The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

how to blacklist an email server

Discussion in 'E-mail Discussions' started by Annette, Nov 15, 2002.

  1. Annette

    Annette Well-Known Member
    PartnerNOC

    Joined:
    Aug 12, 2001
    Messages:
    445
    Likes Received:
    0
    Trophy Points:
    16
    In your exim.conf add this in the section with rbl_domains:

    rbl_domains = some.mailserver.name/reject
    recipients_reject_except = postmaster@yourdomain.com

    The last is so the rejected site can still contact your postmaster address should they need to do so.

    Restart exim, and that should take care of it. Rejects will be noted along with others in /var/log/exim_rejectlog
     
  2. kosmo

    kosmo Well-Known Member

    Joined:
    Aug 12, 2001
    Messages:
    403
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    All over Europe
    This has cut my spam by 90%:

    rbl_domains = blackholes.mail-abuse.org/reject : \
    dialups.mail-abuse.org/reject : \
    relays.mail-abuse.org/warn : \
    relays.ordb.org/warn : \
    bl.spamcop.net/reject

    Some honest people learned this way that they are on a server known for spam practices.

    kosmo
     
  3. haze

    haze Well-Known Member

    Joined:
    Dec 21, 2001
    Messages:
    1,550
    Likes Received:
    3
    Trophy Points:
    38
    Kosmo: Do you know if mail-abuse uses spews? Im trying to stick away from spews supported lists, because of certain issues.

    Just for the heck.. this is what I've got in my exim.conf:

    rbl_domains = relays.ordb.org/reject : \
    bl.spamcop.net/reject

    I can't believe I've gone so long without it.. its stoped so much spam!
     
  4. Curt

    Curt Well-Known Member

    Joined:
    Oct 16, 2001
    Messages:
    90
    Likes Received:
    0
    Trophy Points:
    6
    [quote:bb5f6c43f9][i:bb5f6c43f9]Originally posted by Annette[/i:bb5f6c43f9]

    In your exim.conf add this in the section with rbl_domains:

    rbl_domains = some.mailserver.name/reject
    recipients_reject_except = postmaster@yourdomain.com

    The last is so the rejected site can still contact your postmaster address should they need to do so.

    Restart exim, and that should take care of it. Rejects will be noted along with others in /var/log/exim_rejectlog
    [/quote:bb5f6c43f9]

    Annette,
    If I had someone who did not want to have spam blocked can you add extra lines like the following for additional email ID's?

    &recipients_reject_except = postmaster@yourdomain.com&

    Thanks!
     
  5. AlaskanWolf

    AlaskanWolf Well-Known Member

    Joined:
    Aug 11, 2001
    Messages:
    537
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Fremont CA
    actually your wasting empty space with

    blackholes.mail-abuse.org/reject : \
    dialups.mail-abuse.org/reject : \
    relays.mail-abuse.org/warn : \


    they dont exist anymore, they went to a pay only system. so the main two you can really use is spamcop and ordb which are non-spews
     
  6. Juanra

    Juanra Well-Known Member

    Joined:
    Sep 22, 2001
    Messages:
    777
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Spain
    About spamcop.net, this is what they say in their web page:
    [quote:df5fac7e6f]Status

    This blocking list is somewhat experimental and should not be used in a production environment where legitimate email must be delivered. It is growing more stable and is used by many large sites now. However SpamCop is agressive and often errs on the side of blocking mail - users should be warned and given information about how their mail is filtered. Ideally they should have a choice of filtering options. Many mailservers can operate with blacklists in a &tag only& mode, which is preferable in many situations.[/quote:df5fac7e6f]
     
  7. haze

    haze Well-Known Member

    Joined:
    Dec 21, 2001
    Messages:
    1,550
    Likes Received:
    3
    Trophy Points:
    38
    [quote:a054228785][i:a054228785]Originally posted by AlaskanWolf[/i:a054228785]

    actually your wasting empty space with

    blackholes.mail-abuse.org/reject : \
    dialups.mail-abuse.org/reject : \
    relays.mail-abuse.org/warn : \


    they dont exist anymore, they went to a pay only system. so the main two you can really use is spamcop and ordb which are non-spews[/quote:a054228785]
    Do you know of, or does anyone else know of any other non-spews ordb lists? I have noticed a significant drop in spam emails, and a simple grep on the exim log shows literally hundreds of lost spam email daily.
     
