rejecting mail connection with exim when no rDNS

nagyosha

Member
Mar 9, 2014
19
0
1
cPanel Access Level
Root Administrator
Hi all
i'm finding lots of spam getting thru on my server . even more getting stopped so i'm half way there.

i also have configserver mailscanner setup ..

nearly all the main spam now that gets thru has no reverse DNS by the looks of it. or at least that is what i see in mailwatch.
so i'd like to refuse connections to exim for inbound mail if there is no reverse dns for the sender it as that seems like it could reduce server load also..
i'd considered just loading the score a bit more in mailscanner for this however as far as the spammers are concerned it has been delivered as they do not see it not getting delivered.

therefor the most useful way to combat it would be just to refuse there connection at the start.
i've read on an article suggestign i add the below to exim (http://www.pasztor.at/2013/01/07/filtering-spam-with-exim-only/)
rules in the RCPT ACL.
Code:
drop message   = Client Policy Restriction: No (consistent) reverse DNS set.
     condition = ${if !def:sender_host_name}
drop message   = Client Policy Restriction: No (consistent) reverse DNS set.
     condition = ${if isip{$sender_host_name} {yes}{no}}
drop message   = Client Policy Restriction: No (consistent) reverse DNS set.
     condition = ${if eq{$sender_host_name}{} {yes}{no}}
drop message   = Client Policy Restriction: No (consistent) reverse DNS set.
     !verify   = reverse_host_lookup
this will according to the article refuse there connection .
I'm not to sure where to add this though ..
looked in Service Configuration » Exim Configuration Manager
and then advanced .. but seeking advice as do not want to break anything lol
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,884
2,250
463
Hello :)

You are welcome to try either solution and let us know the outcome. Another thread you may also find useful is:

Reverse DNS Lookup

Thank you.
 

smileybri

Member
Dec 17, 2010
6
0
51
I know this is old, but when I tried to do this it resulted in outgoing message errors. Users using Outlook or some other SMTP client tarted getting "550 Administrative prohibition" errors that stopped as soon as I disabled the added ACL as in the link above.

Is there a new way to reject mail from servers with invalid PTR that will not cause such an issue, or do I have to change some other option in order to use this ACL?

Currently I am using SpamAssassin to give a high score to this rule but SA is processing an extremely high number of messages that match this rule and this is incredibly inefficient.

Any help is appreciated. Thank you.
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,884
2,250
463

asmithjr

Well-Known Member
Jun 13, 2003
516
8
168
I opened Exim Configuration Manager then the Advanced Tab. Locate custom_begin_recp_verify then copy and pasted the like in that text area. Upon viewing my exim.conf file I see the content in the file in the #BEGIN ACL_RECP_VERIFY_BLOCK section of the file.

I am not aware of any trouble as I just tried this but I have sent test emails to accounts on the server and they delivered.
 
Last edited by a moderator:

eugenevdm.host

Well-Known Member
Oct 21, 2019
73
9
8
Cape Town
cPanel Access Level
DataCenter Provider
I know this is old, but when I tried to do this it resulted in outgoing message errors. Users using Outlook or some other SMTP client tarted getting "550 Administrative prohibition" errors that stopped as soon as I disabled the added ACL as in the link above.
Yep I just thought I'm going to get rid of 100s of SMTP connections from spammers who don't have reverse set up properly, but in the process I blocked many users from accessing our system. So in my opinion do not use that setting because not all commercial ISPs have reverse on the consumer lines.