Exim Blacklist Domains Issue

[Shane3673]

I followed some instructions I found to Blacklist by domain name in Exim config. Here is what I did:

I added

domainlist exim_blacklist = lsearch;/etc/eximblacklist

And added

reject_domains:
driver = redirect
# RBL Blacklist incoming hosts
domains = +exim_blacklist
allow_fail
data = :fail:Connection rejected: SPAM source $domain is manually blacklisted

I created a file called /etc/eximblacklist with the contents of:

*@*.xyz
*@*.top
*@*.space

This is where about 99% of the spam we are receiving comes from and just started using dspam so training on that has been pretty slow, but it allows us to have a portal in which every email user can release their own messages from the quarantine with the SMCP plugin instead of calling us every time they can't find an email.

So by doing this it seems that the first domain is being blacklisted just fine, but the next 2 in the list are not. I have also tried some other instructions for doing the same thing with Exim ACL but that completely broke all email. If anyone has done this before, I could really use some input as to why it doesn't seem to be reading the lines after the first or if there is a better way of doing this in exim.

This also looks good:

Exim Blacklist -> *domain doesn't work

but I don't see where I can add custom filters in the WHM. The only thing I can do is change the system filter, not add another filter.

 

[cPanelMichael]

but I don't see where I can add custom filters in the WHM. The only thing I can do is change the system filter, not add another filter.

Hello

It's suggesting you create those files via the command line in the following directory:

/usr/local/cpanel/etc/exim/sysfilter/options/

There's also a document on this at:

How to Customize the Exim System Filter File - cPanel Knowledge Base - cPanel Documentation

Thank you.

 

[Shane3673]

Awesome, I get it now. The filters sections reads what is in this directory. Thanks.

 

[Shane3673]

If you could give me one more bit of input on this, since the code used here says contains, that means I should be able to do it at a domain or address level right, not just a TLD? So instead of ".*", I could do "*.*" or "*@*.*", obviously not using wildcards in the code but replacing them with what I want to block in exim.

 

[StoneyCreeker]

Yes you can if I understand your question. here is an example that might help:

 $h_from: contains "[email protected]"
or $h_from: contains "@domain.com"

Both will work but are very powerful if not made very specific to your needs.

You could block ALL messages from every "bill" or an entire domain like @aol.com.

I suggest sending rule results to a test email account to monitor the results for a while.

You can do that like this:

 #block email addresses
if
  $h_from: contains "[email protected]"
  or $h_from: contains "@domain.com"
then
  deliver "SpamTest <[email protected]>"
 seen finish
endif

Hope this helps.

 

[Shane3673]

Thanks, I thought so, but wanted to make sure. Don't at this point have a reason to do it, but might in the future.