  8. Marty

    Marty Well-Known Member

    Joined:
    Oct 10, 2001
    Messages:
    630
    Likes Received:
    1
    Trophy Points:
    18
    From: http://relays.osirusoft.com/faq.html#_Toc533558165

    What are all these zones?

    * Relays.OsiruSoft.com contains all zones, except for outputs and blocktest. Effectively, it�s the master list containing the minimum casualties subzones.
    * Inputs.relays.OsiruSoft.com contains only insecure mail servers.
    * Dialups.relays.OsiruSoft.com contains only sources of direct-to-mx spam which are obviously in dynamic IP pools.
    * Spamsites.relays.OsiruSoft.com contains only sites from spamsites.org.
    * Spamhaus.relays.OsiruSoft.com contains only sites from spamhaus.org.
    * Spews.relays.OsiruSoft.com contains only sites from spews.org.
    * Blocktest.relays.osirusoft.com is a stand-alone zone. It's meant to block testers from testing a site or netblock for many different reasons and has no practical value. It's not to be interpreted any other way than to prevent test software from testing other sites.
    * Outputs.relays.osirusoft.com will also be a stand-alone zone, and even though it will be created, it should only be used to warn the servers listed.
     
  9. haze

    haze Well-Known Member

    Joined:
    Dec 21, 2001
    Messages:
    1,550
    Likes Received:
    3
    Trophy Points:
    38
    I've been pretty happy with ordb & spamcop, I just started using http://njabl.org on one of our servers and it seems to be working great. Anyone have any comments about them at all?
     
  10. Annette

    Annette Well-Known Member
    PartnerNOC

    Joined:
    Aug 12, 2001
    Messages:
    445
    Likes Received:
    0
    Trophy Points:
    16
    Curt, we do not whitelist recipients, with the exception of our postmaster address. There is simply a great possibility that we would wind up adjusting that constantly, given the number of clients we have.
     
  11. haze

    haze Well-Known Member

    Joined:
    Dec 21, 2001
    Messages:
    1,550
    Likes Received:
    3
    Trophy Points:
    38
    Anyone figure out how to add multiple addresses to the &recipients_reject_except& field?
     
  12. kosmo

    kosmo Well-Known Member

    Joined:
    Aug 12, 2001
    Messages:
    403
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    All over Europe
    [quote:f3a0f07fd1][i:f3a0f07fd1]Originally posted by iminteractive[/i:f3a0f07fd1]

    Anyone figure out how to add multiple addresses to the &recipients_reject_except& field?[/quote:f3a0f07fd1]

    Found this throu google:

    recipients_reject_except =3D postmaster@* : abuse@* : *-admin@*
    but also found this:
    recipients_reject_except = root@xxx.edu,postmaster@xxx.edu
     
