Adding a new custom RBL

keat63

Well-Known Member
Nov 20, 2014
1,956
266
113
cPanel Access Level
Root Administrator
I found an RBL yesterday which will supposedly block newly created domains.
SEM (Spam Eating Monkey)
Has anyone used this as an exim custom RBL.
I believe I applied this last night, but not entirly sure at this stage that I applied it correctly.
Just want to know if anyone else has used it, or know of any others which are proven to work.
 

cPanelLauren

Product Owner
Staff member
Nov 14, 2017
13,273
1,281
313
Houston
Hi @keat63

I know for myself I haven't even heard of it before so I don't have a lot to add, I'd monitor it closely for a while to ensure it's not being too restrictive. This will, of course, stay open so others who may have used it can chime in.

Thanks!
 

keat63

Well-Known Member
Nov 20, 2014
1,956
266
113
cPanel Access Level
Root Administrator
I'm guessing that it's working on the basis that everyday I would see spam emails originating from what I'd call disposable TLD's.
.space, .date, .website, .loan, .club etc.
I've not seen any of these for 3 days now.

However, I can't see anything in exim reject log to indicate they were rejected.
 

cPanelLauren

Product Owner
Staff member
Nov 14, 2017
13,273
1,281
313
Houston
I believe that's standard behavior for RBL's they're rejecting at SMTP time which means exim doesn't actually process them. Is there a mail transaction for the messages at all?

Thanks!
 

keat63

Well-Known Member
Nov 20, 2014
1,956
266
113
cPanel Access Level
Root Administrator
if I search exim reject log, I see rejections foe Spamhaus and Barracuda, but nothing for SEM.

Looking at the instructions for SEM, it would indicate that you add the config to spam assassin, I thought I'd take a chance and add the URL to exim config custom RBL and see what happens, hence my original post.

Something I need to keep my eye on for a few days more I guess.
 
  • Like
Reactions: cPanelLauren

rpvw

Well-Known Member
Jul 18, 2013
1,101
466
113
UK
cPanel Access Level
Root Administrator
Hi @keat63

Nice find. I have added the SEM-FRESH30 and the SEM-URI to the Custom RBLs and will see if they have any impact.

Don't forget to enable them in your Exim Configuration Manager, and then Save the config so that Exim can rebuild the file and restart.
 
  • Like
Reactions: cPanelLauren

rpvw

Well-Known Member
Jul 18, 2013
1,101
466
113
UK
cPanel Access Level
Root Administrator
I also added SEM-BLACK and SEM-BACKSCATTER and am already seeing good results from SEM-BLACK
 

keat63

Well-Known Member
Nov 20, 2014
1,956
266
113
cPanel Access Level
Root Administrator
I'n convinced something is working as its now been about 4 days.
The results you see from SemBlack, are these based on reductions, or are you observing something in log files ?
 

rpvw

Well-Known Member
Jul 18, 2013
1,101
466
113
UK
cPanel Access Level
Root Administrator
Log files:
2018-10-26 11:06:00 H=server.someserver.tld (domain.tld) [95.110.207.71]:53287 F=<[email protected]> rejected RCPT <[email protected]>: "JunkMail rejected - server.someserver.tld (domain.tld) [12.34.56.78]:53287 is in an RBL: listed, see https : //spameatingmonkey.com/lookup/12.34.56.78"


In the mail delivery reports, I am seeing incoming messages blocked by the SEM RBL with a message like;
JunkMail rejected - server.someserver.tld (domain.tld) [12.34.56.78]:53287 is in an RBL: listed, see https : // spameatingmonkey.com/lookup/12.34.56.78
Domains and IP have been changed to protect the .... innocent ? o_O
 
Last edited:
  • Like
Reactions: cPanelLauren

rpvw

Well-Known Member
Jul 18, 2013
1,101
466
113
UK
cPanel Access Level
Root Administrator
Does this help ?

Screenshot_2018-10-26 WHM [echo] Manage Custom RBLs - 74 0 9.png
 
  • Like
Reactions: Gino Viroli

rpvw

Well-Known Member
Jul 18, 2013
1,101
466
113
UK
cPanel Access Level
Root Administrator
The info URL is optional, I just used the URL of the SEM services page.

The important one is the Query zone that goes in the DNS List, and all the ones you put in seem OK.

Just check that you have enabled the new Custom RBLs in the WHM >> Service Configuration >> Exim Configuration Manager RBL tab:

Screenshot-2018-10-26 WHM [echo] Exim Configuration Manager - 74 0 9.png
And don't forget to SAVE, and that should rebuild and restart the Exim/spam/clamav services.

Something like:

Screenshot-2018-10-26 WHM [echo] Exim Configuration Manager - 74 0 9(1).png
 
Last edited:

rpvw

Well-Known Member
Jul 18, 2013
1,101
466
113
UK
cPanel Access Level
Root Administrator
Well if it's working ...... probably time for a beer :-D
 

keat63

Well-Known Member
Nov 20, 2014
1,956
266
113
cPanel Access Level
Root Administrator
when you added these to your custom RBL list, did you do anything else other than enable and restart exim.
I've come in this morning and found a number of spam emails, from domains that were created at the weekend.
And still see no reference to SEM in exim reject logs
 

rpvw

Well-Known Member
Jul 18, 2013
1,101
466
113
UK
cPanel Access Level
Root Administrator
Nope - I did nothing other than to add the custom RBLs, enable them in the Exim Configuration Manager and then SAVE at the bottom of the page which rebuild and restarts Exim and clamd and spamd.

I have had 224 spam emails blocked by SEM since installation