Setting Exim to use RBL's

fusionictnl

fusionictnl

Verified User
Joined
Jun 22, 2004
Messages
1,052
Location
Netherlands
Hello,

I just post here how I implemented exim to use Blacklists. This is only for people that know what these are and what they do.

To implement RBL checking for mail rejection, you can alter the exim.conf. (Safe with the use of Spamassassin).

in /etc/exim.conf:

Original:

-----------------

check_recipient:
# Exim 3 had no checking on -bs messages, so for compatibility
# we accept if the source is local SMTP (i.e. not over TCP/IP).
# We do this by testing for an empty sending host field.
accept hosts = :
accept domains = +local_domains
accept domains = +relay_domains

-----------

Altered:

-----------
check_recipient:
# Exim 3 had no checking on -bs messages, so for compatibility
# we accept if the source is local SMTP (i.e. not over TCP/IP).
# We do this by testing for an empty sending host field.
accept hosts = :


deny message = Access denied - $sender_host_address is listed at $dnslist_domain
dnslists = sbl.spamhaus.org:relays.ordb.org


accept domains = +local_domains
accept domains = +relay_domains
------------

Restart exim. After that if it isn't giving any errors, you can test it by sending a mail to:

[email protected]

This will sent a mail from as blacklisted and a report. You should get only the report with at the last lines some message that his mail is rejected. (Automated)

good luck!
 
Fusionctl,

The exim.conf file you've edited hasn't been distributed by DA for many revisions now.

For some time they've been distributing the copy of exim.conf shown here, which I wrote some time ago and released to the community on May 15, 2004 (you can see the thread here).

It's quite sophisticated and offers a lot of other options (and it's heavily documented). Among other things it does that the original (that you seem to still be using) doesn't do, is block all emails to nonexistent recipients.

The original DA exim.conf file allowed receipt of all emails for nonexistent recipients, and then checked them later. So it causes a lot of undeliverable and unreturnable spam to end up in your outgoing email queue.

That's been fixed with the new one.

While I chose specific RBLs, it's certainly reasonable for you to start with the one I released to the community and make changes to the blocklists I chose.

Jeff
 
Is the RBL feature enabled by default? In that all incoming mail is checked against spamhaus for example? With your config file (Jeff), how would I have it setup to send a reply to the sender that their email was flagged as spam and to contact an admin to change it if it isn't spam?
 
modem said:
Is the RBL feature enabled by default?
Click to expand...
Strictly speaking the answer would be yes, as the blocklist will work for any domain you put into the /etc/use_rbl_domains file.

But since there are no domains in that file unless you put them there, practically speaking the answer is no.
In that all incoming mail is checked against spamhaus for example?
Click to expand...
Yes, but only incoming mail for domains listed in the /etc/use_rbl_domains file.
With your config file (Jeff), how would I have it setup to send a reply to the sender that their email was flagged as spam and to contact an admin to change it if it isn't spam?
Click to expand...
With blocking you don't ever receive the email, and so you don't ever reply to it. Which is as it should be, because spam often comes from forged addresses, and you don't want to add to the spam problem by sending emails to someone who didn't send spam in the first place.

What exim (and every other MTA that obeys the rules) does, is reports back to the sending mail program that it's blocking the mail, and why. Then it's up to the sending program to report back to the original sender. Which is all according to the RFCs (rules) governing Internet email.

In my (now the default DA) exim.conf file the message is fully changeable, and we specifically allow for a white-listed address for anyone who was blocked to report back to your server admin.

Read the file; it's fully documented with comments.

Jeff
 
Thanks for that info. I understand now about the reporting back part but I'm wondering a bit more about the RBL part. I did a test by sending email to: [email protected] which then replies back that says my SBL block isn't working. Afterwards I get a second email containing:

Test message
.
250 OK id=1CDpaW-0002GR-F7
quit
Successful termination. As far as I can tell, the email was delivered.
That might not be what you want.


I understand what you mentioned about having local White/Black lists and blocking domains that way. I'm already doing that to some extent, but I'm just a little fuzzy on one area. Is there a way to have Exim go out and check a blacklist somewhere else (that is what spamhaus is...isn't it?) and based on those larger black lists reject or accept the mail?

