bmuthig

Member
PartnerNOC
Feb 15, 2004
22
0
151
Ann Arbor, MI
cPanel Access Level
DataCenter Provider
We would like to be able to allow users to send mail who authenticate via SMTP+AUTH even if their IP is on a DNSBL... has anyone successfully done this? Currently if they're on the RBL it won't let them get to that point even. I tried to search but couldn't find much information regarding this. Thanks!
 

abubin

Well-Known Member
Dec 7, 2004
401
3
168
bmuthig said:
We would like to be able to allow users to send mail who authenticate via SMTP+AUTH even if their IP is on a DNSBL... has anyone successfully done this? Currently if they're on the RBL it won't let them get to that point even. I tried to search but couldn't find much information regarding this. Thanks!
not sure which guide you used for your RBL implementation but if you have these 3 files for RBL.

/usr/local/cpanel/base/eximacl/rv_rbl_receiver_domain_whitelist
/usr/local/cpanel/base/eximacl/rv_rbl_server_ip_whitelist
/usr/local/cpanel/base/eximacl/rv_rbl_sender_address_whitelist

All 3 seems quite straight forward. In your case, you need to add the users to the last file.
 

bmuthig

Member
PartnerNOC
Feb 15, 2004
22
0
151
Ann Arbor, MI
cPanel Access Level
DataCenter Provider
That's a start

That would at least allow us to do something after a user complains but I'd still like an automated solution for this situation if possible... people getting dirty DHCP IP addresses and then getting pissed at us when they can't send mail!
 

chirpy

Well-Known Member
Verifed Vendor
Jun 15, 2002
13,437
31
473
Go on, have a guess
You need to post how you've implemented RBL blocking in the ACL section of exim.conf so that we can advise on what changes you need to make.
 

bmuthig

Member
PartnerNOC
Feb 15, 2004
22
0
151
Ann Arbor, MI
cPanel Access Level
DataCenter Provider
ACLs...

#!!#######################################################!!#
#!!# This new section of the configuration contains ACLs #!!#
#!!# (Access Control Lists) derived from the Exim 3 #!!#
#!!# policy control options. #!!#
#!!#######################################################!!#

#!!# These ACLs are crudely constructed from Exim 3 options.
#!!# They are almost certainly not optimal. You should study
#!!# them and rewrite as necessary.

begin acl



#!!# ACL that is used after the RCPT command
check_recipient:
# Exim 3 had no checking on -bs messages, so for compatibility
# we accept if the source is local SMTP (i.e. not over TCP/IP).
# We do this by testing for an empty sending host field.
accept hosts = :

# RBL lists

drop dnslists = relays.ordb.org :\
sbl-xbl.spamhaus.org :\
list.dsbl.org :\
bl.spamcop.net :\
porn.rhs.mailpolice.com

message = your mail server $sender_host_address is in a black list \
at $dnslist_domain ($dnslist_text)


Let me know if you need more?
 

chirpy

Well-Known Member
Verifed Vendor
Jun 15, 2002
13,437
31
473
Go on, have a guess
If you modify the drop section to read like this it should ignore users that have authenticated:

Code:
 drop dnslists = relays.ordb.org :\
    sbl-xbl.spamhaus.org :\
    list.dsbl.org :\
    bl.spamcop.net :\
    porn.rhs.mailpolice.com
    !hosts = +relay_hosts
    !authenticated = *
 

barwin

Active Member
Jan 5, 2004
37
0
156
Manhattan
Adding those two lines ended up causing some problems. We're not sure exactly what conditions caused outgoing emails to fail, but I do not recommend anyone use those options as printed.

Basically we had a couple customers complain of emails no longer being sent from their PHP apps (which had previously been working for an extended period of time with no problems). In one case, emails were delivered to local mail boxes with no problem, but were lost into the void for non-local deliveries. No errors in /var/log/exim_mainlog either ... sort of a mystery to me at the moment.
 

jogjabox

Member
Aug 16, 2005
20
0
151
On the very top of exim.conf (edit using WHM), is there any lines below:

domainlist rbl_blacklist = lsearch;/etc/rblblacklist
domainlist rbl_bypass = lsearch;/etc/rblbypass
hostlist rbl_whitelist = lsearch;/etc/relayhosts : partial-lsearch;/etc/rblwhitelist
If it's there, you may add your domain.com on /etc/rblbypass, it works for my server to exclude domain who don't want to use RBLs.

Thanks.
 

PacoSS

Member
Jan 21, 2004
21
0
151
I'm looking too a way to bypass DNSBL list from senders of my server (authentifycateds).

Some of my 100% legal users get theirs IP black-listed cause that lists usually blocks the entire /24 range, and they have a fixed ip.