The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

advanced editing exim.conf questions

Discussion in 'General Discussion' started by troubleshooter, Sep 10, 2007.

  1. troubleshooter

    Joined:
    Feb 22, 2003
    Messages:
    16
    Likes Received:
    0
    Trophy Points:
    1
    I've searched the forums and google and been unable to find answers to several questions about editing exim.conf. Perhaps I haven't used the right search terms.

    1. RBLs: Prior to the cpanel upgrade to the new way exim works with spamassassin, I used RBLs other than the ones currently given an option for. How can you add additional RBLs? It seems that now the RBLs are represented by [% ACL_RBL_BLOCK %] that I cannot edit. I thought of copying the ACL used by cpanel and then unchecking the options to use RBLs in the Standard Options section then manually adding the block in so I could edit it. Will that work or is there another way to do this?

    2. Reject Spam Score: The lowest I can set it is 10 using cPanel Standard Options. I usually use 7.5 which worked well for my setup. How can I change the score? It's set in the [% ACL_SPAM_BLOCK %] that I cannot edit. I also used custom messages that my users could filter on for other scores. I thought of copying the ACL used by cpanel and then unchecking the options in the Standard Options section then manually adding the block in so I could edit it. Will that work or is there another way to do this?

    3. New [% ACL_CONNECT_BLOCK %] and [% ACL_NOTQUIT_BLOCK %]: I had some custom ACLs which I used to check HELO and a few other things before the last upgrade and it worked fine. After the last upgrade, I had to add back in all of my custom ACLs. Now I am getting paniclog messages about being unable to use deny in those sections. I've tried playing around with placing the rules in various places, but it seems that no matter what I do, I get the panic log messages. The ACLs checked HELO and dropped messages for certain recipient addresses which are not users that are known spam targets and blocked senders which are known spammers.

    Any guidance would be appreciated.

    Thanks,
    Terry
     
  2. mctDarren

    mctDarren Well-Known Member

    Joined:
    Jan 6, 2004
    Messages:
    664
    Likes Received:
    2
    Trophy Points:
    18
    Location:
    New Jersey
    cPanel Access Level:
    Root Administrator
    Terry,

    I came across your post while searching for more information on the ACL_CONNECT_BLOCK. Sorry that no one responded to you before now!

    I've done just what you were thinking of doing. I've unchecked all the new options, checked the box that keeps me using the old transport style configuration and am adding/editing my own ACL information. My main reason for doing so is that I using Chirpy's MailScanner+SA set up.

    To this point, I have left ACL_SPAM_BLOCK and ACL_CONNECT_BLOCK alone, simply because I've been too busy. But yesterday I started to see how I could tighten things a bit more and I am starting to mess around with ACLs, the exim.antivirus file and adding my own checks and balances. So far things seem to be working well.

    If you're still checking in for responses to this, let me know how you are making out. :)
     
  3. troubleshooter

    Joined:
    Feb 22, 2003
    Messages:
    16
    Likes Received:
    0
    Trophy Points:
    1
    Thanks for the response.

    What I ended up doing was this:

    1 went into advanced editor and marked off those sections in the advanced editor where the [ACL_WHATEVER_BLOCKS] appeared with a start and stop, ie

    #START [%ACL_NOTQUIT_BLOCK%]
    [%ACL_NOTQUIT_BLOCK%]
    #END [%ACL_NOTQUIT_BLOCK%]

    I saved that then backed up the exim.conf file. I did this so I could see exactly what was loaded into exim.conf that wasn't being displayed in the advanced editor.

    I then unchecked the RBL and Spam Score sections in the WHM editor and saved that. Once I did that, I went back into the advanced editor, added the ACLs for Spam Score and RBLs from the backup copy of exim.conf right before the respective blocks, made the changes I wanted to make and saved it. Worked just fine. That took care of problems 1 and 2.

    I left ACL_NOTQUIT_BLOCK and ACL_CONNECT_BLOCK alone as it has to do with rate limiting and the comments say the NOTQUIT is needed by exim amongst other things. The settings for that work for me so there was no need to customize it. I figured out that I needed to place my custom ACLs after the check_recipient: line and then they worked just fine.

    Hope that helps.

    Terry
     
    #3 troubleshooter, Sep 24, 2007
    Last edited: Sep 24, 2007
  4. mctDarren

    mctDarren Well-Known Member

    Joined:
    Jan 6, 2004
    Messages:
    664
    Likes Received:
    2
    Trophy Points:
    18
    Location:
    New Jersey
    cPanel Access Level:
    Root Administrator
    Thanks. After a bit more research last night (Stopped @ 3AM! Yikes!) I came to the same conclusion. Although I'm not sure what your comments in front of the ratelimit markers will do. I simply added my custom acl lines between the acl start statement and the marker, so it looks like this now:

    Code:
    acl_connect:
    accept
      condition = ${if match_ip{$sender_host_address}{iplsearch;/etc/ip_whitelist}{1}}
    accept
      hosts = +ip_whitelist
    [% ACL_CONNECT_BLOCK %]
    
    This effectively allows me to have a file at /etc/ip_whitelist that contains IPs that I don't want to ratelimit. Originally I thought you meant you were getting ratelisting messages for emails that you wanted to come through. I see now what you meant. Your ACLs were in the wrong spots. Been there, done that for sure. Glad you got it worked out. Happy spam blocking!
     
Loading...

Share This Page