The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Exim Blacklist Domains Issue

Discussion in 'E-mail Discussions' started by Shane3673, Mar 21, 2016.

  1. Shane3673

    Shane3673 Well-Known Member

    Joined:
    Dec 20, 2013
    Messages:
    96
    Likes Received:
    1
    Trophy Points:
    8
    cPanel Access Level:
    Root Administrator
    I followed some instructions I found to Blacklist by domain name in Exim config. Here is what I did:

    I added

    domainlist exim_blacklist = lsearch;/etc/eximblacklist

    And added

    reject_domains:
    driver = redirect
    # RBL Blacklist incoming hosts
    domains = +exim_blacklist
    allow_fail
    data = :fail:Connection rejected: SPAM source $domain is manually blacklisted

    I created a file called /etc/eximblacklist with the contents of:

    *@*.xyz
    *@*.top
    *@*.space

    This is where about 99% of the spam we are receiving comes from and just started using dspam so training on that has been pretty slow, but it allows us to have a portal in which every email user can release their own messages from the quarantine with the SMCP plugin instead of calling us every time they can't find an email.

    So by doing this it seems that the first domain is being blacklisted just fine, but the next 2 in the list are not. I have also tried some other instructions for doing the same thing with Exim ACL but that completely broke all email. If anyone has done this before, I could really use some input as to why it doesn't seem to be reading the lines after the first or if there is a better way of doing this in exim.

    This also looks good:

    Exim Blacklist -> *domain doesn't work

    but I don't see where I can add custom filters in the WHM. The only thing I can do is change the system filter, not add another filter.
     
    #1 Shane3673, Mar 21, 2016
    Last edited: Mar 21, 2016
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,854
    Likes Received:
    676
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
  3. Shane3673

    Shane3673 Well-Known Member

    Joined:
    Dec 20, 2013
    Messages:
    96
    Likes Received:
    1
    Trophy Points:
    8
    cPanel Access Level:
    Root Administrator
    Awesome, I get it now. The filters sections reads what is in this directory. Thanks.
     
  4. Shane3673

    Shane3673 Well-Known Member

    Joined:
    Dec 20, 2013
    Messages:
    96
    Likes Received:
    1
    Trophy Points:
    8
    cPanel Access Level:
    Root Administrator
    If you could give me one more bit of input on this, since the code used here says contains, that means I should be able to do it at a domain or address level right, not just a TLD? So instead of ".*", I could do "*.*" or "*@*.*", obviously not using wildcards in the code but replacing them with what I want to block in exim.
     
  5. StoneyCreeker

    StoneyCreeker Well-Known Member

    Joined:
    Oct 17, 2006
    Messages:
    50
    Likes Received:
    1
    Trophy Points:
    8
    Location:
    Upper-East TN
    cPanel Access Level:
    Root Administrator
    Yes you can if I understand your question. here is an example that might help:

    Code:
     $h_from: contains "name@"
    or $h_from: contains "@domain.com" 
    Both will work but are very powerful if not made very specific to your needs.

    You could block ALL messages from every "bill" or an entire domain like @aol.com.

    I suggest sending rule results to a test email account to monitor the results for a while.

    You can do that like this:
    Code:
     #block email addresses
    if
      $h_from: contains "name@"
      or $h_from: contains "@domain.com"
    then
      deliver "SpamTest <spamtest@mydomain.com>"
     seen finish
    endif 
    Hope this helps.
     
  6. Shane3673

    Shane3673 Well-Known Member

    Joined:
    Dec 20, 2013
    Messages:
    96
    Likes Received:
    1
    Trophy Points:
    8
    cPanel Access Level:
    Root Administrator
    Thanks, I thought so, but wanted to make sure. Don't at this point have a reason to do it, but might in the future.
     
Loading...

Share This Page