SpamBlocker-Powered exim.conf, Version 4

Majordomo should be sending mails with a Return-Path set to the list owner. Make sure your majordomo setup does that.

And make sure the list-owner is forwarded to a real person. List Management 101.

Jeff
 
Jeff,

Is it possible to block entire IP blocks by adding an IP Address range in the following manner 10.0.0.0/24 (I know this is not a public range) to the bad_sender_hosts_ip file or are we limited to one IP per line?
 
Yes, you can use standard notation; 10.0.0.0/24 is acceptable. To get it to work I had to make some changes and create a separate file; that's why this version has two *_ip files whereas Version 2 didn't.

Jeff
 
Why in smarthost section limits are not supposed to be checked?

Code: 
begin routers

lookuphost:
  driver = dnslookup
  domains = ! +local_domains
  ignore_target_hosts = 127.0.0.0/8
  condition = "${perl{check_limits}}"
  transport = remote_smtp
  no_more

# smarthost:
  # driver = manualroute
  # route_list = !+local_domains HOSTNAME-or-IP#
  # transport = remote_smtp
 
A simple oversight; when I first created the smarthost router I did it to fix a temporary problem I had with a machine being blocked. Then when I left it in I didn't give it much thought :(.

I've just changed it in my distribution master to match the lookuphost router; I've already uploaded it with a new distribution datestamp.

This is not tested but should work. Someone please test.

The ChangeLog has been updated.

Jeff
 
Hello jlasman,

I was looking through the spamblocker 4 exim file and readme file before I upgrade my server. Found a small typo in the dates:

I noticed in the SpamBlockerTechnology4.0-exim.conf.txt file, it states
Code: 
# Requires exim.pl as distributed by DirectAdmin here:
# http://files.directadmin.com/services/exim.pl Dated 09-Aug-2010 or later

In the readme:
Code: 
EDIT#4:
The location of the exim.pl file supplied with DirectAdmin.
Must be dated 28-Mar-2008 or later, from the DirectAdmin site:
http://files.directadmin.com/services/exim.pl

I also wanted to know, does this file get updated by any of the update scripts for directadmin? I recently rebuilt exim to upgrade to 4.72 but it seems like it doesn't update the /etc/exim.pl file at all.
 
Hello Jeff

jlasman said:
This is not tested but should work. Someone please test.
Click to expand...

One issue I've run into is verify sender with smarthost.
require verify = sender
Click to expand...
Results are always positive.

According to

http://www.gossamer-threads.com/lists/exim/users/27959
http://gagravarr.livejournal.com/79840.html

the changes was made:

Code: 
##-- lookuphost:
##--   driver = dnslookup
##--   domains = ! +local_domains
##--   ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8
##--   condition = "${perl{check_limits}}"
##--   transport = remote_smtp
##--   no_more

smarthost:
  driver = manualroute
  transport = remote_smtp
  verify_sender = false
  route_list = !+local_domains HOSTNAME-or-IP
  condition = "${perl{check_limits}}"

dnslookup:
  driver = dnslookup
  domains = ! +local_domains
  transport = remote_smtp
  verify_only
  ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8

now it's ok:

Code: 
2010-12-21 23:20:01 H=([41.95.4.57]) [41.95.4.57] sender verify fail for <[email protected]>: Unrouteable address
2010-12-21 23:21:22 H=([119.155.41.163]) [119.155.41.163] sender verify fail for <[email protected]>: all relevant MX records point to non-existent hosts
2010-12-21 23:22:11 H=([119.153.93.42]) [119.153.93.42] sender verify fail for <[email protected]>: Unrouteable address
2010-12-21 23:24:36 H=([119.153.93.42]) [119.153.93.42] sender verify fail for <[email protected]>: Unrouteable address
 
sorry for the stupid question i was trying to enable smarthost on my box and i dont understand how to edit this:

route_list = !+local_domains HOSTNAME-or-IP

i have put the server ip but when i try to send an email on log i see this:

