White listing a relay host

PBilodeau

Verified User
Joined
Jan 10, 2009
Messages
11
I'm not sure I am posting in the right forum section, so please let me know if not. I can repost wherever you'll tell me to (or the Admin can probably move the thread in a better area).

Here is my problem:
One of the main Internet Service Provider of my area, Bell Canada, have had some of their relay hosts blacklisted by SORBS as being spammer hosts. SpamBlocker does what it's supposed to do in this case, and rejects any email it receives from those hosts. The problem is that many of my clients are using this ISP to send/relay their emails, and they get rejected by my server as spam mail...

I have the following lines in my exim.conf file:

deny message = Email blocked by SORBS (spam) - Listed at $dnslist_domain\n$dnslist_text
# only for domains that do want to be tested against RBLs
domains = +use_rbl_domains
dnslists = dnsbl.sorbs.net=127.0.0.6


It generates entries like this in the reject.log:

2009-05-25 14:18:47 H=tomts52-srv.bellnexxia.net [209.226.175.177] F=<address@domain.com> rejected RCPT <address@domain.com>: Email blocked by SORBS (spam) - Listed at dnsbl.sorbs.net

I have tried to add "bellnexxia.net" in the /etc/virtual/whitelist_domains file, but it didn't change anything. I guess it's normal since bellnexxia.net is a "relay", not an email "domain".

So the question is... Where can I add the "bellnexxia.net" relay domain name so that emails relayed through a server in that domain are NOT blocked by spam blocker?

Sub-question: I also have SpamAssassin running on the server. I want all emails to continue to be scanned by SpamAssassin, whether I whilelist the relay host for SpamBlocker or not.

Thanks in advance!
 

ju5t

Verified User
Joined
Sep 14, 2005
Messages
384
I presume they authenticate using your server. In that case, change the lines you have posted earlier to the below:

Code:
deny message = Email blocked by SORBS (spam) - Listed at $dnslist_domain\n$dnslist_text
# only for domains that do want to be tested against RBLs
domains = +use_rbl_domains
!authenticated = *
dnslists = dnsbl.sorbs.net=127.0.0.6
This will stop rbl scanning on authenticated sessions. Perhaps worth the discussion in another topic if this is a proper solution, because I'm pretty sure Jeff has put some thought in this.

Edit: forget about your other question. As far as whitelist_domains is concerned; this is used in ACL's if I've scanned the exim.conf properly. SpamAssassin is called after ACL's have been processed so that should not affect eachother.
 
Last edited:

PBilodeau

Verified User
Joined
Jan 10, 2009
Messages
11
Thanks for the idea but it does not applies.

Mail goes from UserX@CompanyY to UserZ@CompanyA.

CompanyY is NOT my client. They use BellNexxia as their SMTP server.

CompanyA IS my client, and they are using my mail server running exim/DA/SpamBlocker/SpamAssassin.

When the SMTP server of CompanyY (BellNexxia) tries to send an email to the UserZ@CompanyA, the SMTP server of CompanyA (my server) rejects the connection from BellNexxia.

CompanyY not being my client, they obviously do not authenticate on CompanyA's mail server to deliver emails.

I need a way to whitelist the smtp relay "BellNexxia", so that I keep using SORBS but add an exception for some relay hosts.

I hope this clarifies.
 

czotos

Verified User
Joined
Oct 19, 2007
Messages
216
I guess you could try contacting the folks at BellNexxia and ask them to provide the list of IP addresses (or hostnames) of their outgoing SMTP mail servers, which you can then add to your whitelist hosts file in /etc/virtual/ .

A second option would be to remove the SORBS checking by commenting it out in your /etc/exim.conf file, like so:

#deny message = Email blocked by SORBS (spam) - Listed at $dnslist_domain\n$dnslist_text
# only for domains that do want to be tested against RBLs
#domains = +use_rbl_domains
#dnslists = dnsbl.sorbs.net=127.0.0.6
Restart Exim and everything should be okay!!
 

