The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

RBL leads to exim death [cpanel parsing bug?]

Discussion in 'General Discussion' started by andren, Jan 16, 2008.

  1. andren

    andren Active Member

    Joined:
    Oct 4, 2005
    Messages:
    34
    Likes Received:
    0
    Trophy Points:
    6
    Cpanel exim config crashes if the name of the blacklist contains '-' as in sbl-xbl.spamhaus etc.

    Tried to add a new RBL called sbl-xbl-spamhaus

    This lead to the death f the 'Exim Configuration Editor':
    Code:
    Exim Configuration Editor
    
        *
          Standard Options
    
          [a fatal error or timeout occurred while processing this directive]
    
    This is from cpanel's error log:
    Code:
    syntax error at /usr/local/cpanel/Whostmgr/TweakSettings/Mail/rbl_sbl-xbl-spamhaus.pm line 1, near "package Whostmgr::TweakSettings::Mail::RBL_sbl-"
    Compilation failed in require at /usr/local/cpanel/Whostmgr/Mail/RBL.pm line 19.
    (internal death while parsing [stdin]) Wed Jan 16 15:34:57 2008 [19840] error: syntax error at /usr/local/cpanel/Whostmgr/TweakSettings/Mail/rbl_sbl-xbl-spamhaus.pm line 1, near "package Whostmgr::TweakSettings::Mail::RBL_sbl-"
    Compilation failed in require at whostmgr/bin/whostmgr2.pl line 20678.
            main::_gentweakpage('Whostmgr::TweakSettings::Mail', 'HASH(0x24416a0)', 'HASH(0x2441690)') called at whostmgr/bin/whostmgr2.pl line 15641
            main::displayeximconfforedit() called at whostmgr/bin/whostmgr2.pl line 736
    
    
    All works fine if it is called sblxblspamhaus or so.
     
  2. sneader

    sneader Well-Known Member

    Joined:
    Aug 21, 2003
    Messages:
    1,126
    Likes Received:
    21
    Trophy Points:
    38
    Location:
    La Crosse, WI
    cPanel Access Level:
    Root Administrator
    Sounds like a bug... but there is no reason to use that RBL anyway. cPanel has built-in support for zen.spamhaus.org, which includes the one you are trying to use (SBL and XBL) plus it includes their PBL list.

    Unless you have a problem with the PBL list (why?), I would just use the built-in Spamhaus RBL and don't worry about the hyphen bug for now.

    Now my problem... I need to find instructions on how to add custom RBLs, now that it's in the latest Release (I had been doing it a different way, per instructions prior to the new RBL manage option)

    - Scott
     
  3. andren

    andren Active Member

    Joined:
    Oct 4, 2005
    Messages:
    34
    Likes Received:
    0
    Trophy Points:
    6
    PBL blocks tons of legitimate email (Comcast & Verizon for instance).
     
  4. sneader

    sneader Well-Known Member

    Joined:
    Aug 21, 2003
    Messages:
    1,126
    Likes Received:
    21
    Trophy Points:
    38
    Location:
    La Crosse, WI
    cPanel Access Level:
    Root Administrator
    That is total nonsense. I have been using zen.spamhaus.org for a long time (since near inception), on 3 cPanel servers, and I've never been made aware of a false positive.

    I have accounts on these servers, and regularly get mail from comcast, verizon, etc.

    I just grep'd my exim_rejectlog for comcast & zen.spamhaus and every one of the spams stopped was garbage (based on silly FROM address, subject, etc.)

    I would like to see if you have any proof of PBL being a poor list to use... my experience is the opposite, on 3 busy servers. PBL does a good job of stopping people with dynamic IPs from spewing out spam. They should be using their ISPs SMTP server (or web host!)

    Now, spamcop... that is another story... I will not use that one here. Too much work whitelisting things like yahoogroups, etc. PITA. Same goes for SORBS (except their DUL list).

    If you or anyone cares, here are the RBLs that I use, with great success (i.e. less than 10 reports of false positives per year):

    zen.spamhaus.org
    list.dsbl.org
    dnsbl.njabl.org
    dul.dnsbl.sorbs.net (not comfortable with other SORBS lists, but this one is helpful)

    YMMV

    - Scott
     
  5. cPanelNick

    cPanelNick Administrator
    Staff Member

    Joined:
    Mar 9, 2015
    Messages:
    3,426
    Likes Received:
    2
    Trophy Points:
    38
    cPanel Access Level:
    DataCenter Provider
    Just name the rbl anything you want, but do not use a dash (-).

    Revision 19431+ will prevent rbls from being added with a dash in the name.
     
  6. nyjimbo

    nyjimbo Well-Known Member

    Joined:
    Jan 25, 2003
    Messages:
    1,125
    Likes Received:
    0
    Trophy Points:
    36
    Location:
    New York
    We only had a small group of people complain once we allowed the PBL, but I think it really has cut down on spam. I love how spamhaus keeps improving this service at no cost to us.

