The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Per domain Enable/disable "verify sender", "callouts" and RBL lookups

Discussion in 'E-mail Discussions' started by gpilot, Aug 27, 2007.

  1. gpilot

    gpilot Member

    Joined:
    Nov 26, 2006
    Messages:
    12
    Likes Received:
    0
    Trophy Points:
    1
    II have an unusual situation where most of my clients are happy with "verify sender", "use callouts" and RBL lookups all enabled. There is one customer who insists he is not getting emails and demands these checks be disabled.

    Is there any way to do this on a per-domain basis? A whitelist will not work as I would have to go through the rejectlog often to
    see what addresses are being bounced. I have found about five percent of his rejects which are due to failed sender verify callouts _may_ be legit.....however even though these servers may not be RFC compliant the customer still wants these mails.

    Running WHM 11.2.0, cpanel 11.10.0 stable, CentOS 4.5, Exim 4.63

    (edited 8-29-2007)

    OK, I found some code which appearently worked on the older exim ACL format;

    Add this line to the exim.conf options (first box) in the advanced editor:

    domainlist rbl_bypass = lsearch;/etc/rblbypass

    Touch /etc/rblbypass, add to it the domain.com you want bypassed

    Modify the ACL:

    # RBL Bypass Local Domain List
    !domains = +rbl_bypass

    But my problem is that I need to know where to enter this in the new Exim ACL. More detailed info is at: "http://www.webhostgear.com/175.html" but this info is old and does not seem to apply to cpanel 11.

    Can anyone help with this????
     
    #1 gpilot, Aug 27, 2007
    Last edited: Aug 29, 2007
  2. innsites

    innsites Well-Known Member

    Joined:
    Nov 30, 2005
    Messages:
    57
    Likes Received:
    0
    Trophy Points:
    6
    Exempt a domain from RBL check on incoming mail.

    I would also like to exempt one or more client domains from RBL checks. Were you able successfully implement that? If so, how?
     
  3. gpilot

    gpilot Member

    Joined:
    Nov 26, 2006
    Messages:
    12
    Likes Received:
    0
    Trophy Points:
    1
    Still looking for an answer...

    Innsites, I have tried opening a support ticket with cpanel, my first two emails from them referred to this line in the exim config editor:

    "** A comma or colon seperated list of ip addresses that should not be rbl checked (whitelist)."

    They said this will perform the RBL bypass I seek. I (politely) disagreed with them, as this line allows you to enter a SENDER IP which you want to
    whitelist and not bounce their emails, even if the sender IP is on an RBL list. On my third email to them I provided them with the results of actual testing, which proved
    my statement true. I won't bore you with the details (I will email them if you want) however I am convinced this line is for whitelisting a particular, known sender to
    to exempt them from RBL checking.

    So, back to modding the ACL or cpanel_exim_filters file to bypass all RBL checks for all incoming email to one particular domain on my server, does anyone have any ideas??

    Any leads appreciated. We are willing to pay a modest sum for some consulting help, I really believe this only involves a simple edit to exim.conf or the file which is called by exim.conf for the RBL lookups.

    Insofar as enabling the sender verify and callouts, on a per-domain basis, I think I'll put
    that on the back burner for a while. I have looked at many of the bounces as a result of these and it appears my original statement at the beginning of this thread was incorrect, I can't find any false positives in the rejectlogs.

    Thanks!!
     
  4. innsites

    innsites Well-Known Member

    Joined:
    Nov 30, 2005
    Messages:
    57
    Likes Received:
    0
    Trophy Points:
    6
    Still unable to exempt a domain from rbl checks.

    Am getting incredibly frustrated that nobody at cpanel seems to know how to exempt a domain from spam filtering or rbl checks. I tried the exim users list and got a recommendation for exim 4.67, but WHM 11x is running 4.66. :(
     
  5. gpilot

    gpilot Member

    Joined:
    Nov 26, 2006
    Messages:
    12
    Likes Received:
    0
    Trophy Points:
    1
    I understand

    Insites:

    I agree. cpanel support with this issue is slim. I may have found someone who can offer some help, however if he is able to provide an answer I need his permission to post it here. I may be paying him a small fee for this, but if he gives his OK. I plan on making the fix available for all.

    As far as disabling spam _filtering_ on a per-domain basis, that should be pretty straightforward. Dont check "globally enable" spam assassin on exim config basic mode. Then your accounts can decide for themselves if
    they want spam assassin enabled.
     
    #5 gpilot, Sep 6, 2007
    Last edited: Sep 6, 2007
  6. innsites

    innsites Well-Known Member

    Joined:
    Nov 30, 2005
    Messages:
    57
    Likes Received:
    0
    Trophy Points:
    6
    Testing code right now

    I am testing some coding right now and will post the how-to if it is successful.
     
