SpamBlocker-Powered exim.conf, Version 4

nobaloney

NoBaloney Internet Svcs - In Memoriam †
Joined
Jun 16, 2003
Messages
26,119
Location
California
SpamBlocker-Powered exim.conf, Version 4 is ready!

After four years or so, the new SpamBlocker-powered exim.conf file is now released for immediate availability.

Features:
  • Much better documentation; almost every line is documented
  • Optional defined smtp connect-time ACL for more control
  • Better detection of incorrect hostnames at helo time
  • Rejection of mailer-daemon replies if server didn't send email
  • Choice of blocking order: choose either block for all domains except those on exclusion list, or block for no domains except those on inclusion list
  • Local and DNS-based whitelists
  • Local and DNS-based blocklists
  • A newly-updated selection of DNS-based blocklists, including some which may not be free to use depending on your usage patterns
  • A single list of DNS-based blocklists makes it easier to see what you're using, and to make changes as required/desired
  • Optional blocking of local relay submission on localhost
  • Blocking of .html attachments by default to block recent attacks
  • Optional integration with SpamAssassin
  • Optional integration with ClamAV
  • Easy Spam Fighter (ESF)
  • Block Cracking (BC)
Requirements:
  • Exim 4.60 or later, compiled for DirectAdmin
  • Dovecot / Maildir
New: Installation is available

More information and download available at the NoBaloney Internet Services website.
 

tristan

Verified User
Joined
Feb 11, 2005
Messages
403
Location
The Netherlands
Fantastic, congrats on the release, does this also mean version 4 is suitable for production servers as of now?
 

nobaloney

NoBaloney Internet Svcs - In Memoriam †
Joined
Jun 16, 2003
Messages
26,119
Location
California
It's suitable for mine. It's been working on two of them for about a week since the last change.

That's one of the reasons for the delay; another reason was so I could release it with the documentation.

Jeff
 

rocketcity

Verified User
Joined
Aug 18, 2005
Messages
162
I just updated one of our servers to the new SpamBlockerTechnology powered conf file along with exim.pl. Everything appears to be working fine, but I am seeing the following error in the "/var/log/exim/mainlog" file.

Code:
2010-09-24 16:09:29 unknown named host list "+relay_hosts"
Any idea what would be causing this?
 
Last edited:

nobaloney

NoBaloney Internet Svcs - In Memoriam †
Joined
Jun 16, 2003
Messages
26,119
Location
California
Does your newly-installed copy of exim.conf have these lines:
Code:
#EDIT#16:
# hostlist relay_hosts = net-lsearch;/etc/virtual/pophosts : 127.0.0.1
The # mark at the beginning of the second line is an error. (I'll fix it in our distribution file within an hour or two.)

Remove the # mark and restart exim.

Jeff
 

nobaloney

NoBaloney Internet Svcs - In Memoriam †
Joined
Jun 16, 2003
Messages
26,119
Location
California
Thanks for bringing the error to my attention.

Update made in our distribution file. Note we're no longer adding version numbers for very minor changes; instead the date-time stamp will be the indicator.

Jeff
 

Peter Laws

Verified User
Joined
Sep 13, 2008
Messages
1,747
Location
London UK
Will this version be used by JBMC by default in time, or will it be just for manual (self) installs?
 

nobaloney

NoBaloney Internet Svcs - In Memoriam †
Joined
Jun 16, 2003
Messages
26,119
Location
California
That will be entirely up to them. I know John has looked at it already.

There are some additional files required, and of course it requires that Maildir/Dovecot be installed. It may require contents of one file to be moved to two other files.

DirectAdmin and in fact anyone else can reuse or redistribut it in any manor; as long as it stays under the GNU General Public License.

Jeff
 

lgatzoulis

Verified User
Joined
Nov 11, 2006
Messages
7
it seems that SpamBlocker4 breaks compatibility with 'pop before smtp' and only accepts smtp authentication via username/password.

there are several embedded email clients (in fax machines for example) that support only "pop before smtp" and cannot send email

R1: HELO should be a FQDN or address literal (See RFC 2821 4.1.1.1)

any suggestions how to fix this?
 

nobaloney

NoBaloney Internet Svcs - In Memoriam †
Joined
Jun 16, 2003
Messages
26,119
Location
California
Have you read the README file? This is covered in the README (nobaloney.net) file, at EDIT#27.

Jeff
 

lgatzoulis

Verified User
Joined
Nov 11, 2006
Messages
7
I have read the README (many times actually) but it's doesn't give an answer to what I was pointing out.

I DO want my SMTP to require authentication but also to accept it in the form of POP before SMTP.

