OK if I want to use bl.spamcop.net all I have to do is to replace zen.spamhaus.org with bl.spamcop.net in Exim configuration file and it will wok?
remove cbl.abuseat.org from exim.conf
- Thread starter factor
- Start date
Richard G
Verified User
No. As said, don't touch the exim configuration file.
Create a file called /etc/exim.strings.conf.custom and put then in there. Like this.
then restart exim.
Exim will see this file and overrule the content in exim.conf so with this example, only spamcop and barracudacentral would be used.
Create a file called /etc/exim.strings.conf.custom and put then in there. Like this.
Code:
RBL_DNS_LIST==bl.spamcop.net : b.barracudacentral.orgExim will see this file and overrule the content in exim.conf so with this example, only spamcop and barracudacentral would be used.
I guess yes, as he offered it here https://forum.directadmin.com/threads/easy_dns_blacklist-where-is-rbl-list.63008/#post-327426 and here https://forum.directadmin.com/threads/how-to-block-incoming-multi-recipient-email.64435/#post-335356 , and here is the website for it: http://mxrbl.com/
btw .. I have a bunch of RBLs and no prob with false positives so far:
# bl.spamcop.net : \
RBL_DNS_LIST==\
b.barracudacentral.org : \
zen.spamhaus.org : \
hostkarma.junkemailfilter.com=127.0.0.2 : \
bl.mailspike.net : \
ix.dnsbl.manitu.net : \
multi.surbl.org : \
psbl.surriel.com : \
all.spamrats.com : \
mail.bl.blocklist.de : \
bl.mxrbl.com : \
dnsbl.justspam.org
OK guys I am set up but some times I receive annoying spam and I wonder
When I was using Google apps all I had to do was to report spam and that would be a slap on the face of spammer and all future emails would end up in junk folder however now that I am using my own vps email servers with email client things seems to be more complicated with those annoying spammers who still keep spaming. How to get rid of them? How to blacklist them ? on server side it is better
When I was using Google apps all I had to do was to report spam and that would be a slap on the face of spammer and all future emails would end up in junk folder however now that I am using my own vps email servers with email client things seems to be more complicated with those annoying spammers who still keep spaming. How to get rid of them? How to blacklist them ? on server side it is better
Richard G
Verified User
You never get rid of them all. Best practice is to have good anti spam measures and RBL's. You can't compare yourself with big companies like Microsoft and Google which has lot more power and resources to block everybody.
So best is do have good counter measures like RBL's, Spamblocker and so on.
Furthermore, if spammers pass by your system, report them. If they are not reported, they can keep going on because the only get blocked locally. You have to get them to be reported worldwide. One of the best places to do this is report them with Spamcop.
Check this post too, it's the answer to kind of a similar question.
forum.directadmin.com
So best is do have good counter measures like RBL's, Spamblocker and so on.
Furthermore, if spammers pass by your system, report them. If they are not reported, they can keep going on because the only get blocked locally. You have to get them to be reported worldwide. One of the best places to do this is report them with Spamcop.
Check this post too, it's the answer to kind of a similar question.
Rspamd activate in exim but ...
Thanks to @zEitEr for this feedback. I have access, however in admin, in reseller access is user, I have no access, logical? I was in MailCow before and when there was a suspicious message, users had the choice to put it in the junk mail and send a signal to MailCow to mean that the message...
forum.directadmin.com
Don't use mxroute rbl.
After I got notified how they work, I barely call them a rbl.
For info: they only base their list on PTR records. So if a network has a range of random hostnames, they block to whole ASN. But then, they are selective on the companies they block or not. By example, hurricane electric is one of the biggest network on the planet. Is also one of the networks that send a lot of spam. But they don't block it. Why? Because if they do, they will get a lot of complaints about false positives. So, better they let spam going than have a lot of complains.
I will stick with barracuda and spamous, even if they aren't excellent, they do the job correctly.
I dont agree with this statement. He made his point clear, he explained what he`s blocking, and for several of us its good working.
Good for you then.
