The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Can RBL ignore authenticate users?

Discussion in 'General Discussion' started by tmallardi, Jul 5, 2006.

  1. tmallardi

    tmallardi Well-Known Member

    Joined:
    Jan 18, 2005
    Messages:
    69
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    El Paso, TX
    I have a number of customers who travel with their notebook computers. Obviously it's a hassle for them to reconfigure SMTP servers every time they check into a new hotel. Occasionaly they get blocked when sending email.

    Is it possible to configure Exim such that RBL lookups do not occur when authenticated users attempt to relay?
     
  2. webignition

    webignition Well-Known Member

    Joined:
    Jan 22, 2005
    Messages:
    1,880
    Likes Received:
    0
    Trophy Points:
    36
    Certainly would be. Why would they have to do that?
     
  3. tmallardi

    tmallardi Well-Known Member

    Joined:
    Jan 18, 2005
    Messages:
    69
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    El Paso, TX
    Many people are advised to configure their mail client to use the SMTP server of the ISP they are connected to. In the case of traveling computers, it would be a hassle to change your SMTP settings every place you go, right?

    So, I'd like to configure Exim on the server side to not do a RBL lookup on authenticated users trying to relay. Therefore, they can keep their smtp settings the same, and avoid possibly being rejected when attempting to relay from a dynamic ISP connection.
     
  4. danimal

    danimal Well-Known Member

    Joined:
    Jul 14, 2003
    Messages:
    79
    Likes Received:
    0
    Trophy Points:
    6
    me too!

    I am also very interested in doing this.

    I have a client whose verizon dsl assigned IP is listed in dsbl.org. I know that the "right" solution is to pursue having their IP removed from the list, but in the meantime, I'd like something, even if only temporary, to let this particular client continue to send via my server.

    So solutions I see:

    1. turn off spamlist checking
    (I'd rather not as this would be server-wide and to date it has helped reduce the mail load... I think)

    2. add my client's IP to a whitelist
    (this would be ok... I'm having trouble finding some good pointers to how to do this with exim, but I may just need to search more)

    3. have some setting so that authenticated users can send regardless.
    (this would be ideal)

    Actually, now that I think about it, the only people sending FROM my server are my clients (i.e. it's not an open relay... authentication required to use SMTP)...

    So I'm suddenly wondering why I want dnslist/dsbl checks on emails sent FROM my server? Doesn't it make more sense to only use it to reject emails coming IN TO my server that are from a known spam IP?

    Can someone shed some light on this? And of course I welcome any specific pointers on how to set this up, either #2 or #3... or best of all, the option to not check outgoing emails against spamlists.

    Thanks!

    -Danimal :cool:
     
  5. amh007

    amh007 Member

    Joined:
    May 23, 2006
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    1
    Doesn't smtp-authentication clear this hurdle?
     
  6. tmallardi

    tmallardi Well-Known Member

    Joined:
    Jan 18, 2005
    Messages:
    69
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    El Paso, TX
    Nope, unfortunately it does not.

    For some reason, the authenticated user is subject to a RBL lookup before they can relay.

    There really is no reason that an authenticated user needs to scrutinized by the blacklist, as they have already proven their credentials.

    Sure would like to have this resolved so that most all RBL 's can be used in Exim.
     
  7. danimal

    danimal Well-Known Member

    Joined:
    Jul 14, 2003
    Messages:
    79
    Likes Received:
    0
    Trophy Points:
    6
    I don't think so (although I may be wrong).

    I have SMTP-Authentication on, and I've configured exim to reject when an email matches a couple of SBL lists, and a hosted client of mine cannot send emails through my server because their Verizon DSL assigned IP is listed on one of the SBLs.

    I'm still trying to figure out the "cleanest" way of dealing with this. I think ultimately, I'd like to just have exim auto-whitelist anyone that sends through the server, as this would be my clients only. That way, even if a client is listed, they can still send.

    (this may not be a good solution in general, but my hosting company is small and I personally know all the clients)

    Thanks,

    -Danimal :cool:

    EDIT: I posted this thie same time as tmallardi. I'm the same boat and would also love to have this resolved.
     
  8. amh007

    amh007 Member

    Joined:
    May 23, 2006
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    1
    I'm pretty certain it does, have you tested it? The dynamic-host RBL I use blocks most of my clients (including myself) if they don't use smtp-auth.
     
  9. tmallardi

    tmallardi Well-Known Member

    Joined:
    Jan 18, 2005
    Messages:
    69
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    El Paso, TX
    Yep, if your IP address is on a blacklist simply because it is dynamic, you will get blocked - even when you authenticate.

    This happens quite a bit with Comcast & Verizon DSL customers.
     
  10. amh007

    amh007 Member

    Joined:
    May 23, 2006
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    1
    Something is getting lost in the translation here, so one last attempt.

    I am a Verizon DSL customer.
    I get blocked by my mail server's use of a DUL RBL.
    I enable smtp authentication in my mail client.
    I no longer get blocked.

    Good luck guys.
     
  11. danimal

    danimal Well-Known Member

    Joined:
    Jul 14, 2003
    Messages:
    79
    Likes Received:
    0
    Trophy Points:
    6
    amh007,

    This is exactly the situation I'm in, but my client is still getting blocked. Would you mind posting your /etc/exim.conf file. I'm wondering if there is a different configuration on your server.

