using blacklists to deny connections
- Thread starter ReN
- Start date
nobaloney
NoBaloney Internet Svcs - In Memoriam †
DirectAdmin's version of the exim.conf file already does that; see the files in /etc/virtual/bad* and /etc/virtual/black*
No need to restart exim.
Whitelists available too, see /etc/virtual/whitelist*
Whitelists are absolute; they can be used to whitelist email sources which otherwise will be blocked by blacklists.
But be careful; if you whitelist a sender or a domain, that sender or domain can be used to open-relay through the server; recommended only to use temporarily while searching for the hostname.
Not much definition available in the standard exim.conf file which comes with DirectAdmin, but you can search the exim.conf file to see how they're used.
Or visit my site: http://www.nobaloney.net/spamblocker.html to find information on my enhanced file; it comes with complete documentation.
Jeff
No need to restart exim.
Whitelists available too, see /etc/virtual/whitelist*
Whitelists are absolute; they can be used to whitelist email sources which otherwise will be blocked by blacklists.
But be careful; if you whitelist a sender or a domain, that sender or domain can be used to open-relay through the server; recommended only to use temporarily while searching for the hostname.
Not much definition available in the standard exim.conf file which comes with DirectAdmin, but you can search the exim.conf file to see how they're used.
Or visit my site: http://www.nobaloney.net/spamblocker.html to find information on my enhanced file; it comes with complete documentation.
Jeff
ReN
Verified User
- Joined
- Jul 2, 2005
- Messages
- 172
My apologise Jeff , i should have been more clear....i'd like to use the dnsbl to deny at/on or just after they even try to connect to exim let alone try to send emails. My main goal is to take some pressure off my firewall processing bruteforce attempts vs exim, as i'm noticing alot of the ips are already in most of these dnsbls'. Yes i am using your spamblocker v3, might be time to update to 4 
Last edited:
zEitEr
Super Moderator
Hello,
Isn't dnsbl enabled on your server yet? You can do it on administrator's settings page in Directadmin.
Isn't dnsbl enabled on your server yet? You can do it on administrator's settings page in Directadmin.
zEitEr
Super Moderator
Are you sure? If so, then you should check with your datacenter whether they or not can block IPs according to public lists of spamhosts. I doubt that is a good idea to block all those numerous IPs with firewall (iptables) on your server with DA.
Exim with RBL enabled can block hosts even if SpamAssassin is not running. Check this: http://help.directadmin.com/item.php?id=142
nobaloney
NoBaloney Internet Svcs - In Memoriam †
When I first implented DNSBLs in the exim.conf file I thought this out very careful. At the time general best practices was to block only after acl_check_recipient so as not to tell the spammer whether the problem was the sender or recipient. I suppose you could block earlier, but I don't because there are lots of other reasons you could block, reasons which are less resource intensive than even a DNS lookup. For example, you may be using a blocklist which will charge you based on how many lookups you do.
But yes, you should be able to put it into acl_connect if you wish.
Jeff
But yes, you should be able to put it into acl_connect if you wish.
Jeff
You should indeed take care that you don't query rbl's like spamhaus too often or they will blacklist you unless you get their commercial variant.
We have setup an internal dnsserver where we register everybody who tried funny stuff (which we gather from the logs on all of our servers).
This way we only need to register ip's that actually get at our servers and we don't have to query public rbl's for every 'hit'. Most queries on the internal dns take less than 1/1000ths of a second and they stay cached for a while on each host so the impact is less than nothing.
If an ip is not yet registered in our local dns/rbl, spamassassin will, in the end, query the public rbl's anyway, resulting in an already cached dns query that can be used to add the ip to your local dns.
We have setup an internal dnsserver where we register everybody who tried funny stuff (which we gather from the logs on all of our servers).
This way we only need to register ip's that actually get at our servers and we don't have to query public rbl's for every 'hit'. Most queries on the internal dns take less than 1/1000ths of a second and they stay cached for a while on each host so the impact is less than nothing.
If an ip is not yet registered in our local dns/rbl, spamassassin will, in the end, query the public rbl's anyway, resulting in an already cached dns query that can be used to add the ip to your local dns.
ReN
Verified User
- Joined
- Jul 2, 2005
- Messages
- 172
Thank you for discussing this, you guys bring up some great points i truely did not think of, much food for thought. a perl script to parse the necessary log to a custom exim local block list and add this file to the acl_connect ...... i likey
Last edited: