The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Exempt domains from RBL checking?

Discussion in 'E-mail Discussions' started by sawbuck, Apr 3, 2013.

  1. sawbuck

    sawbuck Well-Known Member

    Joined:
    Jan 18, 2004
    Messages:
    1,367
    Likes Received:
    5
    Trophy Points:
    38
    cPanel Access Level:
    Root Administrator
    We have customers that occasionally request to be exempted from incoming mail RBL checking. Prior to the new Exim Advanced Editor system this could be accomplished by various mechanisms. After this original discussion, Nick (the founder of cPanel) has provided a patch later in this thread at this location:

    http://forums.cpanel.net/f43/exempt-domains-rbl-checking-335422.html#post1362871

    The previously mentioned options that do not work are now being removed, since a working patch does exist.
     
    #1 sawbuck, Apr 3, 2013
    Last edited by a moderator: Apr 8, 2013
  2. sawbuck

    sawbuck Well-Known Member

    Joined:
    Jan 18, 2004
    Messages:
    1,367
    Likes Received:
    5
    Trophy Points:
    38
    cPanel Access Level:
    Root Administrator
    Re: Exempt domains from RBL checking no longer working

    Unfortunately this solution doesn't work either.

    1) in the options section, define the file that will house a line-separated list of domains to skip:

    domainlist skip_rbl_domains = ${if exists{/etc/skip_rbl_domains} {lsearch;/etc/skip_rbl_domains} fail}

    2) In the spamcop_rbl (and spamhaus_rbl) sections, add the skip line under 'hosts', ie:

    deny message = JunkMail rejected - $sender_fullhost is in an RBL, see $dnslist_text
    dnslists = bl.spamcop.net
    hosts = +backupmx_hosts
    domains = ! +skip_rbl_domains
     
  3. cPanelNick

    cPanelNick Administrator
    Staff Member

    Joined:
    Mar 9, 2015
    Messages:
    3,426
    Likes Received:
    2
    Trophy Points:
    38
    cPanel Access Level:
    DataCenter Provider
    View attachment skip_rbl_domains.diff.txt

    cd /usr/local/cpanel
    patch -p1 < skip_rbl_domains.diff.txt

    EDIT: make sure to run /usr/local/cpanel/scripts/buildeximconf and restartsrv_exim afterwards (so used to doing that I forgot it in my post)
     
  4. sawbuck

    sawbuck Well-Known Member

    Joined:
    Jan 18, 2004
    Messages:
    1,367
    Likes Received:
    5
    Trophy Points:
    38
    cPanel Access Level:
    Root Administrator
    Thank you Nick.

    I've struggled with this one for awhile and your personal help while unexpected is very much appreciated.

    Have applied the patch and in the process of determining exactly which directives will work and once confirmed will post that information as follow up for anyone else that might be looking for this solution.

    Ed
     
  5. sawbuck

    sawbuck Well-Known Member

    Joined:
    Jan 18, 2004
    Messages:
    1,367
    Likes Received:
    5
    Trophy Points:
    38
    cPanel Access Level:
    Root Administrator
    Patch provided by Nick is working without using any manually entered directives.
     
    #5 sawbuck, Apr 8, 2013
    Last edited: Apr 8, 2013
  6. Brian

    Brian Well-Known Member

    Joined:
    Dec 1, 2010
    Messages:
    117
    Likes Received:
    2
    Trophy Points:
    18
    Location:
    Texas
    cPanel Access Level:
    Root Administrator
    Greetings sawbuck,

    The patch provided by Nick would implement the /etc/skiprbldomains behavior across all RBL configurations deployed through the "RBLs" tab of the Basic Editor under the Exim Configuration page. No changes through the Advanced Editor would be needed with Nick's patch. It'd just be a means of following Nick's post of applying the patch, running the necessary commands he posted to build out a new exim.conf, and editing /etc/skiprbldomains. Keep in mind that cPanel updates will revert the patched perl modules, meaning that if you were to ever need to re-save Exim configurations you should re-apply Nick's patch before each Exim config save to ensure the patched behavior is present.

    The steps you've posted could be deployed as an *alternate* solution to Nick's patch. You've basically pulled out the changes Nick made and wrote them in a suitable instruction set for the Advanced Editor.

    The only item of note I'd remind folks about with your manual deployment, though, is that you deployment would be best suited for if all of the default RBLs were *disabled* in the Basic Editor, since you are effectively adding in a custom RBL manually. If the default ones were left in, it would result in duplicate RBL configs.

    In short, if your steps were used in conjunction with leaving the cPanel deployed RBL configurations on, then the whitelisted domains would appropriately skip your custom RBL acl but trip on the default RBL acl. If your steps were used in conjunction with Nick's patch, efforts would be duplicated and potentially result in a failed exim.conf build at worst and multiple DNS requests to the RBLs at best.

    In short, whichever method is chosen, only one of those methods should be deployed. Both accomplish similar end goals and are completely acceptable.

    At the very least I'd recommend opening a feature request at cPanel Feature Requests for this so we can see the demand for this functionality being added to the product.
     
