The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

I would like to use dbl.spamhaus.com because my test probes show a positive

Discussion in 'E-mail Discussions' started by Marty_Crouch, Jan 16, 2013.

  1. Marty_Crouch

    Marty_Crouch Registered

    Joined:
    Oct 31, 2012
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    I am using zen.spamhaus.com with exim. Thanks for making this so easy to enable in the Basic Editor for exim config.

    I want to add dbl.spamhaus.com because my test probes show a positive match on several spam sources that are getting through spamassassin. I assume it is preferable to use dbl.spamhaus.com with exim (rather than spamassassin) for the same reasons that it is preferable to use zen.spamhaus.com with exim.

    It appears that neither the basic, nor the expert editor supports adding dbl.spamhaus.com. One cannot just add it as a custom rbl, because these are neatly precoded in the manner that is not suitable for the dbl.spamhaus.com (which uses host names rather than host IP addresses.

    A relevant hint by DiverGuy on the Exim Suggestions thread. DiverGuy writes:

    \ Quick and dirty DBL solution:
    \
    \ [% ACL_RBL_BLOCK %]
    \
    \ deny message = JunkMail rejected - spam domain $sender_address_domain is listed on Spamhaus DBL.see $dnslist_text
    \ dnslists = dbl.spamhaus.org/<,$sender_address_domain

    This seems to be a schematic syntax that will compare the sender's domain with dbl.spamhaus.org, the most basic test that one would want to do.

    First question: Expanding on the above schematic, would this be workable --

    deny message = JunkMail rejected - $sender_address_domain is in dbl.spamhaus.net, see $dnslist_text
    dnslists = dbl.spamhaus.org/<,$sender_address_domain
    hosts = +backupmx_hosts

    warn
    !hosts = 69.89.22.20
    dnslists = dbl.spamhaus.org/<,$sender_address_domain
    set acl_m8 = 1
    set acl_m9 = "JunkMail rejected - $sender_address_domain is in dbl.spamhaus.net, see $dnslist_text"

    warn
    condition = ${if eq {${acl_m8}}{1}{1}{0}}
    ratelimit = 0 / 1h / strict / per_conn
    log_message = "Increment Connection Ratelimit - $sender_address_domain because of URI match"

    drop
    condition = ${if eq {${acl_m8}}{1}{1}{0}}
    message = ${acl_m9}

    Second question: how does one implement this ACL via the advanced editor? It seems custom RBLs are pre-configured and can't be modified by the advanced editor. If one must add the custom RBL with a text file, which file will preserve the modification?

    Thanks in advance for any suggestions.

    Marty
     
  2. jetter

    jetter Registered

    Joined:
    Jul 29, 2010
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    I'd also like more info on this.

    Thanks
     
  3. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,854
    Likes Received:
    675
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello :)

    You could try adding the custom ACL rules to the "custom_begin_rbl" area in:

    "WHM Home » Service Configuration » Exim Configuration Manager » Advanced Editor"

    Or, feel free to open a feature request for native support of dbl.spamhaus.com:

    Submit A Feature Request

    Thank you.
     
  4. DiverGuy

    DiverGuy Member
    PartnerNOC

    Joined:
    Apr 14, 2006
    Messages:
    6
    Likes Received:
    0
    Trophy Points:
    1
    I have requested built in DBL support - twice.

    I want to block spam, but I do not want any false positives.
    Nor do I want any 'expanded blocks' for uninvolved IPs.

    After testing a few Block Lists, I've settled on the following few. They dont catch everything, but it does a fairly good job.

    Hopefully it will help you, and others.

    My current list of blocks (including DBL) added via Advanced Editor under section: custom_begin_rbl is :
    Remember to enable that section if you add code there.