    :)
     
  7. andren

    andren Active Member

    Joined:
    Oct 4, 2005
    Messages:
    34
    Likes Received:
    0
    Trophy Points:
    6
    Thanks (and we did even before posting here). Just thought I point that out after it took me a while to chase that down. :)


    We dropped PBL from all email servers in early March after numerous complaints from clients. Too late for exact data...log's are long gone. Tough we still have emails with funny responses from Comcast service reps not understanding the problem.

    We use
    list.dsbl.org
    dnsbl.ahbl.org
    combined.njabl.org
    sbl-xbl.spamhaus.org
    and a good SA set on our cpanel servers. Works fine.
     
  8. SageBrian

    SageBrian Well-Known Member

    Joined:
    Jun 1, 2002
    Messages:
    415
    Likes Received:
    2
    Trophy Points:
    18
    Location:
    NY/CT (US)
    cPanel Access Level:
    Root Administrator
    I dropped zen back in April after problems.
    But, I think it's resolved now.

    The problem, before, was that my OWN mail was being blocked because I was sending directly from my home router, which was in PBL.

    With the new ACL settings though, authenticated senders by-pass the PBL. So, it actually makes sense now to use zen, since no one should be sending directly from their home PC (except authenticated).
     
  9. sneader

    sneader Well-Known Member

    Joined:
    Aug 21, 2003
    Messages:
    1,126
    Likes Received:
    21
    Trophy Points:
    38
    Location:
    La Crosse, WI
    cPanel Access Level:
    Root Administrator
    But how ??

    OK, how do you add a new RBL via WHM?

    WHM says:

    Add a new RBL

    Rbl Name ________________
    Rbl Info URL __________________
    Dns List __________________


    OK, so let's say I want to add "list.dsbl.org". I'm pretty sure that goes into the "DNS List" field. "Rbl Name" sounds like a label only, so that is easy. I guess the last question is the "Rbl Info URL". I'm guessing this is for the block message, where we tell people where to go, to look up their IP... but what is the format of this field? Is there documentation on this that I'm missing?

    Thanks!

    - Scott
     
  10. cPanelNick

    cPanelNick Administrator
    Staff Member

    Joined:
    Mar 9, 2015
    Messages:
    3,426
    Likes Received:
    2
    Trophy Points:
    38
    cPanel Access Level:
    DataCenter Provider
    Rbl name is anything you like

    rbl info url is anything you like

    the dnslist would be

    list.dsbl.org
     
  11. sneader

    sneader Well-Known Member

    Joined:
    Aug 21, 2003
    Messages:
    1,126
    Likes Received:
    21
    Trophy Points:
    38
    Location:
    La Crosse, WI
    cPanel Access Level:
    Root Administrator
    What order are the RBLs used?

    Thanks Nick. One more question (for now). :)

    I'm assuming that once Exim finds the connecting host on an RBL, it is rejected and it doesn't continue down the list of other RBLs to find more matches.

    So... Is there a way to control which order Exim searches the RBLs? For example, if I want it to use zen.spamhaus.org first, then if no match try dnsbl.njabl.org, then if no match try.... you get the picture. Is this possible? If not, can you let me know what criteria Exim uses to order the RBLs?

    Thanks again!

    - Scott
     
  12. cPanelNick

    cPanelNick Administrator
    Staff Member

    Joined:
    Mar 9, 2015
    Messages:
    3,426
    Likes Received:
    2
    Trophy Points:
    38
    cPanel Access Level:
    DataCenter Provider
    Once it gets to the rbl it will DROP the connection unless its a trusted host. If you have ratelimiting turned on it will increment the ratelimit counter and if they try again they will be locked out from connecting for an hours or so (prevent pointless rbl lookups). Newer versions use ABC order (for the rbl name) for inserting rbls
     
  13. sneader

    sneader Well-Known Member

    Joined:
    Aug 21, 2003
    Messages:
    1,126
    Likes Received:
    21
    Trophy Points:
    38
    Location:
    La Crosse, WI
    cPanel Access Level:
    Root Administrator
    Great... I have experimented with this and I have found that if a Capital letter is used for "Rbl Name" then it has higher priority. So, the sort order is A-Z, then a-z (not sure on numbers).

    Since I can't edit the existing "spamhaus" name (or can I?), and I wanted "spamhaus" to be the first lookup, I named all my other custom RBLs with letters after "s", like "tnjabl" and "usorbs" and "vdsbl", etc., and it seems to work, although it's not pretty to look at LOL

    FYI, I noticed that "njabl" hasn't caught anything recently. It might be because it's further down my RBL list and the other higher priority lists are catching the bad servers.

    Anyone having luck with njabl recently? Any known spam IPs out there that should be in njabl, that I can test with? Other ideas/suggestions appreciated.

    - Scott
     

Share This Page