  13. kalelme

    kalelme Member

    Joined:
    Nov 1, 2002
    Messages:
    13
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Barcelona, Edo. Anzoategui, Venezuela
    2002-11-18 19:12:48 18Dv4C-0006A9-00 &= you@littlebastard.com H=(hack.com) [200.60.152.4] P=smtp S=5478
    2002-11-18 19:12:48 18Dv4R-0006C4-00 &= you@littlebastard.com H=(hack.com) [200.60.152.4] P=smtp S=5478
    2002-11-18 19:12:48 18Dv4Q-0006Bt-00 &= you@littlebastard.com H=(hack.com) [200.60.152.4] P=smtp S=5478
    2002-11-18 19:12:48 18Dv4Q-0006Bs-00 &= you@littlebastard.com H=(hack.com) [200.60.152.4] P=smtp S=5478
    2002-11-18 19:12:48 18Dv4R-0006C3-00 &= you@littlebastard.com H=(hack.com) [200.60.152.4] P=smtp S=5478
    2002-11-18 19:12:49 18Dv4S-0006C6-00 &= you@littlebastard.com H=(hack.com) [200.60.152.4] P=smtp S=5478
    2002-11-18 19:12:49 18Dv4S-0006Bu-00 &= you@littlebastard.com H=(hack.com) [200.60.152.4] P=smtp S=5478
    2002-11-18 19:12:49 18Dv4T-0006CC-00 &= you@littlebastard.com H=(hack.com) [200.60.152.4] P=smtp S=5478
    2002-11-18 19:12:49 18Dv4T-0006C5-00 &= you@littlebastard.com H=(hack.com) [200.60.152.4] P=smtp S=5478
    2002-11-18 19:12:50 18Dv4T-0006CE-00 &= you@littlebastard.com H=(hack.com) [200.60.152.4] P=smtp S=5478
    2002-11-18 19:12:50 18Dv4T-0006C7-00 &= you@littlebastard.com H=(hack.com) [200.60.152.4] P=smtp S=5478
    2002-11-18 19:12:50 18Dv4T-0006CK-00 &= you@littlebastard.com H=(hack.com) [200.60.152.4] P=smtp S=5478
    2002-11-18 19:12:51 18Dv4U-0006CN-00 &= you@littlebastard.com H=(hack.com) [200.60.152.4] P=smtp S=5478
    2002-11-18 19:12:51 18Dv4U-0006CO-00 &= you@littlebastard.com H=(hack.com) [200.60.152.4] P=smtp S=5478
    2002-11-18 19:12:51 18Dv4U-0006CR-00 &= you@littlebastard.com H=(hack.com) [200.60.152.4] P=smtp S=5478
    2002-11-18 19:12:51 18Dv4U-0006CT-00 &= you@littlebastard.com H=(hack.com) [200.60.152.4] P=smtp S=5478
    2002-11-18 19:12:51 18Dv4T-0006CB-00 &= you@littlebastard.com H=(hack.com) [200.60.152.4] P=smtp S=5478
    2002-11-18 19:12:52 18Dv4U-0006CX-00 &= you@littlebastard.com H=(hack.com) [200.60.152.4] P=smtp S=5478
    2002-11-18 19:12:52 18Dv4U-0006CY-00 &= you@littlebastard.com H=(hack.com) [200.60.152.4] P=smtp S=5478
    2002-11-18 19:12:52 18Dv4V-0006Cc-00 &= you@littlebastard.com H=(hack.com) [200.60.152.4] P=smtp S=5478
    2002-11-18 19:12:52 18Dv4V-0006Cb-00 &= you@littlebastard.com H=(hack.com) [200.60.152.4] P=smtp S=5478
    2002-11-18 19:12:52 18Dv4V-0006Cd-00 &= you@littlebastard.com H=(hack.com) [200.60.152.4] P=smtp S=5478
    2002-11-18 19:12:52 18Dv4O-0006B2-00 &= you@littlebastard.com H=(hack.com) [200.60.152.4] P=smtp S=5478
    2002-11-18 19:12:52 18Dv4W-0006CA-00 &= you@littlebastard.com H=(hack.com) [200.60.152.4] P=smtp S=5478
    2002-11-18 19:12:53 18Dv4V-0006Ce-00 &= you@littlebastard.com H=(hack.com) [200.60.152.4] P=smtp S=5478
    2002-11-18 19:12:53 18Dv4V-0006Ca-00 &= you@littlebastard.com H=(hack.com) [200.60.152.4] P=smtp S=5478
    2002-11-18 19:12:54 18Dv4X-0006CW-00 &= you@littlebastard.com H=(hack.com) [200.60.152.4] P=smtp S=5478
    2002-11-18 19:12:55 18Dv4Y-0006Bp-00 &= you@littlebastard.com H=(hack.com) [200.60.152.4] P=smtp S=5478

    this is any lines in my /var/logs/exim_mainlog


    As I can block it? please help
     
  14. moronhead

    moronhead Well-Known Member

    Joined:
    Aug 12, 2001
    Messages:
    706
    Likes Received:
    0
    Trophy Points:
    16
    [quote:ef85741bed][i:ef85741bed]Originally posted by Juanra[/i:ef85741bed]