    # safe.dnsbl.sorbs.net
    #includes
    # http.dnsbl.sorbs.net 127.0.0.2
    # socks.dnsbl.sorbs.net 127.0.0.3
    # misc.dnsbl.sorbs.net 127.0.0.4
    # smtp.dnsbl.sorbs.net 127.0.0.5
    # new.spam.dnsbl.sorbs.net 127.0.0.6
    # web.dnsbl.sorbs.net 127.0.0.7
    # block.dnsbl.sorbs.net 127.0.0.8
    # zombie.dnsbl.sorbs.net 127.0.0.9
    # dul.dnsbl.sorbs.net 127.0.0.10

    deny message = JunkMail rejected - $sender_fullhost - $sender_address_domain - is in $dnslist_domain dnsbl, see: $dnslist_text
    dnslists = safe.dnsbl.sorbs.net=127.0.0.2
    hosts = +backupmx_hosts
    warn dnslists = safe.dnsbl.sorbs.net=127.0.0.2
    set acl_m8 = 1
    set acl_m9 = "JunkMail rejected - $sender_fullhost - $sender_address_domain - is in $dnslist_domain dnsbl, see: $dnslist_text"
    warn condition = ${if eq {${acl_m8}}{1}{1}{0}}
    ratelimit = 0 / 1h / strict / per_conn
    log_message = "Increment Connection Ratelimit - $sender_fullhost - $sender_address_domain - because of $dnslist_domain dnsbl http match"
    drop condition = ${if eq {${acl_m8}}{1}{1}{0}}
    message = ${acl_m9}

    deny message = JunkMail rejected - $sender_fullhost - $sender_address_domain - is in $dnslist_domain dnsbl, see: $dnslist_text
    dnslists = safe.dnsbl.sorbs.net=127.0.0.3
    hosts = +backupmx_hosts
    warn dnslists = safe.dnsbl.sorbs.net=127.0.0.3
    set acl_m8 = 1
    set acl_m9 = "JunkMail rejected - $sender_fullhost - $sender_address_domain - is in $dnslist_domain dnsbl, see: $dnslist_text"
    warn condition = ${if eq {${acl_m8}}{1}{1}{0}}
    ratelimit = 0 / 1h / strict / per_conn
    log_message = "Increment Connection Ratelimit - $sender_fullhost - $sender_address_domain - because of $dnslist_domain dnsbl socks match"
    drop condition = ${if eq {${acl_m8}}{1}{1}{0}}
    message = ${acl_m9}

    deny message = JunkMail rejected - $sender_fullhost - $sender_address_domain - is in $dnslist_domain dnsbl, see: $dnslist_text
    dnslists = safe.dnsbl.sorbs.net=127.0.0.4
    hosts = +backupmx_hosts
    warn dnslists = safe.dnsbl.sorbs.net=127.0.0.4
    set acl_m8 = 1
    set acl_m9 = "JunkMail rejected - $sender_fullhost - $sender_address_domain - is in $dnslist_domain dnsbl, see: $dnslist_text"
    warn condition = ${if eq {${acl_m8}}{1}{1}{0}}
    ratelimit = 0 / 1h / strict / per_conn
    log_message = "Increment Connection Ratelimit - $sender_fullhost - $sender_address_domain - because of $dnslist_domain dnsbl misc match"
    drop condition = ${if eq {${acl_m8}}{1}{1}{0}}
    message = ${acl_m9}

    deny message = JunkMail rejected - $sender_fullhost - $sender_address_domain - is in $dnslist_domain dnsbl, see: $dnslist_text
    dnslists = safe.dnsbl.sorbs.net=127.0.0.5
    hosts = +backupmx_hosts
    warn dnslists = safe.dnsbl.sorbs.net=127.0.0.5
    set acl_m8 = 1
    set acl_m9 = "JunkMail rejected - $sender_fullhost - $sender_address_domain - is in $dnslist_domain dnsbl, see: $dnslist_text"
    warn condition = ${if eq {${acl_m8}}{1}{1}{0}}
    ratelimit = 0 / 1h / strict / per_conn
    log_message = "Increment Connection Ratelimit - $sender_fullhost - $sender_address_domain - because of $dnslist_domain dnsbl smtp match"
    drop condition = ${if eq {${acl_m8}}{1}{1}{0}}
    message = ${acl_m9}

