COOL! Another defense against SPAM: SURBL

Status
Not open for further replies.

HendrikM

Active Member
Jun 26, 2004
39
0
156
What is SURBL? Look here: http://www.surbl.org/
... SURBLs differ from most other RBLs in that they're used to detect spam based on message body URIs (usually web sites). Unlike most other RBLs, SURBLs are not used to block spam senders. Instead they allow you to block messages that have spam domains which occur in message bodies. ...
How can I make it work with Exim? Look here: http://www.teuton.org/~erik/docs/exim_surbl.shtml
Erik Mugele have put together quite a nice tutorial describing how to set it up (above).

In Short:
1. Copy the Perl code found on Erik's site (above) and paste into the bottom of your /etc/exim.pl file via an SSH console.
2. Copy the ACL code on Erik's site and paste it into the Exim Configuration file under the DATA ACL via WHM. This ACL will call the Perl subroutine you inserted in step 1.

THIS IS REALLY COOL!!! THANK YOU ERIK!!! :D
 
Last edited:

chirpy

Well-Known Member
Verifed Vendor
Jun 15, 2002
13,437
33
473
Go on, have a guess
Alternatively, you can simply use it through SpamAssassin mods and not worry about cPanel overwriting your changes ;)
 

HendrikM

Active Member
Jun 26, 2004
39
0
156
Very true... But SpamAssassin can also be overwritten by WHM/cPanel updates... :(

Luckily cPanel support came up with an answer (Man, these guys are sharp!) :D

/etc/exim.pl will be overwritten with exim updates/reinstalls unless you set the immutable flag on it. If you update manually the this may not be a bad option since you can tell if there are changes you need. Spam Assassin 3 has built in support for that rbl method, however it too can be overwritten with updates. I would try `chattr +i /etc/exim.pl` first and see if that doesn't suffice.
Personally I find SpamAssassin to be a resource hog and much too complicated for my users... I will stick with normal RBL lookups... :)
 
Last edited:

networxhosting

Well-Known Member
PartnerNOC
Apr 22, 2003
80
0
156
Hamilton, Ontario, CANADA
I just applied this to one of our production servers this morning, and let it go all day. I can safely say that it has cut down on A LOT of spam, and with zero complaints so far

big thumbs up here too!
 

winhosting

Member
May 29, 2004
9
0
151
Ohio
Henrik,

Which field I should paste the DATA ACL in Exim via WHM? There are many fields there and I can't tell which one.

Thanks

Zak
 

khoonchee

Well-Known Member
PartnerNOC
Oct 2, 2002
134
0
166
HendrikM said:
What is SURBL? Look here: http://www.surbl.org/


How can I make it work with Exim? Look here: http://www.teuton.org/~erik/docs/exim_surbl.shtml
Erik Mugele have put together quite a nice tutorial describing how to set it up (above).

In Short:
1. Copy the Perl code found on Erik's site (above) and paste into the bottom of your /etc/exim.pl file via an SSH console.
2. Copy the ACL code on Erik's site and paste it into the Exim Configuration file under the DATA ACL via WHM. This ACL will call the Perl subroutine you inserted in step 1.

THIS IS REALLY COOL!!! THANK YOU ERIK!!! :D
Cooll... I just applied on 2 of our production servers. Let see how things go.. :D
 

HendrikM

Active Member
Jun 26, 2004
39
0
156
winhosting said:
Henrik,

Which field I should paste the DATA ACL in Exim via WHM? There are many fields there and I can't tell which one.

Thanks

Zak

Hi Zak,

Put it under "check_message:" (without the quotes).
 

kwimberl

Well-Known Member
Aug 13, 2001
123
0
316
Out of curiosity, what RBL's are you all using?

I use:

dnslists = sbl.spamhaus.org: \
relays.ordb.org: \
list.dsbl.org: \
bl.spamcop.net: \
xbl.spamhaus.org
 

drhonk

Active Member
Aug 12, 2001
42
0
306
why do you use sbl.spamhaus.org and xbl.spamhaus.org separately. Its easier to use sbl-xbl.spamhaus.org .. :)
 

checksoft

Well-Known Member
Mar 16, 2002
67
0
306
How do you know that this script is not blocking legitimate mail? Many times hosting servers will be placed on an RBL when they shouldn't be. Point is, can the client "whitelist" entries? Sounds like more maintenance. Blacklists are far from foolproof.
 

chirpy

Well-Known Member
Verifed Vendor
Jun 15, 2002
13,437
33
473
Go on, have a guess
I use sbl-xbl.spamhaus.org and bl.spamcop.net and rarely find exceptions to those with other RBL's and so don't use them as they then just add overhead.

Since I use them through MailScanner for scoring purposes, email can still be delivered but with a higher SpamAssasin score.
 

kwimberl

Well-Known Member
Aug 13, 2001
123
0
316
drhonk said:
why do you use sbl.spamhaus.org and xbl.spamhaus.org separately. Its easier to use sbl-xbl.spamhaus.org .. :)

Indeed. The answer is that I don't always have xbl on there so I find it easier to remove if it's separate.
 

amal

Well-Known Member
Nov 22, 2003
155
0
166
India
cPanel Access Level
Root Administrator
Hi,

Just tried SURBL in one of the servers. Really greatttttttt. Filters out most of those spam.
Spamcop RBL + SURBL = GREAT

and my server load went down by several times.....

Thanks everyone, : :)

Amal
 

hedgehog

Well-Known Member
Nov 3, 2001
122
0
316
surbl exim problem

Hello, been trying this setup for some time and there is a big problem I discovered.

Please try the following.

I was looking at the logs and found our main domain name in the reject log with an message about it being listed in SURBL list...

I checked the list and we were naturally not there.. then it came to my attention that the filter is sometime filtering perfectly valid domain names....

It even blocked http://www.yahoo.com and http://www.surbl.org

very weird.

Also if you try sending a message to your box and include a blocked domain name ... the message will even bounce back with the following:

550-Message contains blacklisted domain (surbl.org) in [ab] [ph] [sc]. See\n550 http://www.surbl.org/lists.html. (Rule 21)

pretty weird.

Any ideas?
 

chae

Well-Known Member
Apr 19, 2003
145
0
166
Auckland, New Zealand
Just watch with the new version of exim that cPanel loaded on last night (4.44.0) the ACL stopped working with exim and all mail being sent through the server by smtp stopped. Checked log files and there was an error with SURBL...removed the ACL and mail went back to normal
 

chae

Well-Known Member
Apr 19, 2003
145
0
166
Auckland, New Zealand
networxhosting said:
That happened to us as well

The problem was that exim.pl was replaced. Simply re-adding the sub into exim.pl did the trick

- domer
Duuhh - The only place I didn't look :)

Yep was missing...added it back in - added the ACL and away it went.

Thanks
 
Status
Not open for further replies.