PBilodeau

Verified User
Joined
Jan 10, 2009
Messages
11
I guess you could try contacting the folks at BellNexxia and ask them to provide the list of IP addresses (or hostnames) of their outgoing SMTP mail servers, which you can then add to your whitelist hosts file in /etc/virtual/ .
So if I understand you properly, the IP addresses I put in the whitelist hosts file refer to the last SMTP RELAY HOST, and not the user's PC address where the email was ORIGINALLY sent from?

A second option would be to remove the SORBS checking by commenting it out in your /etc/exim.conf file, like so
I already did, a few days ago. Thanks.
Unfortunately I then started to get complaints that my clients where getting wayyy too many spam mails since I removed the SORBS list, hence my request here on a way to reenable SORBS while excluding some SMTP hosts from being checked.
 

ju5t

Verified User
Joined
Sep 14, 2005
Messages
384
Thanks for the idea but it does not applies.

Mail goes from UserX@CompanyY to UserZ@CompanyA.

CompanyY is NOT my client. They use BellNexxia as their SMTP server.
Sorry, probably got mixed up by the following:

The problem is that many of my clients are using this ISP to send/relay their emails, and they get rejected by my server as spam mail..
You probably meant receive :)

So if I understand you properly, the IP addresses I put in the whitelist hosts file refer to the last SMTP RELAY HOST, and not the user's PC address where the email was ORIGINALLY sent from?
Yes, that is correct. The SMTP server of BellNexxia is connecting to your server, their client is just connecting to BellNexxia's.

If BellNexxia are sending e-mail from the same IP range, you could add the following to /etc/virtual/whitelist_hosts.

Code:
192.168.1.0/24
That would save you the hassle of adding 256 IP's.
 

nobaloney

NoBaloney Internet Svcs - In Memoriam †
Joined
Jun 16, 2003
Messages
26,119
Location
California
Beginning with the next release of SpamBlocker there's a whitelist of all known ISP mailservers; it would probably help. it's not yet in a release candidate.

To use it find these lines:
Code:
# allow local users to send outgoing messages using slashes
# and vertical bars in their local parts.
# Block outgoing local parts that begin with a dot, slash, or vertical
# bar but allows them within the local part.
# The sequence \..\ is barred. The usage of @ % and ! is barred as
# before. The motivation is to prevent your users (or their virii)
# from mounting certain kinds of attacks on remote sites.
  deny  domains       = !+local_domains
        local_parts   = ^[./|] : ^.*[@%!] : ^.*/\\.\\./
and then under that section, put this code:
Code:
# dnswl.org whitelist (whitelist official ISP servers)
# accept if IP# is listed at dnswl.org as whitelisted
  accept log_message = Found in list.dnswl.org
         domains = +local_domains
         hosts = !+relay_hosts
         !authenticated = *
         dnslists = list.dnswl.org
Note: there's a reason this isn't published yet. I'm still testing it. It should work, but it may increase your spam load.

Don't forget to restart exim any time you make a change to the exim.conf file.

Jeff
 

transmobius

Verified User
Joined
Jan 11, 2006
Messages
49
SORBS May Be Going Away

You may want to just go ahead and comment-out the SORBS stanza anyway:

http://www.au.sorbs.net/
"It comes with great sadness that I have to announce the imminent closure of SORBS. The University of Queensland have decided not to honor their agreement with myself and SORBS and terminate the hosting contract."
 

nobaloney

NoBaloney Internet Svcs - In Memoriam †
Joined
Jun 16, 2003
Messages
26,119
Location
California
As I've posted earlier today in another thread, there will be new versions of SpamBlocker available before Sorbs shuts down. I'm working on it today.

Jeff
 

nobaloney

NoBaloney Internet Svcs - In Memoriam †
Joined
Jun 16, 2003
Messages
26,119
Location
California
Some reasons why I most likely won't:

They've made a bad name for themselves over the years because they won't remove anyone who doesn't donate in their name to charity, the amount to be decided by Sorbs.

The service uses quite a bit of bandwidth and currently uses systems requiring an entire cabinet; my current cabinet cost is too high.

They don't want to transfer it; they want to sell it.

Jeff
 
Top