    deny message = JunkMail rejected - $sender_fullhost - $sender_address_domain - is in $dnslist_domain dnsbl, see: $dnslist_text
    dnslists = safe.dnsbl.sorbs.net=127.0.0.6
    hosts = +backupmx_hosts
    warn dnslists = safe.dnsbl.sorbs.net=127.0.0.6
    set acl_m8 = 1
    set acl_m9 = "JunkMail rejected - $sender_fullhost - $sender_address_domain - is in $dnslist_domain dnsbl, see: $dnslist_text"
    warn condition = ${if eq {${acl_m8}}{1}{1}{0}}
    ratelimit = 0 / 1h / strict / per_conn
    log_message = "Increment Connection Ratelimit - $sender_fullhost - $sender_address_domain - because of $dnslist_domain dnsbl new spam match"
    drop condition = ${if eq {${acl_m8}}{1}{1}{0}}
    message = ${acl_m9}

    deny message = JunkMail rejected - $sender_fullhost - $sender_address_domain - is in $dnslist_domain dnsbl, see: $dnslist_text
    dnslists = safe.dnsbl.sorbs.net=127.0.0.7
    hosts = +backupmx_hosts
    warn dnslists = safe.dnsbl.sorbs.net=127.0.0.7
    set acl_m8 = 1
    set acl_m9 = "JunkMail rejected - $sender_fullhost - $sender_address_domain - is in $dnslist_domain dnsbl, see: $dnslist_text"
    warn condition = ${if eq {${acl_m8}}{1}{1}{0}}
    ratelimit = 0 / 1h / strict / per_conn
    log_message = "Increment Connection Ratelimit - $sender_fullhost - $sender_address_domain - because of $dnslist_domain dnsbl web match"
    drop condition = ${if eq {${acl_m8}}{1}{1}{0}}
    message = ${acl_m9}

    deny message = JunkMail rejected - $sender_fullhost - $sender_address_domain - is in $dnslist_domain dnsbl, see: $dnslist_text
    dnslists = safe.dnsbl.sorbs.net=127.0.0.8
    hosts = +backupmx_hosts
    warn dnslists = safe.dnsbl.sorbs.net=127.0.0.8
    set acl_m8 = 1
    set acl_m9 = "JunkMail rejected - $sender_fullhost - $sender_address_domain - is in $dnslist_domain dnsbl, see: $dnslist_text"
    warn condition = ${if eq {${acl_m8}}{1}{1}{0}}
    ratelimit = 0 / 1h / strict / per_conn
    log_message = "Increment Connection Ratelimit - $sender_fullhost - $sender_address_domain - because of $dnslist_domain dnsbl block match"
    drop condition = ${if eq {${acl_m8}}{1}{1}{0}}
    message = ${acl_m9}

    deny message = JunkMail rejected - $sender_fullhost - $sender_address_domain - is in $dnslist_domain dnsbl, see: $dnslist_text
    dnslists = safe.dnsbl.sorbs.net=127.0.0.9
    hosts = +backupmx_hosts
    warn dnslists = safe.dnsbl.sorbs.net=127.0.0.9
    set acl_m8 = 1
    set acl_m9 = "JunkMail rejected - $sender_fullhost - $sender_address_domain - is in $dnslist_domain dnsbl, see: $dnslist_text"
    warn condition = ${if eq {${acl_m8}}{1}{1}{0}}
    ratelimit = 0 / 1h / strict / per_conn
    log_message = "Increment Connection Ratelimit - $sender_fullhost - $sender_address_domain - because of $dnslist_domain dnsbl zombie match"
    drop condition = ${if eq {${acl_m8}}{1}{1}{0}}
    message = ${acl_m9}

    # UCEPROTECT
    # LEVEL 1 - no escalations
    deny message = JunkMail rejected - $sender_fullhost - $sender_address_domain - is in $dnslist_domain dnsbl, see: $dnslist_text
    dnslists = dnsbl-1.uceprotect.net
    hosts = +backupmx_hosts
    warn dnslists = dnsbl-1.uceprotect.net
    set acl_m8 = 1
    set acl_m9 = "JunkMail rejected - $sender_fullhost - $sender_address_domain - is in $dnslist_domain dnsbl, see: $dnslist_text"
    warn condition = ${if eq {${acl_m8}}{1}{1}{0}}
    ratelimit = 0 / 1h / strict / per_conn
    log_message = "Increment Connection Ratelimit - $sender_fullhost - $sender_address_domain - because of $dnslist_domain level 1 match"
    drop condition = ${if eq {${acl_m8}}{1}{1}{0}}
    message = ${acl_m9}

