Real Time Blacklist?

j0hnb

Member
May 17, 2004
24
0
151
Is there a way to add a real time blacklist to the reseller account and have it go down through all accounts. Thus adding an efficient spam filter to all accounts on the system.
 

webignition

Well-Known Member
Jan 22, 2005
1,876
0
166
Are you saying that you'd like to apply an RBL to all accounts owned by a specific reseller?

That might be tricky as you'd have to find a way of telling Exim what accounts to apply the RBL to.

Why not apply it to all accounts, rather than just all accounts owned by a given reseller?
 

j0hnb

Member
May 17, 2004
24
0
151
Sorry I think i said that wrong. I want to apply it to all accounts. The only reason I said reseller was because I was thinking of WHM and was distracted so it kinda came out wrong. I would like to apply it to all of my accounts not some specific ones.
 

chirpy

Well-Known Member
Verifed Vendor
Jun 15, 2002
13,441
31
473
Go on, have a guess
It's simple enough to add RBL checking in the exim configuration editor. Scroll down to the first set of three texboxes in a row. The second textbox will already contain ACLs and it is into this one that you need to add these two new ones. You need to add the following code after the following line with a clear empty line after each segment:
Code:
    accept hosts = :
#
So, including that line it should look like:
Code:
    accept hosts = :

    deny message = Message rejected - $sender_fullhost is in an RBL, see $dnslist_text
          !hosts = +relay_hosts
          !authenticated = *
          dnslists = bl.spamcop.net : sbl-xbl.spamhaus.org
 

innsites

Well-Known Member
Nov 30, 2005
57
0
156
Placing blacklists AFTER dictionary attack??

How do I place the blacklists if I want them to go AFTER the dictionary attack info?

#!!# ACL that is used after the RCPT command
check_recipient:
# Exim 3 had no checking on -bs messages, so for compatibility
# we accept if the source is local SMTP (i.e. not over TCP/IP).
# We do this by testing for an empty sending host field.
accept hosts = :

deny message = Message rejected - $sender_fullhost is in an RBL, see $dnslist_text
!hosts = +relay_hosts
!authenticated = *
dnslists = bl.spamcop.net : sbl-xbl.spamhaus.org

drop hosts = /etc/exim_deny
!hosts = /etc/exim_deny_whitelist
message = Connection denied after dictionary attack
log_message = Connection denied from $sender_host_address after dictionary attack
!hosts = +relay_hosts
!authenticated = *

drop message = Appears to be a dictionary attack
log_message = Dictionary attack (after $rcpt_fail_count failures)
condition = ${if > {${eval:$rcpt_fail_count}}{2}{yes}{no}}
condition = ${run{/etc/exim_deny.pl $sender_host_address }{yes}{no}}
!verify = recipient
!hosts = /etc/exim_deny_whitelist
!hosts = +relay_hosts
!authenticated = *

# Accept bounces to lists even if callbacks or other checks would fail
warn message = X-WhitelistedRCPT-nohdrfromcallback: Yes
condition = \
${if and {{match{$local_part}{(.*)-bounces\+.*}} \
{exists {/usr/local/cpanel/3rdparty/mailman/lists/${lc:$1}/config.pck}}} \
{yes}{no}}

accept condition = \
${if and {{match{$local_part}{(.*)-bounces\+.*}} \
{exists {/usr/local/cpanel/3rdparty/mailman/lists/${lc:$1}/config.pck}}} \
{yes}{no}}


# Accept bounces to lists even if callbacks or other checks would fail
warn message = X-WhitelistedRCPT-nohdrfromcallback: Yes
condition = \
${if and {{match{$local_part}{(.*)-bounces\+.*}} \
{exists {/usr/local/cpanel/3rdparty/mailman/lists/${lc:$1}_${lc:$domain}/config.pck}}} \
{yes}{no}}

accept condition = \
${if and {{match{$local_part}{(.*)-bounces\+.*}} \
{exists {/usr/local/cpanel/3rdparty/mailman/lists/${lc:$1}_${lc:$domain}/config.pck}}} \
{yes}{no}}

#if it gets here it isn't mailman

#sender verifications are required for all messages that are not sent to lists

require verify = sender/callout
accept domains = +local_domains

#recipient verifications are required for all messages that are not sent to the local machine
#this was done at multiple users requests

message = "The recipient cannot be verified. Please check all recipients of this message to verify they are valid."
verify = recipient

accept domains = +relay_domains

warn message = ${perl{popbeforesmtpwarn}{$sender_host_name}}
hosts = +relay_hosts
accept hosts = +relay_hosts

warn message = ${perl{popbeforesmtpwarn}{$sender_host_address}}
condition = ${perl{checkrelayhost}{$sender_host_address}}
accept condition = ${perl{checkrelayhost}{$sender_host_address}}

accept hosts = +auth_relay_hosts
endpass
message = $sender_fullhost is currently not permitted to \
relay through this server. Perhaps you \
have not logged into the pop/imap server in the \
last 30 minutes or do not have SMTP Authentication turned on in your email client.
authenticated = *

deny message = $sender_fullhost is currently not permitted to \
relay through this server. Perhaps you \
have not logged into the pop/imap server in the \
last 30 minutes or do not have SMTP Authentication turned on in your email client.


#!!# ACL that is used after the DATA command
check_message:
# Enabling this will make the server non-rfc compliant
# require verify = header_sender
accept