Emergency SpamBlocker3 release candidate update

nobaloney

NoBaloney Internet Svcs - In Memoriam †
Joined
Jun 16, 2003
Messages
26,119
Location
California
An emergency SpamBlocker3 Release Candidate (RC) update has been released today because one of the blocklists used appears to be broken and to be returning false positives.

If you're using any of the release candidates (version 3.2.x) from the NoBaloney Download Site you should immediately fix it either by installing the latest release candidate, or by making the following edit:

Find these lines in your exim.conf file:
Code:
       rhsbl.ahbl.org/$sender_address_domain : \
       block.rhs.mailpolice.com/$sender_address_domain
and edit them to appear as one line only:
Code:
       rhsbl.ahbl.org/$sender_address_domain
Then be sure to restart exim.

I apologize for the inconvenience but I'm sure you understand the importance of removing blocklists even though they may occasionally need to be adjusted.

If you have any questions, suggestions or issues, please post in this thread.

Thanks.

Jeff
 

jlpeifer

Verified User
Joined
Jun 6, 2006
Messages
86
PANIC MODE HERE!!!

I made changes as you suggested to my exim.conf (rc 3.2.5) file as you suggested and restarted Exim. Unforunately, exim failed to start throwing the error:
Code:
Exim configuration error in line 704 of /etc/exim.conf:
  error in ACL: unknown ACL condition/modifier in "rhsbl.ahbl.org/$sender_address_domain"
Warning: bad syntax, perhaps a bogus '-'? See /usr/share/doc/procps-3.2.7/FAQ
I then reverted to the a backup copy of the exim.conf file that I had just edited, tried to start Exim, and it threw a similar error. Presently my email is down. Help??
 

daveyw

Verified User
Joined
Jan 5, 2008
Messages
702
Location
/dev/null
The only thing I did was removing the lines below and restarted exim.
deny message = Email blocked by $dnslist_domain
hosts = !+relay_hosts
domains = +use_rbl_domains
!authenticated = *
dnslists = \
rhsbl.ahbl.org/$sender_address_domain : \
block.rhs.mailpolice.com/$sender_address_domain
 

jlpeifer

Verified User
Joined
Jun 6, 2006
Messages
86
Yes, thanks. I just finished doing the same thing. Restarted Exim and mail is flowing again.

Jeff... I honestly can't thank you enough for sharing SpamBlocker. Aside from this little snaffu (not your fault) SpamBlocker has been incredibly effective at blocking countless junk messages!
 

nobaloney

NoBaloney Internet Svcs - In Memoriam †
Joined
Jun 16, 2003
Messages
26,119
Location
California
Thanks!

@jlpeifer: you may have neglected to delete the : \ properly? Or forgot a line ending? My code is now working for all our machines (I didn't try until after I'd posted).

Jeff
 

jlpeifer

Verified User
Joined
Jun 6, 2006
Messages
86
jlasman, I basically just eliminated the lines that you suggested and replaced it (copy/paste) with the new code you provided. Not sure why things didn't work. I was specially confused after I restored the exim.conf file in its original state before the modification and things still didn't work. Regardless, as of this moment, after commenting out the section referenced in daveyw's reply, all is working.

Do you think there will be a point in the future when I can re-enable that portion of code (when the blocklist stops providing false-positives)?
 

nobaloney

NoBaloney Internet Svcs - In Memoriam †
Joined
Jun 16, 2003
Messages
26,119
Location
California
As I've written, I've removed that blocklist from the master. I don't support use of that blocklist any longer and can't see that I'd trust them again even if they came back.

I do support use of the rhsbl.ahbl.org blocklist, and I do support use of the code as it now appears at my downlide site. Other than offer my guaranteed (commercial) service to install the file for you, and test it, I really can't troubleshoot it on your system.

Jeff
 

gate2vn

Verified User
Joined
Nov 9, 2004
Messages
298
mailpolice.com seems be renewed again. However, I wonder about its accuracy in spam-filter?
 

nobaloney

NoBaloney Internet Svcs - In Memoriam †
Joined
Jun 16, 2003
Messages
26,119
Location
California
It has no nameservers provided; see the output of:
Code:
$ dig mailpolice.com +trace
Jeff
 

interfasys

Verified User
Joined
Oct 31, 2003
Messages
2,099
Location
Switzerland
Code:
  # RC 3,2,5 11-APR-2010
  # Mailer-Daemon messages must be for us
    accept senders = :
	   domains = +relay_domains
This should go after the RBLs to make sure that Exim doesn't accept bounce messages from compromised servers
 

nobaloney

NoBaloney Internet Svcs - In Memoriam †
Joined
Jun 16, 2003
Messages
26,119
Location
California
This is simply an accept. It won't block anything. Please explain your logic on where it belongs so I can look into it.

Thanks.

Jeff
 

interfasys

Verified User
Joined
Oct 31, 2003
Messages
2,099
Location
Switzerland
The logic is that the sender should first be checked against the RBLs before blindly accepting it, especially if it's a bounce message.
If you leave it there, then all a spamer has to do is to send his messages using an empty "from" and it will go straight to the user's INBOX.
I think this has been discussed before.
 

nobaloney

NoBaloney Internet Svcs - In Memoriam †
Joined
Jun 16, 2003
Messages
26,119
Location
California
So possibly remove it? Is spam from empty senders a problem?

Please tell me exactly where you'd put it? After which lines? Or before which lines.

Thanks.

Jeff
 
Top