    # Mailspike.net
    # Worst possible reputation 127.0.0.10
    # L4 Very bad reputation 127.0.0.11
    # L3 Bad reputation 127.0.0.12
    # L2 Suspicious behavior 127.0.0.13
    # L1 Neutral - probably spam 127.0.0.14
    # H0 Neutral 127.0.0.15
    # H1 Neutral - probably legit 127.0.0.16
    # H2 Possible legit sender 127.0.0.17
    # H3 Good Reputation 127.0.0.18
    # H4 Very good Reputation 127.0.0.19
    # H5 Excellent Reputation 127.0.0.20
    deny message = JunkMail rejected - $sender_fullhost - $sender_address_domain - has bad $dnslist_domain reputation, see: $dnslist_text
    dnslists = bl.mailspike.net=127.0.0.12
    hosts = +backupmx_hosts
    warn dnslists = bl.mailspike.net=127.0.0.12
    set acl_m8 = 1
    set acl_m9 = "JunkMail rejected - $sender_fullhost - $sender_address_domain - has bad $dnslist_domain reputation, see: $dnslist_text"
    warn condition = ${if eq {${acl_m8}}{1}{1}{0}}
    ratelimit = 0 / 1h / strict / per_conn
    log_message = "Increment Connection Ratelimit - $sender_fullhost - $sender_address_domain - has bad $dnslist_domain reputation"
    drop condition = ${if eq {${acl_m8}}{1}{1}{0}}
    message = ${acl_m9}

    deny message = JunkMail rejected - $sender_fullhost - $sender_address_domain - has very bad $dnslist_domain reputation, see: $dnslist_text
    dnslists = bl.mailspike.net=127.0.0.11
    hosts = +backupmx_hosts
    warn dnslists = bl.mailspike.net=127.0.0.11
    set acl_m8 = 1
    set acl_m9 = "JunkMail rejected - $sender_fullhost - $sender_address_domain - has very bad $dnslist_domain reputation, see: $dnslist_text"
    warn condition = ${if eq {${acl_m8}}{1}{1}{0}}
    ratelimit = 0 / 1h / strict / per_conn
    log_message = "Increment Connection Ratelimit - $sender_fullhost - $sender_address_domain - has very bad $dnslist_domain reputation"
    drop condition = ${if eq {${acl_m8}}{1}{1}{0}}
    message = ${acl_m9}

    deny message = JunkMail rejected - $sender_fullhost - $sender_address_domain - has worst $dnslist_domain reputation, see: $dnslist_text
    dnslists = bl.mailspike.net=127.0.0.10
    hosts = +backupmx_hosts
    warn dnslists = bl.mailspike.net=127.0.0.10
    set acl_m8 = 1
    set acl_m9 = "JunkMail rejected - $sender_fullhost - $sender_address_domain - has worst $dnslist_domain reputation, see: $dnslist_text"
    warn condition = ${if eq {${acl_m8}}{1}{1}{0}}
    ratelimit = 0 / 1h / strict / per_conn
    log_message = "Increment Connection Ratelimit - $sender_fullhost - $sender_address_domain - has worst $dnslist_domain reputation"
    drop condition = ${if eq {${acl_m8}}{1}{1}{0}}
    message = ${acl_m9}

    deny message = JunkMail rejected - $sender_fullhost - $sender_address_domain - is participating in spam wave, see: $dnslist_domain dnslist_text
    dnslists = bl.mailspike.net=127.0.0.2
    hosts = +backupmx_hosts
    warn dnslists = bl.mailspike.net=127.0.0.2
    set acl_m8 = 1
    set acl_m9 = "JunkMail rejected - $sender_fullhost - $sender_address_domain - $dnslist_domain is participating in spam wave, see $dnslist_domain $dnslist_text"
    warn condition = ${if eq {${acl_m8}}{1}{1}{0}}
    ratelimit = 0 / 1h / strict / per_conn
    log_message = "Increment Connection Ratelimit - $sender_fullhost - $sender_address_domain - is participating in spam wave $dnslist_domain"
    drop condition = ${if eq {${acl_m8}}{1}{1}{0}}
    message = ${acl_m9}

