The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

COOL! Another defense against SPAM: SURBL

Discussion in 'General Discussion' started by HendrikM, Nov 5, 2004.

Thread Status:
Not open for further replies.
  1. HendrikM

    HendrikM Active Member

    Joined:
    Jun 26, 2004
    Messages:
    39
    Likes Received:
    0
    Trophy Points:
    6
    What is SURBL? Look here: http://www.surbl.org/
    How can I make it work with Exim? Look here: http://www.teuton.org/~erik/docs/exim_surbl.shtml
    Erik Mugele have put together quite a nice tutorial describing how to set it up (above).

    In Short:
    1. Copy the Perl code found on Erik's site (above) and paste into the bottom of your /etc/exim.pl file via an SSH console.
    2. Copy the ACL code on Erik's site and paste it into the Exim Configuration file under the DATA ACL via WHM. This ACL will call the Perl subroutine you inserted in step 1.

    THIS IS REALLY COOL!!! THANK YOU ERIK!!! :D
     
    #1 HendrikM, Nov 5, 2004
    Last edited: Nov 5, 2004
  2. HendrikM

    HendrikM Active Member

    Joined:
    Jun 26, 2004
    Messages:
    39
    Likes Received:
    0
    Trophy Points:
    6
    This blocked nearly all the SPAM which somehow slipped past my RBL lookups...
     
  3. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    Alternatively, you can simply use it through SpamAssassin mods and not worry about cPanel overwriting your changes ;)
     
  4. HendrikM

    HendrikM Active Member

    Joined:
    Jun 26, 2004
    Messages:
    39
    Likes Received:
    0
    Trophy Points:
    6
    Very true... But SpamAssassin can also be overwritten by WHM/cPanel updates... :(

    Luckily cPanel support came up with an answer (Man, these guys are sharp!) :D

    Personally I find SpamAssassin to be a resource hog and much too complicated for my users... I will stick with normal RBL lookups... :)
     
    #4 HendrikM, Nov 5, 2004
    Last edited: Nov 5, 2004
  5. networxhosting

    networxhosting Well-Known Member
    PartnerNOC

    Joined:
    Apr 22, 2003
    Messages:
    80
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Hamilton, Ontario, CANADA
    I just applied this to one of our production servers this morning, and let it go all day. I can safely say that it has cut down on A LOT of spam, and with zero complaints so far

    big thumbs up here too!
     
  6. winhosting

    winhosting Member

    Joined:
    May 29, 2004
    Messages:
    9
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Ohio
    Henrik,

    Which field I should paste the DATA ACL in Exim via WHM? There are many fields there and I can't tell which one.

    Thanks

    Zak
     
  7. khoonchee

    khoonchee Well-Known Member
    PartnerNOC

    Joined:
    Oct 2, 2002
    Messages:
    134
    Likes Received:
    0
    Trophy Points:
    16
    Cooll... I just applied on 2 of our production servers. Let see how things go.. :D
     
  8. HendrikM

    HendrikM Active Member

    Joined:
    Jun 26, 2004
    Messages:
    39
    Likes Received:
    0
    Trophy Points:
    6

    Hi Zak,

    Put it under "check_message:" (without the quotes).
     
  9. kwimberl

    kwimberl Well-Known Member

    Joined:
    Aug 13, 2001
    Messages:
    123
    Likes Received:
    0
    Trophy Points:
    16
    Out of curiosity, what RBL's are you all using?

    I use:

    dnslists = sbl.spamhaus.org: \
    relays.ordb.org: \
    list.dsbl.org: \
    bl.spamcop.net: \
    xbl.spamhaus.org
     
  10. drhonk

    drhonk Active Member

    Joined:
    Aug 12, 2001
    Messages:
    42
    Likes Received:
    0
    Trophy Points:
    6
    why do you use sbl.spamhaus.org and xbl.spamhaus.org separately. Its easier to use sbl-xbl.spamhaus.org .. :)
     
  11. checksoft

    checksoft Well-Known Member

    Joined:
    Mar 16, 2002
    Messages:
    70
    Likes Received:
    0
    Trophy Points:
    6
    How do you know that this script is not blocking legitimate mail? Many times hosting servers will be placed on an RBL when they shouldn't be. Point is, can the client "whitelist" entries? Sounds like more maintenance. Blacklists are far from foolproof.
     
