Exim Blacklist Domains Issue

Shane3673

Well-Known Member
Dec 20, 2013
96
1
58
cPanel Access Level
Root Administrator
I followed some instructions I found to Blacklist by domain name in Exim config. Here is what I did:

I added

domainlist exim_blacklist = lsearch;/etc/eximblacklist

And added

reject_domains:
driver = redirect
# RBL Blacklist incoming hosts
domains = +exim_blacklist
allow_fail
data = :fail:Connection rejected: SPAM source $domain is manually blacklisted

I created a file called /etc/eximblacklist with the contents of:

*@*.xyz
*@*.top
*@*.space

This is where about 99% of the spam we are receiving comes from and just started using dspam so training on that has been pretty slow, but it allows us to have a portal in which every email user can release their own messages from the quarantine with the SMCP plugin instead of calling us every time they can't find an email.

So by doing this it seems that the first domain is being blacklisted just fine, but the next 2 in the list are not. I have also tried some other instructions for doing the same thing with Exim ACL but that completely broke all email. If anyone has done this before, I could really use some input as to why it doesn't seem to be reading the lines after the first or if there is a better way of doing this in exim.

This also looks good:

Exim Blacklist -> *domain doesn't work

but I don't see where I can add custom filters in the WHM. The only thing I can do is change the system filter, not add another filter.
 
Last edited:

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,904
2,218
463

Shane3673

Well-Known Member
Dec 20, 2013
96
1
58
cPanel Access Level
Root Administrator
If you could give me one more bit of input on this, since the code used here says contains, that means I should be able to do it at a domain or address level right, not just a TLD? So instead of ".*", I could do "*.*" or "*@*.*", obviously not using wildcards in the code but replacing them with what I want to block in exim.
 

StoneyCreeker

Well-Known Member
Oct 17, 2006
53
3
158
Upper-East TN
cPanel Access Level
Root Administrator
Yes you can if I understand your question. here is an example that might help:

Code:
 $h_from: contains "[email protected]"
or $h_from: contains "@domain.com"
Both will work but are very powerful if not made very specific to your needs.

You could block ALL messages from every "bill" or an entire domain like @aol.com.

I suggest sending rule results to a test email account to monitor the results for a while.

You can do that like this:
Code:
 #block email addresses
if
  $h_from: contains "[email protected]"
  or $h_from: contains "@domain.com"
then
  deliver "SpamTest <[email protected]>"
 seen finish
endif
Hope this helps.
 
  • Like
Reactions: martin MHC