
83
Location
Wien / Vienna - Austria
My main assumption is bouncing e-mails if the IP is e.g. on spamhouse and scoring if the IP is e.g. on SORBS. This is because spamhaus has far less false positives, but would still like to use SORBS as an additional score indicator for ESF.
i have the feeling that your prime intent is not yet served

i too would rather see ESF/spamassassin taking care of RBLs than EXIM

so I set them in exim, but only as "passive information" - unexecuting

but i cant find any further use , but at least it defuses the exim's quite radical way (IMO) to simple drop an email

it should at least trigger a high score in any way

Code:
RBL_DNS_LIST==cbl.abuseat.org/warn : b.barracudacentral.org/warn : zen.spamhaus.org/warn

I still am searching for a solution to either check against RBLs in the user's domain-wide SA-filter or serverwide or sieve-based
 
Top