Adding a new custom RBL

[keat63]

I found an RBL yesterday which will supposedly block newly created domains.
SEM (Spam Eating Monkey)
Has anyone used this as an exim custom RBL.
I believe I applied this last night, but not entirly sure at this stage that I applied it correctly.
Just want to know if anyone else has used it, or know of any others which are proven to work.

 

[cPanelLauren]

Hi @keat63

I know for myself I haven't even heard of it before so I don't have a lot to add, I'd monitor it closely for a while to ensure it's not being too restrictive. This will, of course, stay open so others who may have used it can chime in.

Thanks!

 

[keat63]

I'm guessing that it's working on the basis that everyday I would see spam emails originating from what I'd call disposable TLD's.
.space, .date, .website, .loan, .club etc.
I've not seen any of these for 3 days now.

However, I can't see anything in exim reject log to indicate they were rejected.

 

[cPanelLauren]

I believe that's standard behavior for RBL's they're rejecting at SMTP time which means exim doesn't actually process them. Is there a mail transaction for the messages at all?

Thanks!

 

[keat63]

if I search exim reject log, I see rejections foe Spamhaus and Barracuda, but nothing for SEM.

Looking at the instructions for SEM, it would indicate that you add the config to spam assassin, I thought I'd take a chance and add the URL to exim config custom RBL and see what happens, hence my original post.

Something I need to keep my eye on for a few days more I guess.

 

[rpvw]

Hi @keat63

Nice find. I have added the SEM-FRESH30 and the SEM-URI to the Custom RBLs and will see if they have any impact.

Don't forget to enable them in your Exim Configuration Manager, and then Save the config so that Exim can rebuild the file and restart.

 

[keat63]

It will be interesting to see if someone else notices any impact.
Please keep me posted.

 

[rpvw]

I also added SEM-BLACK and SEM-BACKSCATTER and am already seeing good results from SEM-BLACK

 

[keat63]

I'n convinced something is working as its now been about 4 days.
The results you see from SemBlack, are these based on reductions, or are you observing something in log files ?

 

[rpvw]

Log files:
2018-10-26 11:06:00 H=server.someserver.tld (domain.tld) [95.110.207.71]:53287 F=<[email protected]> rejected RCPT <[email protected]>: "JunkMail rejected - server.someserver.tld (domain.tld) [12.34.56.78]:53287 is in an RBL: listed, see https : //spameatingmonkey.com/lookup/12.34.56.78"


In the mail delivery reports, I am seeing incoming messages blocked by the SEM RBL with a message like;

JunkMail rejected - server.someserver.tld (domain.tld) [12.34.56.78]:53287 is in an RBL: listed, see https : // spameatingmonkey.com/lookup/12.34.56.78

Domains and IP have been changed to protect the .... innocent ?

 

[keat63]

I'm not seeing any of this is any exim logs, so I'm confused.

 

[rpvw]

Does this help ?

 

[keat63]

Mine is slightly different. Thanks

 

[keat63]

where did you pickup the info URL from ?

 

[rpvw]

The info URL is optional, I just used the URL of the SEM services page.

The important one is the Query zone that goes in the DNS List, and all the ones you put in seem OK.

Just check that you have enabled the new Custom RBLs in the WHM >> Service Configuration >> Exim Configuration Manager RBL tab:


And don't forget to SAVE, and that should rebuild and restart the Exim/spam/clamav services.

Something like:

 

[keat63]

I have enabled them.
Just not seeing any rejections, but yet those spam emails have stopped since monday.

Odd.

 

[rpvw]

Well if it's working ...... probably time for a beer

 

[keat63]

Its Friday, beer is a must.

 

[keat63]

when you added these to your custom RBL list, did you do anything else other than enable and restart exim.
I've come in this morning and found a number of spam emails, from domains that were created at the weekend.
And still see no reference to SEM in exim reject logs

 

[rpvw]

Nope - I did nothing other than to add the custom RBLs, enable them in the Exim Configuration Manager and then SAVE at the bottom of the page which rebuild and restarts Exim and clamd and spamd.

I have had 224 spam emails blocked by SEM since installation