  7. innsites

    innsites Well-Known Member

    Joined:
    Nov 30, 2005
    Messages:
    57
    Likes Received:
    0
    Trophy Points:
    6
    Success - exempt domain from incoming RBL checks

    Tested with exim 4.66 on
    WHM 11.2.0 cPanel 11.11.0-R16789

    In the Exim Configuration Editor;

    In the first box, add:
    domainlist skip_rbl_domains = domain.com : domain.com


    *Where domain.com = domain names of those that wish to bypass rbl checks on incoming mail

    In the second ACL box of Exim Configuration Editor, make these changes:

    Find this line
    [% ACL_RBL_BLOCK %]

    and comment it out to disable it. It should now look like this:
    #[% ACL_RBL_BLOCK %]

    and then also add these lines;


    deny message= Rejected because $sender_host_address is in a blacklist at $dnslist_domain\n$dnslist_text
    dnslists = zen.spamhaus.org:bl.spamcop.net
    domains = ! +skip_rbl_domains

    So now the full final edit in 2nd ACL BOX looks like this

    #[% ACL_RBL_BLOCK %]
    deny message= Rejected because $sender_host_address is in a blacklist at $dnslist_domain\n$dnslist_text
    dnslists = zen.spamhaus.org:bl.spamcop.net
    domains = ! +skip_rbl_domains


    Since implementing this for 3 domains, none of them have had any spamhaus or spamcop mails rejected. Their choosing! Not mine.

    Special thanks to Darton on the exim-users mailing list for pointing me in the right direction.:)
     
  8. gpilot

    gpilot Member

    Joined:
    Nov 26, 2006
    Messages:
    12
    Likes Received:
    0
    Trophy Points:
    1
    Nice work!

    I am going to test this today and I will report back on the results.

    It looks like you are completely disabling the new RBL check by commenting out the [% ACL_RBL_BLOCK %] function and writing a new RBL check which enables the bypassed domains.

    Thanks!

    gm
     
  9. innsites

    innsites Well-Known Member

    Joined:
    Nov 30, 2005
    Messages:
    57
    Likes Received:
    0
    Trophy Points:
    6
    Definitely works for me!

    Correct. It disabled the new rbl checks but then adds the code back manually.

    Definitely is working for me by NOT doing RBL tests on those clients that don't want it, yet still doing RBL checking for all others as evidenced by reviewing exim_rejectlog

    2007-09-07 15:18:12 H=(C82CA49FFECA433) [221.131.61.22] F=<rbefallen@purinmail.c om> rejected RCPT <xyz@domain.com>: Rejected because 221.131.61.22 is in a blacklist at bl.spamcop.net
     
  10. jerrybell

    jerrybell Well-Known Member

    Joined:
    Nov 27, 2006
    Messages:
    90
    Likes Received:
    0
    Trophy Points:
    6
    So, an issue that is pervasive in the cpanel exim config is that the settings ignore the possibility an email could be send to multiple domains. I believe that the "domains =" condition is nonsensical in emails with multiple recipient domains.

    A way I have fixed that in the past is by only accepting mail for one domain at a time when a remote mail server connects.

    Here is how I have done that:
    Code:
    #!!# ACL that is used after the RCPT command
    check_recipient:
      # Exim 3 had no checking on -bs messages, so for compatibility
      # we accept if the source is local SMTP (i.e. not over TCP/IP).
      # We do this by testing for an empty sending host field.
      defer message = Try this address again shortly
            condition = ${if and {{and \
                                    {\
                                            {def:acl_m3} \
                                            {!eq {${acl_m3}} \
                                                {} \
                                            } \
                                    } \
                                  } \
                                  {!eq {${domain}} \
                                       {${acl_m3}} \
                                  }} \
                           {1}{0}}
    
    What it does is check to see if the value of acl_m3 is set, if not it sets it to the recipient domain. If it is set, it compares the value of acl_m3 with the currently processed recipient domain. If there is a difference, the message gets deferred, and the sending mail server will retry just that recipient, thus ensuring that each recipient domain's spam settings are honored.

    So, in concert with what innsites posted to take care of RBLs, you can do this:
    Code:
    require 
      domains = +skip_sender_verify_domains
      verify = sender
    
    For my next trick, I want to enable per-domain settings of thresholds to flag spam and for rejecting spam.
     
  11. moronhead

    moronhead Well-Known Member

    Joined:
    Aug 12, 2001
    Messages:
    706
    Likes Received:
    0
    Trophy Points:
    16
    Should that last line be domains = ! +skip_sender_verify_domains ?
     
  12. majoosh

    majoosh Well-Known Member

    Joined:
    Feb 18, 2006
    Messages:
    97
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    India

    Hi all :)

    How can we do the same thing in exim-4.69-23.1_cpanel_maildir ??

    Basically I want to skip some domains in my server from RBL check.

    Thanks
    Majoosh
     
Loading...

Share This Page