The reason I'm really wondering about this is that before I installed SpamAssassin, I was getting around 300 spams per 12 hour period. After configuring SpamAssassin down to a 4.5 level I'm still getting 63 spams per last 12 hours.

Most of these spams have a 2.1 or 1.7 type SA level and obviously I can't go that low so I'm looking to really take full advantage of those big time blacklists out there maintained by organizations.

Thanks though for all the help so far. I'm still learning and soaking in as much information as possible. heh
 
Hey,

Is there a way to have Exim go out and check a blacklist somewhere else (that is what spamhaus is...isn't it?) and based on those larger black lists reject or accept the mail?
Click to expand...

Basically, yes, that's what the original post from fusionictnl was explaining.

As Jeff brought up, it can also be done a little differently using the latest exim release from DA.

David
 
Thanks for the info. I spent a good portion of today researching and looking and found the information I needed. it was quite simple and got the domains into the RBL block list that I want RBL's to block spam for.

One last question. Is there a place where I can get a comphrensive list of all RBL lists on the internet and then use all of those lists inside exim?
 
Also one other thing that I"m a little bit unsure of.

I see where in exim.conf that I need to replace www.example.com with my own domain/page. But I want to go a little bit more advanced than that. For example my DSL provider (frontiernet.net) has this which is replied from their exim file:

220-relay03.roc.ny.frontiernet.net ESMTP Postfix 220-. FrontierNet does not authorize the use of its computers
220-. and computer networks to accept, transmit, or distribute
220-. unsolicited bulk e-mail. Effective immediately,
220-. FrontierNet may no longer accept connections from IP
220-. addresses which have no reverse-DNS (PTR record) assigned.
220-.
220-. For more information, visit:
220-. http://postmaster.frontiernet.net
220
helo sbl.crynwr.com
250 relay03.roc.ny.frontiernet.net


What is the syntax do I need to use inside exim to do something similiar to that?
 
Hey,

Here's a link for "smtp_banner" for Exim that should help:

http://www.exim.org/exim-html-4.40/doc/html/spec_14.html#IX1383

Your actual code could be something like this:

smtp_banner = "$primary_hostname ESMTP Exim $version_number \
$tod_full \n\
.Company_Name_Here does not authorize the use of its computers \n\
.and computer networks to accept, transmit, or distribute \n\
.unsolicited bulk e-mail. \n\
.\n\
.For more information, visit: \n\
.http://website_to_visit_here"

You should be able to put it at the top of the exim.conf file after all the comments.

Of course, use at your own risk and back-up your exim.conf before editing it.

David
 
modem said:
Is there a place where I can get a comphrensive list of all RBL lists on the internet and then use all of those lists inside exim?
Click to expand...
This is about as comprehensive a list as you can find:
http://www.dnsstuff.com/tools/ip4r.ch?ip=192.0.34.166

If you use it you'll block a fairly large percentage of the spam servers on the Internet. Unfortunately you'll also block a fairly large percentage of servers that have never sent spam.

For example, one of the lists here blocks all email from:
Carribean Islands
Central America
China
Hong Kong
Korea
Mexico
Japan
Russia and the former Soviet republics
Singapore
South America
Taiwan
Thailand
Vietnam

Either you can study each of these lists yourself, become a contributing member of the anti-spam community yourself, and then get the benefit of the research you and others have done to determine which of these blocklists are reasonable...

or...

You can take the exim.conf file as is, and use the benefit of our years of research.

Jeff
 
Last edited:
modem said:
What is the syntax do I need to use inside exim to do something similiar to that?
Click to expand...
I believe it's a bit beyond the scope of this forum to teach how to modify the exim.conf file.

There are good resources at http://www.exim.org/.

You can also find a good exim book available at the same site; it's the Exim book published by UITCambridge. (Note that the O'Reilly book is for an old version and will NOT help you.)

Note also that we didn't use a multi-line error message because many MTAs and MUAs will only report the first line of the message. Which means the user who sent the bad email will never see the error.

Jeff
 
You must log in or register to reply here.
Back
Top