    About spamcop.net, this is what they say in their web page:
    [quote:ef85741bed]Status

    This blocking list is somewhat experimental and should not be used in a production environment where legitimate email must be delivered. It is growing more stable and is used by many large sites now. However SpamCop is agressive and often errs on the side of blocking mail - users should be warned and given information about how their mail is filtered. Ideally they should have a choice of filtering options.[/quote:ef85741bed][/quote:ef85741bed]
    That's quite true. Some legitimate sounding mail servers are also getting blocked, such as mailer2.easyspace.com. One user from that server may have caused a report sent to spamcop.net but that also means that many more non-spam users (and recipients from those users) are not getting their mail for that reason.
     
  15. host95

    host95 Member

    Joined:
    Jan 21, 2003
    Messages:
    12
    Likes Received:
    0
    Trophy Points:
    1
    What we need is the Holy Grail and that hasn't been found yet. There are a number of serious problems with Spamcop, not the least of which is the blocking of legitimate (non-spamming) servers. Your clients will be victimized as well should your server (their mail server) end up on the dog pile. Something as simple as an old formmail.pl script is enough to get your server blacklisted from ISPs like AOL. And how do you prevent that.
     
  16. SageBrian

    SageBrian Well-Known Member

    Joined:
    Jun 1, 2002
    Messages:
    415
    Likes Received:
    2
    Trophy Points:
    18
    Location:
    NY/CT (US)
    cPanel Access Level:
    Root Administrator
    they also tend to put whole blocks of IP addresses in their list. So, you might have the cleanest server in the world, but if you are in a block of IP numbers owned by a 'bad' person, you are likely to get listed.

    What would be nice is to have all of these lists consolidated into one, true list. A list that is not super aggresive, and that does not use IP Block banning.

    Where server admins can appeal to the list admins to show proof that they have taken care of the problem.

    And.... here's an idea that's revolutionary.... charge for the service. :) Even if it was a measley $10/yr per server using the service, it would give incentive to the 'keepers' to actually make it work (versus the tagline: experimental).

    There could still be competition.... note the various virus protection solutions.
     
  17. bennet

    bennet Well-Known Member

    Joined:
    Apr 25, 2002
    Messages:
    68
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Brazil
    cPanel Access Level:
    Root Administrator
  18. triatma

    triatma Member

    Joined:
    Apr 21, 2003
    Messages:
    17
    Likes Received:
    0
    Trophy Points:
    1
    error in exim

    i am getting an error in exim which says the following:

    2004-01-02 11:29:32 Exim configuration error in line 3:
    main option "rbl_domains" unknown
    Exim version 4.24 #1 built 29-Sep-2003 02:43:17
    Copyright (c) University of Cambridge 2003
    Berkeley DB: Sleepycat Software: Berkeley DB 4.0.14: (November 18, 2001)
    Support for: iconv() PAM Perl OpenSSL
    Authenticators: cram_md5 plaintext spa
    Routers: accept dnslookup ipliteral manualroute queryprogram redirect
    Transports: appendfile autoreply pipe smtp
    Configuration file has an invalid syntax. Please try again.

    the statements i entered into it are :

    rbl_domains = relays.ordb.org/warn : bl.spamcop.net/reject
     
  19. wsenter

    wsenter Well-Known Member

    Joined:
    Aug 5, 2003
    Messages:
    88
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Texas
    rbl_domains unknown error

    I am getting "rbl_domain" unknown error when restarting exim. Exim will not start. I typed in the reject samples exactly as shown.

    Help !!

    I am getting spammed to death.
     
Loading...

Share This Page