[RELEASE] SpamBlocker released

apryan said:
I dont think it needs the : spam. Thats if you wanted to add a username i think?

If you want to block all of bli.net adding it like this:

bli.net

should do the trick. No user@ in front.
-anth
Click to expand...
Thanks for the help but for some reason that isn't working. That is what I tried originally. So I guess it's back to how do I debug this thing? How do I know if it's looking at the blacklist file?

thx,
Brandt
 
What you should be adding is the domain name from the "from" address; in other words everything after the @ character.

I'll soon be adding a file you'll be able to add mailservers (MTA hosts) to, but that's not ready yet.

Jeff
 
jlasman said:
What you should be adding is the domain name from the "from" address; in other words everything after the @ character.

I'll soon be adding a file you'll be able to add mailservers (MTA hosts) to, but that's not ready yet.

Jeff
Click to expand...

It doesn't work.

That's why I'm asking for any tips on debugging this thing. Where do I start? It's like it's not checking the file that I created. I entered gmail.com in there. Then I
#killall exim -HUP
#/usr/local/etc/rc.d/exim start

Everything works fine excpet that I can still send mail from gmail to anyone on the server.
 
It works properly on my server, from here; I just tested it.

What's the fully qualified path/name of the file you added?

You should not have to restart the server when you change the files; only when you change exim.conf.

Jeff
 
jlasman said:
It works properly on my server, from here; I just tested it.

What's the fully qualified path/name of the file you added?
Click to expand...

/etc/virtual/blacklist_domains
chmod 644
chown mail:mail

[root@lucie /etc/virtual]# ls -l | grep black
-rw-r--r-- 1 mail mail 7978 Aug 24 12:14 blacklist_domains
[root@lucie /etc/virtual]#


You should not have to restart the server when you change the files; only when you change exim.conf.

Jeff
Click to expand...
Oh yeah! hehe I've read that about 50 times. But I keep thinking that I'm doing something wrong so I try everything I can think of.

More details? OK I know that some of the blocking is working as I changed the Deny messages so that I could see what was working and what was not. I have added that section below. In my logs I get msg 1, msg 2, and msg 3 so I know that it is working but no msg 0 which is the blacklist_domains one. I think...

Thanks!
Brandt

# accept mail to [email protected], regardless of source
accept local_parts = errors
domains = bli.net

# deny so-called "legal" spammers"
# but do bypass all checking for whitelisted host names
deny message = msg 0 : Your domain $sender_host_name is on a public BLACKLIST to remove send a request to [email protected]
# only for domains that do want to be tested against RBLs
domains = +use_rbl_domains
sender_domains = +blacklist_domains

# Deny unless sender address can be verified:
# This statement requires the sender address to be verified before any
# subsequent ACL statement can be used. If verification fails, the incoming
# recipient address is refused. Verification consists of trying to route the
# address, to see if a bounce message could be delivered to it. In the case of
# remote addresses, basic verification checks only the domain.

require verify = sender

# Deny stuff from insecure hosts & spammers. No exceptions for known users.
# but do bypass all checking for whitelisted host names

deny message = msg 1 : Your domain $sender_host_name is on a public BLACKLIST to remove send a request to [email protected]
# only for domains that do want to be tested against RBLs
domains = +use_rbl_domains
# only smtp.dnsbl.sorbs.net = 127.0.0.5
dnslists = sbl.spamhaus.org : \
relays.ordb.org : \
dnsbl.sorbs.net=127.0.0.5

# Next deny stuff from more "fuzzy" blacklists
# but do bypass all checking for whitelisted host names
deny message = msg 2 : Your domain $sender_host_name is on a public BLACKLIST to remove send a request to [email protected]
hosts = !+relay_hosts
domains =+use_rbl_domains
!authenticated = *
# dnslists not including spam.dnsbl.sorbs.net
dnslists = bl.spamcop.net : \
dnsbl.njabl.org : \
cbl.abuseat.org : \
dnsbl.sorbs.net!=127.0.0.6

deny message = msg 3 : Your domain $sender_host_name is on a public BLACKLIST to remove send a request to [email protected]
domains =+use_rbl_domains
# rhsbl list is name based
dnslists = rhsbl.sorbs.net/$sender_address_domain

# accept if address is in a local domain as long as recipient can be verified
accept domains = +local_domains
endpass
verify = recipient

# accept if address is in a domain for which we relay as long as recipient
# can be verified
accept domains = +relay_domains
endpass
verify=recipient
 
Last edited:
I have no idea why it's not working for you.

Surely you don't expect to compare your exim.conf file character for character, do you?

:)

You could always do that yourself.

Have you tried reinstalling exim.conf and restarting exim afterwards?