    What you have is exactly what I'd like it to be on my server, I'm just not sure how.

    Thanks!

    -Danimal :cool:
     
  12. amh007

    amh007 Member

    Joined:
    May 23, 2006
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    1
    I'll give you my customizations, everything else is default cpanel/exim config. This is from advanced mode edit of course.

    1st input box:
    Code:
    # 20060710/amh begin
    domainlist rbl_blacklist = lsearch;/etc/rblblacklist
    domainlist rbl_bypass = lsearch;/etc/rblbypass
    hostlist rbl_whitelist = lsearch;/etc/relayhosts : partial-lsearch;/etc/rblwhitelist
    # 20060710/amh end
    
    3rd input box, just after "accept hosts":
    Code:
    # 20060710/amh begin
    # Always accept mail to postmaster & abuse for any local domain
    accept domains = +local_domains
    local_parts = support:postmaster:abuse
    
    deny message = Message rejected because $sender_fullhost \
    is blacklisted at $dnslist_domain see $dnslist_text
    !hosts = +relay_hosts
    !authenticated = *
    dnslists = \
    multi.surbl.org: \
    dul.dnsbl.sorbs.net : \
    opm.blitzed.org : \
    sbl-xbl.spamhaus.org :
    # RBL Bypass Local Domain List
    !domains = +rbl_bypass
    # RBL Whitelist incoming hosts
    !hosts = +rbl_whitelist 
    # 20060710/amh end
    
    and the 7th input box:
    Code:
    # 20060710/amh begin
    # Deny and send notice to list of rejected domains.
    reject_domains:
    driver = redirect
    # RBL Blacklist incoming hosts
    domains = +rbl_blacklist
    allow_fail
    data = :fail: Connection rejected: SPAM source $domain is manually blacklisted.
    # 20060710/amh end
    
    Hope that helps. That's all from assorted howto's I found googling around the web, no credit to me. Oh, if anyone sees anything wrong with this, please let me know, I'm no Exim guru ;)
     
  13. tmallardi

    tmallardi Well-Known Member

    Joined:
    Jan 18, 2005
    Messages:
    69
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    El Paso, TX
    RESOLVED!!

    The simple addition of the following modifier fixed the problem.

    !authenticated = *


    Thanks for the solution AMH!

    Thanks to Danimal for getting this thread noticed.
     
  14. kemis

    kemis Well-Known Member

    Joined:
    Feb 17, 2005
    Messages:
    104
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Georgetown, TX
    Is there a way to do this same thing for SpamAssassin? In other words, when users authenticate & send through the mail server, is there any way to make SpamAssassin NOT assign points (or at least give negative points) for RBL checks that say the message was sent from a dynamic IP.

    Also, can someone please explain to me why the checks say the e-mail was "sent directly from dynamic IP" and/or "dialup sender did non-local SMTP"? If a user is authenticating against the cPanel server & relaying through it, then the e-mail was really sent from the server, right? Regardless, it just doesn't make sense to me that a valid SMTP authenticated user on DSL/cable would be subject to spam points.

    Thanks,
    Matt
     
  15. srhoffman

    srhoffman Member

    Joined:
    Aug 25, 2005
    Messages:
    6
    Likes Received:
    0
    Trophy Points:
    1
    Everythign works except the bypass/whitelist

    AMH,

    I've been usign your stuff to enforce RBL's quite successfully, but for some reason it won't acknowledge whitelisted IP's, does this work for you? If so who owns and what are the permissions on the files in /etc/rbl*?

    Thanks,
    Steve
     
  16. claudio

    claudio Well-Known Member

    Joined:
    Jul 31, 2004
    Messages:
    201
    Likes Received:
    0
    Trophy Points:
    16
    guys

    thanks for the tips of this thread,

    1) this
    !authenticated = *

    is not avoiding authenticated users of beign listed : (((

    white list do work if you place the name of the network domain that the ip carry together from its isp what gives a huge work and sometimes there is no domain name to add...

    2)
    after add this RBL to my exim everything is far better

    but clamav is not working anymore

    any clues?

    thanks

    Claudio
     
    #16 claudio, Dec 8, 2006
    Last edited: Dec 8, 2006
  17. brianoz

    brianoz Well-Known Member

    Joined:
    Mar 13, 2004
    Messages:
    1,146
    Likes Received:
    6
    Trophy Points:
    38
    Location:
    Melbourne, Australia
    cPanel Access Level:
    Root Administrator
    My problem is with SpamAssassin too, that is, a travelling user sends email through our smtp server and is coming up with points for an RBL match.

    Anyone know how to turn this off for authenticated users?
     
  18. kemis

    kemis Well-Known Member

    Joined:
    Feb 17, 2005
    Messages:
    104
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Georgetown, TX
    Thanks, brianoz, for agreeing with me! I've been watching this thread hoping someone could shed some light on this. I can't image there's no solution (except to simply zero out those SA rules, which I doubt would be a good idea).

    My fingers are crossed hoping someone else has a clever solution to our SpamAssassin problem.

    Matt
     
  19. brianoz

    brianoz Well-Known Member

    Joined:
    Mar 13, 2004
    Messages:
    1,146
    Likes Received:
    6
    Trophy Points:
    38
    Location:
    Melbourne, Australia
    cPanel Access Level:
    Root Administrator
    Well yes, particularly when the travelling user is myself :)
     
Loading...

Share This Page