The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Exim SMTP+AUTH & RBL

Discussion in 'E-mail Discussions' started by bmuthig, Sep 4, 2005.

  1. bmuthig

    bmuthig Member
    PartnerNOC

    Joined:
    Feb 15, 2004
    Messages:
    22
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Ann Arbor, MI
    cPanel Access Level:
    DataCenter Provider
    We would like to be able to allow users to send mail who authenticate via SMTP+AUTH even if their IP is on a DNSBL... has anyone successfully done this? Currently if they're on the RBL it won't let them get to that point even. I tried to search but couldn't find much information regarding this. Thanks!
     
  2. abubin

    abubin Well-Known Member

    Joined:
    Dec 7, 2004
    Messages:
    393
    Likes Received:
    1
    Trophy Points:
    18
    not sure which guide you used for your RBL implementation but if you have these 3 files for RBL.

    /usr/local/cpanel/base/eximacl/rv_rbl_receiver_domain_whitelist
    /usr/local/cpanel/base/eximacl/rv_rbl_server_ip_whitelist
    /usr/local/cpanel/base/eximacl/rv_rbl_sender_address_whitelist

    All 3 seems quite straight forward. In your case, you need to add the users to the last file.
     
  3. bmuthig

    bmuthig Member
    PartnerNOC

    Joined:
    Feb 15, 2004
    Messages:
    22
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Ann Arbor, MI
    cPanel Access Level:
    DataCenter Provider
    That's a start

    That would at least allow us to do something after a user complains but I'd still like an automated solution for this situation if possible... people getting dirty DHCP IP addresses and then getting pissed at us when they can't send mail!
     
  4. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    You need to post how you've implemented RBL blocking in the ACL section of exim.conf so that we can advise on what changes you need to make.
     
  5. bmuthig

    bmuthig Member
    PartnerNOC

    Joined:
    Feb 15, 2004
    Messages:
    22
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Ann Arbor, MI
    cPanel Access Level:
    DataCenter Provider
    ACLs...

    #!!#######################################################!!#
    #!!# This new section of the configuration contains ACLs #!!#
    #!!# (Access Control Lists) derived from the Exim 3 #!!#
    #!!# policy control options. #!!#
    #!!#######################################################!!#

    #!!# These ACLs are crudely constructed from Exim 3 options.
    #!!# They are almost certainly not optimal. You should study
    #!!# them and rewrite as necessary.

    begin acl



    #!!# ACL that is used after the RCPT command
    check_recipient:
    # Exim 3 had no checking on -bs messages, so for compatibility
    # we accept if the source is local SMTP (i.e. not over TCP/IP).
    # We do this by testing for an empty sending host field.
    accept hosts = :

    # RBL lists

    drop dnslists = relays.ordb.org :\
    sbl-xbl.spamhaus.org :\
    list.dsbl.org :\
    bl.spamcop.net :\
    porn.rhs.mailpolice.com

    message = your mail server $sender_host_address is in a black list \
    at $dnslist_domain ($dnslist_text)


    Let me know if you need more?
     
  6. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    If you modify the drop section to read like this it should ignore users that have authenticated:

    Code:
     drop dnslists = relays.ordb.org :\
        sbl-xbl.spamhaus.org :\
        list.dsbl.org :\
        bl.spamcop.net :\
        porn.rhs.mailpolice.com
        !hosts = +relay_hosts
        !authenticated = *
    
     
  7. barwin

    barwin Active Member

    Joined:
    Jan 5, 2004
    Messages:
    37
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Manhattan
    Adding those two lines ended up causing some problems. We're not sure exactly what conditions caused outgoing emails to fail, but I do not recommend anyone use those options as printed.

    Basically we had a couple customers complain of emails no longer being sent from their PHP apps (which had previously been working for an extended period of time with no problems). In one case, emails were delivered to local mail boxes with no problem, but were lost into the void for non-local deliveries. No errors in /var/log/exim_mainlog either ... sort of a mystery to me at the moment.
     
  8. jogjabox

    jogjabox Member

    Joined:
    Aug 16, 2005
    Messages:
    20
    Likes Received:
    0
    Trophy Points:
    1
    On the very top of exim.conf (edit using WHM), is there any lines below:

    If it's there, you may add your domain.com on /etc/rblbypass, it works for my server to exclude domain who don't want to use RBLs.

    Thanks.
     
  9. PacoSS

    PacoSS Member

    Joined:
    Jan 21, 2004
    Messages:
    21
    Likes Received:
    0
    Trophy Points:
    1
    I'm looking too a way to bypass DNSBL list from senders of my server (authentifycateds).

    Some of my 100% legal users get theirs IP black-listed cause that lists usually blocks the entire /24 range, and they have a fixed ip.
     
Loading...

Share This Page