(If you do, don't forget the changes.)

Jeff
 
jlasman said:
I have no idea why it's not working for you.

Surely you don't expect to compare your exim.conf file character for character, do you?
Click to expand...
Of course not. I was just showing you that part where I named the messages so that you could see what I meant when I said I wasn't getting any "0 error" messages in the log. But I was getting the others.

jlasman said:
You could always do that yourself.
Click to expand...

I have done this. Every single word. :mad:

jlasman said:
Have you tried reinstalling exim.conf and restarting exim afterwards?

(If you do, don't forget the changes.)

Jeff
Click to expand...
I have done this as well.
I'll keep messing with it I guess and let you know if I ever get it working.

brandt
 
Re: bump

motobrandt said:
basically I set up the /etc/virtual/blacklist_domains file with information on a domain that I have on another server but I can't block it no matter what I try. Does this even work?
Click to expand...

Is the other server on the same subnet as SpamBlocker server? Is the other server using this server's MTA to send mail? Are you sure you're sending the mail from MTA on the other server to this one?

Just trying to help... :)
 
Re: Re: bump

Yikes2000 said:
Is the other server on the same subnet as SpamBlocker server? Is the other server using this server's MTA to send mail? Are you sure you're sending the mail from MTA on the other server to this one?

Just trying to help... :)
Click to expand...
yeah I thought the same kind of stuff so I tried using my Gmail account. I added gmail.com to /etc/virtual/blacklist_domains and I couldn't get it to block gmail so...

Thanks though. I'll keep trying.

Brandt
 
It works here and I have no idea why it's not working for you.

While SpamBlocker does offer technical services, I'm not sure I should advertise here :) .

(We do offer a guarantee on our technical services; if we can't fix it, you don't pay.)

Perhaps someone else on these forums who understands exim can help you, or perhaps you can post specific questions on the exim-users list.

If you do post there, remember that listmembers there will have no idea of the blacklist_domains file or the code I added to exim.conf; you'll have to be very explicit in your questions.

Jeff
 
When you're trying to block something, remember you're not blocking the entire domain, you're blocking the ip address. That could be part of the problem here. I bet if you added the gmail ip address to the block list you'd get the mail blocked ;)
 
Actually, SpamBlocker's blocklist is by domain, not by IP#.

It doesn't work by IP#, but rather by domain in the "From:" field.
We're working on an an enhancement that will also block by IP#.

Jeff
 
i see this in my log, from en emal adress i am expecting some email form:

2004-10-15 09:22:47 H=mail.xx.com [12.x.x.x] F=<[email protected]> temporarily rejected RCPT <[email protected]>: Could not complete sender verify
2004-10-15 09:33:28 H=mail.xx.com [12.x.x.xsender verify defer for <[email protected]>: host lookup did not complete

what does this mean?
 
Exim, by default, makes sure a sender domain exists, as if it doesn't, the email is probably spam.

if it can't find xx.com, it can't presume that it doesn't exist, because the problem could be that DNS is temporarily down, or there could be a problem on the 'net. So it sets it aside and tries again later.

Jeff
 
You're welcome <blush>.

Next on the list is adding support for SMA over port 587 (see RFC 2476) so you can offer SMTP AUTH (and only SMTP AUTH) over port 587 to users who need to use your mail server but who's ISPs block port 25.

Jeff
 
my whitelist_from seems doesn't work

I always get this log like
2004-11-09 16:33:09 H=ms2.epaper.com.tw [211.20.188.72] F=<[email protected]> rejected RCPT <[email protected]>: to unblock ms2.epaper.com.tw at sbl.spamhaus.org see http://www.spamhaus.org/SBL/sbl.lasso?query=SBL12186

whitelist_from file is like this
[email protected]
ms*.epaper.com.tw

it doen't work,

my exim.conf setting is

domains = +use_rbl_domains
# only smtp.dnsbl.sorbs.net = 127.0.0.5
dnslists = sbl.spamhaus.org : \
relays.ordb.org : \
dnsbl.sorbs.net=127.0.0.5

why the whitelist don't work?

another question, the new exim.conf use
sbl-xbl.spamhaus.org to be RBL,
but it include too much IP, and if my client is on the list , he can't use his own mail account to send mail.
because the setting doen't allow authenticated user?
and only
domains =+use_rbl_domains
!authenticated = *
# dnslists not including spam.dnsbl.sorbs.net
dnslists = bl.spamcop.net : \
dnsbl.njabl.org : \
cbl.abuseat.org : \
dnsbl.sorbs.net!=127.0.0.6
will allow authenticated user?
because it set !authenticated = * ???
 
Last edited:
You must log in or register to reply here.
Back
Top