The da-popb4smtp keeps track of logins by writing to file pophosts_user. Is there a way to use this file to enable this kind of access?
 

nobaloney

NoBaloney Internet Svcs - In Memoriam †
Joined
Jun 16, 2003
Messages
26,119
Location
California
I've made no changes to exim.conf to disable popb4smtp, and the file still exists and should work. My feeling is the problem is that the helo requirement is blocking the user, and the only way I know how to solve that is to change the helo requirement.

Because you posted
R1: HELO should be a FQDN or address literal (See RFC 2821 4.1.1.1)
I presume that's what you think as well.

Jeff
 

AndriesLouw

Verified User
Joined
Jan 4, 2008
Messages
28
Location
Sneek, Netherlands
I'm also getting various "R1" messages with SpamBlocker 4 in my mainlog from valid users of our SMTP server:
"R1: HELO should be a FQDN or address literal (See RFC 2821 4.1.1.1)".

Users are using Outlook, and didn't have any problems sending with SpamBlocker 3.

How do I debug such problems further? Can I detect/find out which HELO they did send?
 

AndriesLouw

Verified User
Joined
Jan 4, 2008
Messages
28
Location
Sneek, Netherlands
For your information, below the exact messages, both are valid users, it's their own IP, they try to send valid e-mails, and they are customers of us:

Code:
2010-10-06 10:29:43 H=###-84-106-208.adsl.xs4all.nl (GebruikerPC) [83.163.5.###] F=<info@###.nu> rejected RCPT <###@gmail.com>: R1: HELO should be a FQDN or address literal (See RFC 2821 4.1.1.1)
2010-10-06 10:29:43 H=###-84-106-208.adsl.xs4all.nl (GebruikerPC) [83.163.5.###] incomplete transaction (QUIT) from <info@###.nu>
2010-10-06 10:29:45 H=###-163-177-140.adsl.xs4all.nl (hoofdpc) [83.163.177.###] F=<info@###.nl> rejected RCPT <###@###.nl>: R1: HELO should be a FQDN or address literal (See RFC 2821 4.1.1.1)
2010-10-06 10:29:53 H=###-163-177-140.adsl.xs4all.nl (hoofdpc) [83.163.177.###] incomplete transaction (QUIT) from <info@###.nl>
 
Last edited:

AndriesLouw

Verified User
Joined
Jan 4, 2008
Messages
28
Location
Sneek, Netherlands
Sorry for my double-double post, but the problems seem to be related to popb4smtp;

If you use POP-authentication before SMTP, error "R1: HELO should be a FQDN or address literal (See RFC 2821 4.1.1.1)" is triggered, because the user isn't authenticated.

If you let the user change his/her settings to use SMTP-authentication with user/pass, all problems are solved. At least this worked for my users.

Is it possible to change the message if the user isn't authenticated, instead of trowing a confusing "HELO"-error? Because the problem isn't the HELO but the authentication that's missing.
 

nobaloney

NoBaloney Internet Svcs - In Memoriam †
Joined
Jun 16, 2003
Messages
26,119
Location
California
You can change the message to anything you want.

However the problem IS because HELO is incorrect. If the user is authenticated, then HELO isn't checked.

HELO is incorrect because local (desktop) machines generally don't identify themselves ins HELO with as fully qualified domain name.

If you remove the HELO check and the user isn't authenticated, then another ACL will catch that an unauthenticated user is trying to relay through the server, and a different error will be generated.

However, then spammers who send email from their desktop machines (generally compromised desktop machines) will be able to spam recipients on your server.

Be sure to restart exim after making any changes to the exim.conf file.

Jeff
 

chronic

Verified User
Joined
Dec 14, 2006
Messages
53
Does your newly-installed copy of exim.conf have these lines:
Code:
#EDIT#16:
# hostlist relay_hosts = net-lsearch;/etc/virtual/pophosts : 127.0.0.1
The # mark at the beginning of the second line is an error. (I'll fix it in our distribution file within an hour or two.)

Remove the # mark and restart exim.

Jeff
I've made this modify but messages in paniclog persist, any ideas on how to resolve this?

010-10-06 14:44:35 unknown named host list "+relay_from_hosts"
 

nobaloney

NoBaloney Internet Svcs - In Memoriam †
Joined
Jun 16, 2003
Messages
26,119
Location
California
You've found another error in the new file. It's not a critical error mail delivery, because it stops delivery, but without notice to the sending (spamming) server, as it should, but it still needs to be fixed so it will notify the sending server.

Replace
Code:
+relay_from_hosts
with
Code:
+relay_hosts
and restart exim.

I've changed the distribution code.

I'll create a new thread with a changelog in the next few days.

Jeff
 
Top