The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Check RBL if user is authenticated (smtp)

Discussion in 'Security' started by danilosp, Jun 24, 2014.

  1. danilosp

    danilosp Registered

    Joined:
    Jun 24, 2014
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    DataCenter Provider
    Hi,
    I want to check RBL also if the user is authenticated. I have inserted in section "custom_begin_rbl" (in WHM ---> " Exim
    Configuration Editor ---> Advanced Editor") this code:

    Code:
    accept
    	authenticated = *
    warn
    	dnslists = xbl.spamhaus.org
    	set acl_m8 = 1
    	set acl_m9 = "JunkMail rejected - $sender_fullhost is in an RBL, see $dnslist_text"
    warn
         condition = ${if eq {${acl_m8}}{1}{1}{0}}
         ratelimit = 0 / 1h / strict / per_conn
         log_message = "Increment Connection Ratelimit - $sender_fullhost because of RBL match"
    
    drop
         condition = ${if eq {${acl_m8}}{1}{1}{0}}
         message = ${acl_m9}
    
    ...but exim control the RBL "xbl.spamhaus.org" only for NOT authenticated users :(
    I would to check also for AUTHENTICATED users. Can anyone help me?
     
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,854
    Likes Received:
    676
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello :)

    You could enable the following option in "WHM Home » Service Configuration » Exim Configuration Manager" under the "ACL Options" tab:

    Ratelimit suspicious SMTP servers

    Per it's description:

    Ratelimit incoming SMTP connections that do not send QUIT (violates RFCs), have recently matched an RBL, or have attacked the server.

    To clarify, do you mean that users on your system circumventing this option?

    Thank you.
     
  3. danilosp

    danilosp Registered

    Joined:
    Jun 24, 2014
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    DataCenter Provider
    This option don't check if IP of connection (with AUTH ON) is listed in RBL. I want this: check the IP in RBL of user with AUTH ON.
    However I have activated "Ratelimit suspicious SMTP servers", this option doesn't block the emails if the IP is in xbl.spamhaus.org.
     
  4. danilosp

    danilosp Registered

    Joined:
    Jun 24, 2014
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    DataCenter Provider
    I have solved the problem.

    I have insert under "acl_smtp_rcpt" in "custom_end_recipient":

    Code:
      deny
        message = X-Warning: $sender_host_address is listed at $dnslist_domain ($dnslist_value: $dnslist_text)
        log_message = $sender_host_address is listed at $dnslist_domain ($dnslist_value: $dnslist_text)
        dnslists = xbl.spamhaus.org
    
    Now the IP of SMTP connection is checked if AUTH is ON.
     
  5. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,854
    Likes Received:
    676
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
  6. danilosp

    danilosp Registered

    Joined:
    Jun 24, 2014
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    DataCenter Provider
    ...I have updated the rule, now it's ok:

    Code:
      deny
        authenticated = *
        message = X-Warning: $sender_host_address is listed at $dnslist_domain ($dnslist_value: $dnslist_text)
        log_message = $sender_host_address is listed at $dnslist_domain ($dnslist_value: $dnslist_text)
        dnslists = xbl.spamhaus.org
    
     
Loading...

Share This Page