The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Help with Exim RBL (not working)

Discussion in 'General Discussion' started by bsasninja, Sep 5, 2007.

  1. bsasninja

    bsasninja Well-Known Member

    Joined:
    Sep 2, 2004
    Messages:
    528
    Likes Received:
    0
    Trophy Points:
    16
    At the top of my exim.conf I added this lines

    domainlist rbl_bypass = lsearch;/etc/rblbypass
    hostlist rbl_whitelist = lsearch;/etc/relayhosts : net-iplsearch;/etc/rblwhitelist
    addresslist whitelist_senders = wildlsearch;/etc/exim_whitelist_senders

    In ACL section I have the RBL rule:

    deny message = Message rejected - $sender_fullhost is in a black list, see $dnslist_text
    !hosts = +relay_hosts
    !authenticated = *
    !senders = +whitelist_senders
    dnslists = sbl-xbl.spamhaus.org : bl.spamcop.net
    !domains = +rbl_bypass
    !hosts = +rbl_whitelist

    Note that I tagged in red above the line cause Im doing a CIDR whitelisting.
    Note that !host = +rbl_whitelist allows not to perform RBL checking for relayhosts or rblwhitelist

    /etc/rblwhitelist has the following CIDR blocks:

    190.14.64.0/19
    190.15.192.0/19
    190.16.0.0/16
    190.17.0.0/16
    190.18.0.0/15
    190.30.0.0/16
    190.31.0.0/16
    190.48.0.0/16
    190.49.0.0/16
    190.50.0.0/16
    190.51.0.0/16
    190.55.0.0/18
    190.55.64.0/18
    190.55.128.0/18
    190.92.128.0/19
    190.136.0.0/16
    190.137.0.0/16
    190.138.0.0/15
    190.172.0.0/15

    An authenticated customer of my service tries to send a message from IP 190.172.88.53 (note above that block 190.172.0.0/15 is whitelisted).
    And he cant relay the message, it says that is listed at spamhaus.

    What I´m doing wrong????? The RBL is working for all the rest, but seems that is not performing the CIDR whitelisting, maybe is a mistake at the acl rule??

    Help will be appreciated.

    Thanks!!
     
  2. bsasninja

    bsasninja Well-Known Member

    Joined:
    Sep 2, 2004
    Messages:
    528
    Likes Received:
    0
    Trophy Points:
    16
    Seems fixed, user forgot to check authentication at his outlook.

    Anyways, why ip that are whitelisted at rblwhitelist are being blocked? Seems that CIDR whitelisting is not being performed. Or maybe net-iplsearch is bad rule.
     
  3. rpmws

    rpmws Well-Known Member

    Joined:
    Aug 14, 2001
    Messages:
    1,824
    Likes Received:
    5
    Trophy Points:
    38
    Location:
    back woods of NC, USA
    if you grab a fresh exim configuration from scratch and go to the exim config editor in WHM you will see that there is a check box for both zen.spamhaus and spamcop and a box for whitelist IP's :) it's all built-in now if you want to give that a try.

    To see how it's working you can tail your exim_mainlog like this

    tail -f /var/log/exim_mainlog |grep JunkMail

    and watch it working :)

    also for users that are connected to IPs that are on the RBL(s), all they need to do is either use SMTP_Auth (on) OR make a successful pop3 check-in to have their IP added to /etc/relayhosts . They should NOT need to have smtp auth turned on if you are running the pop before smtp service. (most do)
     
    #3 rpmws, Sep 5, 2007
    Last edited: Sep 5, 2007
  4. darkelder

    darkelder Well-Known Member

    Joined:
    Oct 8, 2004
    Messages:
    74
    Likes Received:
    0
    Trophy Points:
    6
    How do add new rbl lists on cpanel?
     
  5. bsasninja

    bsasninja Well-Known Member

    Joined:
    Sep 2, 2004
    Messages:
    528
    Likes Received:
    0
    Trophy Points:
    16
    Rbl is working, what i´m asking is why some Ip´s listed as rblwhitelist are being rejected.

    Thanks
     
  6. nyjimbo

    nyjimbo Well-Known Member

    Joined:
    Jan 25, 2003
    Messages:
    1,125
    Likes Received:
    0
    Trophy Points:
    36
    Location:
    New York
    Could it be that the fall-through logic of the rule tells the MTA to deal with the whitelist LAST and therefore it has already been processed as a bad guy on the RBL ?
     
Loading...

Share This Page