  7. sawbuck

    sawbuck Well-Known Member

    Joined:
    Jan 18, 2004
    Messages:
    1,367
    Likes Received:
    5
    Trophy Points:
    38
    cPanel Access Level:
    Root Administrator
    Thank you Brian.

    When I applied Nick's patch without the additional "manual" directives the domains in /etc/skiprbldomains were not exempted from RBL checking.

    Using the manual directives without applying the patch didn't work either.

    One option I didn't try but apparently should is to disable RBLs in the default editor.

    Good to know that the patch would need to be reapplied on Exim upgrades. Assume then that to revert Exim to pre-patch status would be to run /script/eximup --force.

    As to a feature request - doubt there is much interest in this solution as RBLs for spam blocking (other than spamhaus and spamcop and perhaps barracudacentral.org) don't seem to be widely deployed anymore.

    Ed
     
  8. Brian

    Brian Well-Known Member

    Joined:
    Dec 1, 2010
    Messages:
    117
    Likes Received:
    2
    Trophy Points:
    18
    Location:
    Texas
    cPanel Access Level:
    Root Administrator
    If you'd like to open a ticket on this I can take a further look as time permits. Nick's patch on its own should automatically cover all of the RBLs as enabled through the Basic Editor interface (after the conf is rebuilt). Your patch would be required if the individual manually deployed an RBL acl through the Advanced Editor, which would be by updating their manually deployed RBL acl to include the "domains = ! +skip_rbl_domains" exemption (in addition to defining skip_rbl_domains).

    It's kind of an either/or situation. If the RBLs used are the ones under the RBLs tab in the Basic Editor, Nick's patch should be able to solve the issue in of itself. If the RBLs used were custom written in the Advanced Editor, your patch would be applicable.

    I just want to make sure everything is sorted so you aren't doubling up on DNS requests and otherwise just have the ACLs and directives set forth that are required. I know a lot of individuals use our forums posts for reference as well, so ensuring the instruction set we have here is the correct one is certainly something I want to make sure we iron out. If you do open a ticket, please post the Ticket ID here.
     
  9. sawbuck

    sawbuck Well-Known Member

    Joined:
    Jan 18, 2004
    Messages:
    1,367
    Likes Received:
    5
    Trophy Points:
    38
    cPanel Access Level:
    Root Administrator
    That was my intention also and did take the extra time to detail all of the steps and would be interested in revising them to be accurate.

    Ticket# 3967391

    Thank you Brian for taking the time to investigate this issue.
     
  10. sawbuck

    sawbuck Well-Known Member

    Joined:
    Jan 18, 2004
    Messages:
    1,367
    Likes Received:
    5
    Trophy Points:
    38
    cPanel Access Level:
    Root Administrator
    Thank you for including this functionality in the latest Edge builds.
     
  11. shenzy

    shenzy Well-Known Member

    Joined:
    Apr 27, 2008
    Messages:
    66
    Likes Received:
    1
    Trophy Points:
    8
    Location:
    Chile
    cPanel Access Level:
    Root Administrator
    This option (skiprbldomains) work fine to indicate local domains (local accounts) who do not use the rbl, but would be great another option for whitelist remote domains against the rbls.

    Maybe something like:

    This configuration works well for me, but I have edit exim.conf manually every time I change the exim config from whm.
     
  12. Serra

    Serra Well-Known Member

    Joined:
    Oct 27, 2005
    Messages:
    213
    Likes Received:
    4
    Trophy Points:
    18
    Location:
    Florida
    I would like to see a remote domain option as well. Local domains is a hammer, but remote domains is much more precise. I have a few clients who have clients who are constantly on RBLs. I would like to allow those domains (or anyone spoofing those domains) to pass the RBL rather than having my client get all of the spam that would be blocked by the RBL.
     
  13. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,678
    Likes Received:
    654
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
  14. shenzy

    shenzy Well-Known Member

    Joined:
    Apr 27, 2008
    Messages:
    66
    Likes Received:
    1
    Trophy Points:
    8
    Location:
    Chile
    cPanel Access Level:
    Root Administrator
    Submited!
    thanks Michael.
     
  15. sawbuck

    sawbuck Well-Known Member

    Joined:
    Jan 18, 2004
    Messages:
    1,367
    Likes Received:
    5
    Trophy Points:
    38
    cPanel Access Level:
    Root Administrator
    @shenzy

    Would help if you posted a link to the request so others can vote on it.
     
  16. shenzy

    shenzy Well-Known Member

    Joined:
    Apr 27, 2008
    Messages:
    66
    Likes Received:
    1
    Trophy Points:
    8
    Location:
    Chile
    cPanel Access Level:
    Root Administrator
  17. sawbuck

    sawbuck Well-Known Member

    Joined:
    Jan 18, 2004
    Messages:
    1,367
    Likes Received:
    5
    Trophy Points:
    38
    cPanel Access Level:
    Root Administrator
    Feature request link still showing an error: Access Denied! Insufficient permissions to view this object!
     
  18. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,678
    Likes Received:
    654
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
Loading...

Share This Page