    #barracudacentral
    deny message = JunkMail rejected - $sender_fullhost - $sender_address_domain - is in the $dnslist_domain dnsbl, see: $dnslist_text
    dnslists = b.barracudacentral.org
    hosts = +backupmx_hosts
    warn dnslists = b.barracudacentral.org
    set acl_m8 = 1
    set acl_m9 = "JunkMail rejected - $sender_fullhost - $sender_address_domain - is in the $dnslist_domain dnsbl, see: $dnslist_text"

    warn condition = ${if eq {${acl_m8}}{1}{1}{0}}
    ratelimit = 0 / 1h / strict / per_conn
    log_message = "Increment Connection Ratelimit - $sender_fullhost - $sender_address_domain - because of $dnslist_domain match"
    drop condition = ${if eq {${acl_m8}}{1}{1}{0}}
    message = ${acl_m9}

    #spamcop
    deny message = JunkMail rejected - $sender_fullhost - $sender_address_domain - is in the $dnslist_domain dnsbl, see: $dnslist_text
    dnslists = bl.spamcop.net
    hosts = +backupmx_hosts
    warn dnslists = bl.spamcop.net
    set acl_m8 = 1
    set acl_m9 = "JunkMail rejected - $sender_fullhost - $sender_address_domain - is in the $dnslist_domain dnsbl, see: $dnslist_text"
    warn condition = ${if eq {${acl_m8}}{1}{1}{0}}
    ratelimit = 0 / 1h / strict / per_conn
    log_message = "Increment Connection Ratelimit - $sender_fullhost - $sender_address_domain - because of $dnslist_domain match"
    drop condition = ${if eq {${acl_m8}}{1}{1}{0}}
    message = ${acl_m9}

    #cbl - compromised servers
    deny message = JunkMail rejected - $sender_fullhost - $sender_address_domain - is in the $dnslist_domain dnsbl, see: $dnslist_text
    dnslists = cbl.abuseat.org
    hosts = +backupmx_hosts
    warn dnslists = cbl.abuseat.org
    set acl_m8 = 1
    set acl_m9 = "JunkMail rejected - $sender_fullhost - $sender_address_domain - is in the $dnslist_domain dnsbl, see: $dnslist_text"
    warn condition = ${if eq {${acl_m8}}{1}{1}{0}}
    ratelimit = 0 / 1h / strict / per_conn
    log_message = "Increment Connection Ratelimit - $sender_fullhost - $sender_address_domain - because of $dnslist_domain match"
    drop condition = ${if eq {${acl_m8}}{1}{1}{0}}
    message = ${acl_m9}

    #spamhaus PBL - policy block based on ISP request
    deny message = JunkMail rejected - $sender_fullhost - $sender_address_domain - is in $dnslist_domain, see: $dnslist_text
    dnslists = pbl.spamhaus.org
    hosts = +backupmx_hosts
    warn dnslists = pbl.spamhaus.org
    set acl_m8 = 1
    set acl_m9 = "JunkMail rejected - $sender_fullhost - $sender_address_domain - $dnslist_domain is in SpamHaus PBL, see: $dnslist_text"
    warn condition = ${if eq {${acl_m8}}{1}{1}{0}}
    ratelimit = 0 / 1h / strict / per_conn
    log_message = "Increment Connection Ratelimit - $sender_fullhost - $sender_address_domain - because of $dnslist_domain match"
    drop condition = ${if eq {${acl_m8}}{1}{1}{0}}
    message = ${acl_m9}

    #spamhaus DBL - Domain name blocking list
    deny message = JunkMail rejected - spam domain $sender_address_domain is listed on Spamhaus DBL. see: $dnslist_text
    dnslists = dbl.spamhaus.org/<,$sender_address_domain
    hosts = +backupmx_hosts
    warn dnslists = dbl.spamhaus.org/<,$sender_address_domain
    set acl_m8 = 1
    set acl_m9 = "JunkMail rejected - $sender_address_domain is in $dnslist_domain, see: $dnslist_text"

    warn condition = ${if eq {${acl_m8}}{1}{1}{0}}
    ratelimit = 0 / 1h / strict / per_conn
    log_message = "Increment Connection Ratelimit - $sender_address_domain because of $dnslist_domain dnsbl match"

    drop condition = ${if eq {${acl_m8}}{1}{1}{0}}
    message = ${acl_m9}
     
Loading...

Share This Page