But spend a bit of time watching how mxroute decides how he blocks the spam.
I am sorry, but for me, I prefere to use a reliable list. Not a list that bases itself only on PTR records. Like I said before, spamhous and barracudacentral are not perfect, but at least they do the work has it should.
Also, these days, we should start moving on to machine learning.
But spend a bit of time watching how mxroute decides how he blocks the spam.
I am sorry, but for me, I prefere to use a reliable list. Not a list that bases itself only on PTR records. Like I said before, spamhous and barracudacentral are not perfect, but at least they do the work has it should.
Also, these days, we should start moving on to machine learning.
I never had this case, i dont have an opinion on it.Not a list that bases itself only on PTR records
Also, these days, we should start moving on to machine learning.
Yepp. machine learning, AI, Rspamd+Redis, a lot things to do, to block bad spammers, and hold others free
Lots of ASNs to block (sorry, couldnt resist )Yes, true. But I won't block ASN's. Because that is another level of problems.I never had this case, i dont have an opinion on it.
Yepp. machine learning, AI, Rspamd+Redis, a lot things to do, to block bad spammers, and hold others free
I explain: if you block an ASN, anybody on that ASN won't be able to send you emails. I mean, anybody. Even it's owner or engineer for important communications.
Every ASN has an abuse email configured. 99% of those emails are hosted on the same network (it's just good behaviour). If you block the whole ASN, at least be decent to do 2 things:
- whitelist the ips used by the abuse email.
- contact the abuse email informing that you're blocking the whole ASN and why you're blocking it.
Microsoft does it, Google does it, spamhous does it, most of the companies do it. But this stupid perk doesn't. And he do his things his way thinking that he is doing it right. But in fact he doesn't know the big picture and how he should do it.
Anyway, my problem was solved (I contacted the providers that were using his list and they removed it from their mail servers).
I'll stop the flame here, I guess anyone with a small brain understood the picture of why his list is radioactive.
Cheers
Richard G
Verified User
DA does not cause issues with receiving mail. Might be Exim. However, only stating that does not provide us with information to be able to help you.
What is the exact problem, look in the logs for errors.
The issue was that clients couldn’t receive emails due to DA scanning incoming mail against RBL lists, but I don’t remember adding them.
Richard G
Verified User
There are default RBL's always present in Exim, more specific in the exim.conf file. These were not put in suddenly, but were always there.
Which is why it's important to be more specific, for example with pieces of the logfile.
So you can check as to why suddenly these sending domains get blocked by RBL's, and maybe, out of this can be concluded that a change in RBL's is needed.
For example, we had an issue with clients suddenly not getting e-mails from their domain anymore. Reason was that the Spamhaus RBL suddenly dug that deep, that the originating ip was checked instead of the sending ip (being the hosting server of the domain if I explain it correctly).
Since all ip's of most Dutch ISP's are mostly dynamic and by default present in at least one RBL, all that mail got blocked.
For us was it reason to change the RBL checking and not use Spamhaus anymore, because it was the 2nd time such issue occured with Spamhaus and we were fed up.
So maybe this example explains to you why you should investigate the logs and find out exactly which RBL is causing the issue, and if needed, remove it like done in the examples in this thread.
I'm still trying to work out why DirectAdmin insists on putting BOTH cbl.abuseat.org AND zen.spamhaus.org in their RBL list in exim.conf, when zen.spamhaus.org already includes everything in cbl.abuseat.org (and obviously, much more!) Why have two DNS lookups when one will suffice? Just promote zen.spamhaus.org to the top of the list and remove cbl.abuseat.org. I told them about this 6 years ago, so I don't know why they are both still there!
Taking from the abuseat.org FAQ:
Taking from the abuseat.org FAQ:
So after 7 years they've finally taken my advice - woohoo!
https://docs.directadmin.com/changelog/version-1.653.html#remove-cbl-abuseat-org-from-exim-conf
Richard G
Verified User
There was no need for hurry since it has been working until this year.
Doesn't really make sense to up an old topic just for this.