  12. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    I use sbl-xbl.spamhaus.org and bl.spamcop.net and rarely find exceptions to those with other RBL's and so don't use them as they then just add overhead.

    Since I use them through MailScanner for scoring purposes, email can still be delivered but with a higher SpamAssasin score.
     
  13. kwimberl

    kwimberl Well-Known Member

    Joined:
    Aug 13, 2001
    Messages:
    123
    Likes Received:
    0
    Trophy Points:
    16

    Indeed. The answer is that I don't always have xbl on there so I find it easier to remove if it's separate.
     
  14. amal

    amal Well-Known Member

    Joined:
    Nov 22, 2003
    Messages:
    155
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    India
    cPanel Access Level:
    Root Administrator
    Hi,

    Just tried SURBL in one of the servers. Really greatttttttt. Filters out most of those spam.
    Spamcop RBL + SURBL = GREAT

    and my server load went down by several times.....

    Thanks everyone, : :)

    Amal
     
  15. anand

    anand Well-Known Member

    Joined:
    Nov 11, 2002
    Messages:
    1,435
    Likes Received:
    1
    Trophy Points:
    38
    Location:
    India
    cPanel Access Level:
    DataCenter Provider
    how can i do a similar setup ? i have many domains which i would like to see in the list however they are not included in the surbl list.
     
  16. hedgehog

    hedgehog Well-Known Member

    Joined:
    Nov 3, 2001
    Messages:
    122
    Likes Received:
    0
    Trophy Points:
    16
    surbl exim problem

    Hello, been trying this setup for some time and there is a big problem I discovered.

    Please try the following.

    I was looking at the logs and found our main domain name in the reject log with an message about it being listed in SURBL list...

    I checked the list and we were naturally not there.. then it came to my attention that the filter is sometime filtering perfectly valid domain names....

    It even blocked http://www.yahoo.com and http://www.surbl.org

    very weird.

    Also if you try sending a message to your box and include a blocked domain name ... the message will even bounce back with the following:

    550-Message contains blacklisted domain (surbl.org) in [ab] [ph] [sc]. See\n550 http://www.surbl.org/lists.html. (Rule 21)

    pretty weird.

    Any ideas?
     
  17. dezignguy

    dezignguy Well-Known Member

    Joined:
    Sep 26, 2004
    Messages:
    534
    Likes Received:
    0
    Trophy Points:
    16
    HMM... sounds like their whitelisting system has some problems...
     
  18. chae

    chae Well-Known Member

    Joined:
    Apr 19, 2003
    Messages:
    145
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Auckland, New Zealand
    Just watch with the new version of exim that cPanel loaded on last night (4.44.0) the ACL stopped working with exim and all mail being sent through the server by smtp stopped. Checked log files and there was an error with SURBL...removed the ACL and mail went back to normal
     
  19. networxhosting

    networxhosting Well-Known Member
    PartnerNOC

    Joined:
    Apr 22, 2003
    Messages:
    80
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Hamilton, Ontario, CANADA
    That happened to us as well

    The problem was that exim.pl was replaced. Simply re-adding the sub into exim.pl did the trick

    - domer
     
  20. chae

    chae Well-Known Member

    Joined:
    Apr 19, 2003
    Messages:
    145
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Auckland, New Zealand
    Duuhh - The only place I didn't look :)

    Yep was missing...added it back in - added the ACL and away it went.

    Thanks
     
Loading...
Thread Status:
Not open for further replies.

Share This Page