setup blacklist

[centaur777]

Hi

Need a bit of advice on something not covered in WHM manual.
Am using WHM 10.8 with exim-4.52-7 and trying to setup spam blacklist in Exim.

In WHM->Exim config->Advanced Mode I am adding the following lines after
accept hosts = :

#**# RBL List Begin
# Always accept mail to postmaster & abuse
#
accept domains = +local_domains
local_parts = postmaster:abuse

# Check sending hosts against DNS black lists.
drop dnslists = relays.ordb.org :\
sbl.spamhaus.org :\
!hosts = +relay_hosts
!authenticated = *

message = your mail server $sender_host_address is in a black list \
at $dnslist_domain ($dnslist_text)
#**# RBL List End

1. Does the above need correction because upon scrolling way down I saw accept domains = +local_domains is already there under the following:

#sender verifications are required for all messages that are not sent to lists
require verify = sender
accept domains = +local_domains
endpass

Do we need to repeat accept domains = +local_domains in RBL section also?

2. Syntax should be "message =" or "deny message ="? Should it come before drop dnslists line or after?

3. !hosts = +relay_hosts Is that needed in RBL also? I ask this because it seems to be already there under:

warn message = ${perl{popbeforesmtpwarn}{$sender_host_name}}
hosts = +relay_hosts
accept hosts = +relay_hosts

Thanks for your advice.

[chirpy]

The key with ACL's is to remember that consecutive lines form a single ACL and spaces between lines delineate them. So:

1. This:

Code:

accept domains = +local_domains
local_parts = postmaster:abuse

Is a single ACL that says to accept email for domains in local_domains that are addressed to postmaster@ or abuse@

It has no bearing on the later use of accept domains wihich is a separate ACL.

2. The ACL you quoted appears to have a blank line where there shouldn't be one, i.e. to me it looks like it should be:

Code:

drop dnslists = relays.ordb.org :\
sbl.spamhaus.org :\
!hosts = +relay_hosts
!authenticated = *
message = your mail server $sender_host_address is in a black list \
at $dnslist_domain ($dnslist_text)

it then makes sense.

3. Again, each reference of that line is relevant only to the ACL within which it is being used.

A good set of inline RBL ACL's can be had from:
http://www.rvskin.com/index.php?page=public/antispam

[centaur777]

I studied http://www.rvskin.com/index.php?page=public/antispam and added below lines after require verify = sender in the ACL section.

Objective : EXIM to reject mails from spammers blacklisted in spamhaus.org and
ordb.org.

Result: The lines seem to work so far.

deny message = your mail server $sender_host_address is in a black list \
at $dnslist_domain ($dnslist_text)
!hosts = +relay_hosts
!authenticated = *
dnslists = relays.ordb.org :\
sbl.spamhaus.org :\

1. Any refinements in the code?

2. Just curious why some people use "deny message=" and some use "message=" in the above ACL. Do both work similarly? Also some people use "dnslists=" and some use "drop dnslists=" in that ACL. Is this because of different verions of EXIM in the past?

3. I have added !hosts = +relay_hosts and !authenticated = * in above ACL.
Will my users now be able to send mail to addresses blacklisted at Spamhaus?

Regards