remove cbl.abuseat.org from exim.conf

[factor]

https://www.abuseat.org/

Changes to the CBL​

IMPORTANT TO ALL CBL users: If you were using the CBL to filter access to your mail servers or anything else, you will need to take note of several changes to the CBL that occured in January 2021. In short, the CBL infrastructure was replaced by the Spamhaus XBL structure, the lookup pages and access methods have changed. Full details on our CBL Cutover page
IMPORTANT! due to the above changes, new users wishing to use the CBL will need to go to for instructions on how to set up the Spamhaus XBL.

Need to update the exim.conf?
RBL_DNS_LIST=\
cbl.abuseat.org : \
b.barracudacentral.org : \
zen.spamhaus.org

@smtalk @fln

 

[Richard G]

I don't like spamhaus, too many false positives.

It can still take a while:

The CBL service will continue operation under the "cbl.abuseat.org" query name for some time, after which "abuseat.org" will be retired. No date has been identified for this to occur, but rest assured, when we do it, at worst it will simply stop returning a positive list indication.

I think we can also wait until they indeed retire, since Spamhaus is already present in the exim.conf file.

 

[EthernetServers]

Something minor that would be nice whilst we're on the subject...

These RBL's don't work with resolvers like Google (8.8.8.8 & 8.8.4.4) and Cloudflare (1.1.1.1 & 1.0.0.1) and it would be handy if a comment was added in exim.conf which states this, and in the DirectAdmin settings in the admin UI where one can enable RBL blocking.

A certain "other" control panel does this:

This option requires the use of a non-public DNS resolver. Public resolvers like Google or OpenDNS will not return correct results.

 

[Richard G]

These RBL's don't work with resolvers like Google (8.8.8.8 & 8.8.4.4) and Cloudflare (1.1.1.1 & 1.0.0.1)

Are you sure about that? There is a limit on Google resolvers, so 8.8.8.8 & 8.8.4.4 so at a certain time, requests are blocked. But I'm using 1.1.1.1 since many years, and also my own local resolver, but I never had issues with 1.1.1.1.

A certain "other" control panel does this:

They state (in what you quoted) that OpenDNS will not return correct results. They don't write about Cloudflare (1.1.1.1).

I get your point, and it's a good idea, maybe good for the feedback forum. However, as far as I know Cloudflare is working fine for RBL's.

 

[Active8]

But I'm using 1.1.1.1 since many years,

Are you sure it works ? , yesterday I did an test with CF DNS and it didn't passed the test described as here : https://www.spamhaus.org/faq/section/DNSBL Usage#366

OpenDNS passed the test, can you confirm ?

 

[Richard G]

OpenDNS passed the test, can you confirm ?

I got multiple entry's in the resolv.conf at the moment. But always 127.0.0.1 as first and 1.1.1.1 as second.
I ran into issues when this was 8.8.8.8 but didn't see those errors after the change anymore.

dig +short @1.1.1.1 2.0.0.127.zen.spamhaus.org   
127.0.0.2
127.0.0.10
127.0.0.4

Additional Check:

 dig +short TXT 2.0.0.127.zen.spamhaus.org @1.1.1.1
"https://www.spamhaus.org/sbl/query/SBL2"
"https://www.spamhaus.org/query/ip/127.0.0.2"

Or do you mean something else?

 

[Active8]

Or do you mean something else?

No it was this test
Weird I have used the same IP (1.1.1.1) as test and it has failed, that was for my the reason for move to OpenDNS
Thanks

 

[Richard G]

You're welcome.
Maybe it was a temp failure or a routing issue. However, if OpenDNS is working for you that's also fine.
Just wondering why that other panel is stating OpenDNS will not give correct results.

 

[iamthezio]

An update, the July 10, 2022 update to exim over writes the exim.conf, and this issue begins again.

Adjust your exim.conf if this issue arises.

 

[Richard G]

Adjust your exim.conf if this issue arises.

No don't change exim.conf, use the correct way to do this and to prevent repeating this action.

Create a file called exim.strings.conf.custom and add there which RBL you want to keep, for example like this:
RBL_DNS_LIST==cbl.abuseat.org : b.barracudacentral.org
just put in there what you want to keep, this overrules the values in exim.conf with the values mentioned here.
So this example would keep abuseat, and barracudacentral but loose the zen.spamhaus.org list. Add and/or adjust to your needs.

Ofcourse, it speaks for itself that you need to restart exim after creating or changing this file.

 

[psalm91]

No don't change exim.conf, use the correct way to do this and to prevent repeating this action.

Create a file called exim.strings.conf.custom and add there which RBL you want to keep, for example like this:
RBL_DNS_LIST==cbl.abuseat.org : b.barracudacentral.org
just put in there what you want to keep, this overrules the values in exim.conf with the values mentioned here.
So this example would keep abuseat, and barracudacentral but loose the zen.spamhaus.org list. Add and/or adjust to your needs.

Ofcourse, it speaks for itself that you need to restart exim after creating or changing this file.

Thanks for this but where to upload the file?

 

[apogee]

Thanks for this but where to upload the file?

/etc/

 

[psalm91]

/etc/

I added some thing like this to a file
RBL_DNS_LIST=\

b.barracudacentral.org : \
zen.spamhaus.org

named the file exim.strings.conf.custom and uploaded it to etc folder however the exim stops , does not start

 

[apogee]

wrong syntax... mine:

[root@da-dev4 ~]# cat /etc/exim.strings.conf.custom
RBL_DNS_LIST==bl.spamcop.net : b.barracudacentral.org : zen.spamhaus.org : ix.dnsbl.manitu.net : psbl.surriel.com : bl..... : dnsrbl... : spamrbl...

(...) = was censored, own services

BTW: do not use abuseat unless you have your own resolvers....

 

[psalm91]

Oh ok thanks a lot

 

[Richard G]

I gave the correct syntax in my post #10.

Glad apogee was here to give you a more clear example.

 

[psalm91]

I gave the correct syntax in my post #10.

Glad apogee was here to give you a more clear example.

Yes I noticed. Thanks a lot but one question so basically I do not have to even touch the exim.conf right?
I can keep what I do not even need in exim.conf and just define what I need in custom file?

 

[Richard G]

so basically I do not have to even touch the exim.conf right?

Correct.
Just define what you need in the custom file and just to be sure after that restart exim.
No need to touch the exim.conf file for what you don't need.

 

[psalm91]

Correct.
Just define what you need in the custom file and just to be sure after that restart exim.
No need to touch the exim.conf file for what you don't need.

still a lot of false positive. should I remove everything? in this case How can I protect myself from spam?

 

[Richard G]

False positives are also often caused by spamhaus in my experience.
Removing everything would result in getting hit hard by a lot of spam I guess.

I use bl.spamcop.net and b.barracudacentral.org and 1 other from @mxroute but I don't know if I'm allowed to say that or if everybody is allowed to use that. Maybe he can say. He's kind of a mail guru.