Code: 
2010-12-21 19:50:34 1PV7I9-00010O-I5 <= [email protected] H=adsl-ull-242-214.50-151.net24.it ([192.168.1.7]) [151.50.214.242] P=esmtpsa X=TLSv1:AES256-SHA:256 A=plain:admin S=7883 [email protected] T="test2" from <[email protected]> for [email protected]
2010-12-21 19:50:34 cwd=/var/spool/exim 3 args: /usr/sbin/exim -Mc 1PV7I9-00010O-I5
2010-12-21 19:50:34 1PV7I9-00010O-I5 remote host address is the local host: reasonthat.com
2010-12-21 19:50:34 1PV7I9-00010O-I5 == [email protected] R=smarthost defer (-1): remote host address is the local host
2010-12-21 19:50:34 1PV7I9-00010O-I5 Frozen
 
Are you sure, you really need id?

If yes, change HOSTNAME-or-IP with IP of remote (NOT LOCAL) SMTP server, which is already configured for relaying outgoing emails from your server.
 
ah.. ok.. i totally missunderstood the smarthost function so, thot was veify hostname reverse on an IP... not for use an external smtp server

sorry
 
propcgamer said:
I was looking through the spamblocker 4 exim file and readme file before I upgrade my server. Found a small typo in the dates
Click to expand...
Use the latest one; I don't remember which one I actually used for testing, but the one on my site, here (nobaloney.net) is the one dated 09-Aug-2010.
I also wanted to know, does this file get updated by any of the update scripts for directadmin? I recently rebuilt exim to upgrade to 4.72 but it seems like it doesn't update the /etc/exim.pl file at all.
Click to expand...
I don't think it does, as it's a file you're free to customize.

Jeff
 
Jeff I would consider editing the default dnswl setting, I have mine now set to.

dnslists = list.dnswl.org&0.0.0.2

today alone it has whitelisted over 20 spam and when I looked up the ip's on dnswl's site they were all in the trust level none zone, so I assume the default config allows that level.

page here with some info.

http://www.dnswl.org/

Trust Level Description
High Never sends spam.
Medium Extremely rare spam occurrences, corrected promptly.
Low Occasional spam occurrences, actively corrected but less promptly.
This is the default for most categories.
None Legitimate mail server, may also send spam.
This is the default for some categories (eg Email Marketing Provider).
Click to expand...
 
Last edited:
From their website:
Trustworthiness / Score (127.0.x.Y):
* 0 = none - only avoid outright blocking (eg Hotmail, Yahoo mailservers, -0.1)
* 1 = low - reduce chance of false positives (-1.0)
* 2 = medium - make sure to avoid false positives but allow override for clear cases (-10.0)
* 3 = high - avoid override (-100.0).
Click to expand...
If we don't check we whitelist on all, none through high.

Because of their definition of none here:
none - only avoid outright blocking (eg Hotmail, Yahoo mailservers, -0.1)
Click to expand...
I believe we should whitelist all of their listed domains, and you should use SpamAssassin to make decisions after that.

This has worked for us. If you believe it doesn't work for you, then please explain why not.

Jeff
 
their site seems a bit contradictory.

I have emailed them for clarification as well as some spam logs.

They say to not whitelist low and none, so only put those to bypass blacklisting and greylisting, so rbl's and greylisting. They dont say for them to bypass generic spam checks. Is this all the exim whitelist config setting does? if yes then sorry I guess its fine.
 
The exim.conf file, as written by me, simply accepts mail instantly if it's in any whitelist. Then you do the rest with SpamAssassin.

You can write all the complexity into it you want. Just read up on how ACLs work.

Jeff
 
do you not see a problem with a whitelist instantly accepting spam senders?

you seem to be dodging the point I made.

I can stop giving feedback if it means nothing thats no problem.
 
Chrysalis said:
do you not see a problem with a whitelist instantly accepting spam senders?
Click to expand...
Are you asking about using an RBL whitelist, or the simple text-based whitelists I've included?

As for the former, I've not yet found any problems at all; the RBL groups seem to do their homework well.

As for the latter, we've found that spammers never write to be whitelisted.

Using the latest SpamBlocker powered exim.conf file, Version 4, the spam that gets through to to SpamAssassin is less than six per day on my main email address, and of that, over half is caught by SpamAssassin.

Anyway, that's what works for us.

Jeff
 
You must log in or register to reply here.
Back
Top