The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Real Time Blacklist?

Discussion in 'General Discussion' started by j0hnb, Mar 28, 2006.

  1. j0hnb

    j0hnb Member

    Joined:
    May 17, 2004
    Messages:
    24
    Likes Received:
    0
    Trophy Points:
    1
    Is there a way to add a real time blacklist to the reseller account and have it go down through all accounts. Thus adding an efficient spam filter to all accounts on the system.
     
  2. webignition

    webignition Well-Known Member

    Joined:
    Jan 22, 2005
    Messages:
    1,880
    Likes Received:
    0
    Trophy Points:
    36
    Are you saying that you'd like to apply an RBL to all accounts owned by a specific reseller?

    That might be tricky as you'd have to find a way of telling Exim what accounts to apply the RBL to.

    Why not apply it to all accounts, rather than just all accounts owned by a given reseller?
     
  3. j0hnb

    j0hnb Member

    Joined:
    May 17, 2004
    Messages:
    24
    Likes Received:
    0
    Trophy Points:
    1
    Sorry I think i said that wrong. I want to apply it to all accounts. The only reason I said reseller was because I was thinking of WHM and was distracted so it kinda came out wrong. I would like to apply it to all of my accounts not some specific ones.
     
  4. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    It's simple enough to add RBL checking in the exim configuration editor. Scroll down to the first set of three texboxes in a row. The second textbox will already contain ACLs and it is into this one that you need to add these two new ones. You need to add the following code after the following line with a clear empty line after each segment:
    Code:
        accept hosts = :
    #
    So, including that line it should look like:
    Code:
        accept hosts = :
    
        deny message = Message rejected - $sender_fullhost is in an RBL, see $dnslist_text
              !hosts = +relay_hosts
              !authenticated = *
              dnslists = bl.spamcop.net : sbl-xbl.spamhaus.org
    
     
  5. innsites

    innsites Well-Known Member

    Joined:
    Nov 30, 2005
    Messages:
    57
    Likes Received:
    0
    Trophy Points:
    6
    Placing blacklists AFTER dictionary attack??

    How do I place the blacklists if I want them to go AFTER the dictionary attack info?

    #!!# ACL that is used after the RCPT command
    check_recipient:
    # Exim 3 had no checking on -bs messages, so for compatibility
    # we accept if the source is local SMTP (i.e. not over TCP/IP).
    # We do this by testing for an empty sending host field.
    accept hosts = :

    deny message = Message rejected - $sender_fullhost is in an RBL, see $dnslist_text
    !hosts = +relay_hosts
    !authenticated = *
    dnslists = bl.spamcop.net : sbl-xbl.spamhaus.org

    drop hosts = /etc/exim_deny
    !hosts = /etc/exim_deny_whitelist
    message = Connection denied after dictionary attack
    log_message = Connection denied from $sender_host_address after dictionary attack
    !hosts = +relay_hosts
    !authenticated = *

    drop message = Appears to be a dictionary attack
    log_message = Dictionary attack (after $rcpt_fail_count failures)
    condition = ${if > {${eval:$rcpt_fail_count}}{2}{yes}{no}}
    condition = ${run{/etc/exim_deny.pl $sender_host_address }{yes}{no}}
    !verify = recipient
    !hosts = /etc/exim_deny_whitelist
    !hosts = +relay_hosts
    !authenticated = *

    # Accept bounces to lists even if callbacks or other checks would fail
    warn message = X-WhitelistedRCPT-nohdrfromcallback: Yes
    condition = \
    ${if and {{match{$local_part}{(.*)-bounces\+.*}} \
    {exists {/usr/local/cpanel/3rdparty/mailman/lists/${lc:$1}/config.pck}}} \
    {yes}{no}}

    accept condition = \
    ${if and {{match{$local_part}{(.*)-bounces\+.*}} \
    {exists {/usr/local/cpanel/3rdparty/mailman/lists/${lc:$1}/config.pck}}} \
    {yes}{no}}


    # Accept bounces to lists even if callbacks or other checks would fail
    warn message = X-WhitelistedRCPT-nohdrfromcallback: Yes
    condition = \
    ${if and {{match{$local_part}{(.*)-bounces\+.*}} \
    {exists {/usr/local/cpanel/3rdparty/mailman/lists/${lc:$1}_${lc:$domain}/config.pck}}} \
    {yes}{no}}

    accept condition = \
    ${if and {{match{$local_part}{(.*)-bounces\+.*}} \
    {exists {/usr/local/cpanel/3rdparty/mailman/lists/${lc:$1}_${lc:$domain}/config.pck}}} \
    {yes}{no}}

    #if it gets here it isn't mailman

    #sender verifications are required for all messages that are not sent to lists

    require verify = sender/callout
    accept domains = +local_domains

    #recipient verifications are required for all messages that are not sent to the local machine
    #this was done at multiple users requests

    message = "The recipient cannot be verified. Please check all recipients of this message to verify they are valid."
    verify = recipient

    accept domains = +relay_domains

    warn message = ${perl{popbeforesmtpwarn}{$sender_host_name}}
    hosts = +relay_hosts
    accept hosts = +relay_hosts

    warn message = ${perl{popbeforesmtpwarn}{$sender_host_address}}
    condition = ${perl{checkrelayhost}{$sender_host_address}}
    accept condition = ${perl{checkrelayhost}{$sender_host_address}}

    accept hosts = +auth_relay_hosts
    endpass
    message = $sender_fullhost is currently not permitted to \
    relay through this server. Perhaps you \
    have not logged into the pop/imap server in the \
    last 30 minutes or do not have SMTP Authentication turned on in your email client.
    authenticated = *

    deny message = $sender_fullhost is currently not permitted to \
    relay through this server. Perhaps you \
    have not logged into the pop/imap server in the \
    last 30 minutes or do not have SMTP Authentication turned on in your email client.


    #!!# ACL that is used after the DATA command
    check_message:
    # Enabling this will make the server non-rfc compliant
    # require verify = header_sender
    accept
     
Loading...

Share This Page