Removed RBL from Exim, Still Bouncing Mail

ramorse

Well-Known Member
Sep 6, 2003
256
5
168
cPanel Access Level
Root Administrator
I was using sorbs as one of the RBLs in Exim. But it keeps bouncing mail for a client that though they use gmail as their server, they have forwarders on my server set up. Some gmail servers get on sorbs, so if they resend they often get another IP that is not on sorbs and it goes through.

I removed sorbs from this server but it still is bouncing on or more of these google servers. How do I get rid of it completely?
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,903
2,237
463
I removed sorbs from this server but it still is bouncing on or more of these google servers. How do I get rid of it completely?
Hello :)

Could you elaborate on how you disabled it? Also, could you post the entry in /var/log/exim_mainlog for one of the bounced messages? This command should help you find the entry:

Code:
exigrep [email protected] /var/log/exim_mainlog
Thank you.
 

ramorse

Well-Known Member
Sep 6, 2003
256
5
168
cPanel Access Level
Root Administrator
I'll try. It's been a while. In WHM I went to Exim Configurations -> RBL. I had 3 and sorbs was one. I clicked the radio button for Sorbs from on to off and clicked Save. That was the first step, but I was still getting complaints that email was being blocked by Sorbs. So I went back and clicked on the Manage button on the RBL screen and deleted references to Sorbs and clicked Save.

After continued complaints I did to a grep for the one user and here's an example with actual domains changed to protect the innocent :):

2015-02-02 10:52:41 H=mail-wi0-f197.google.com [209.85.212.197]:40014 I=[69.50.241.226]:25 X=TLSv1:RC4-SHA:128 F=<[email protected]> rejected RCPT <[email protected]>: "JunkMail rejected - mail-wi0-f197.google.com [209.85.212.197]:40014 is in an RBL, see Currently Sending Spam See: http://www.sorbs.net/lookup.shtml?209.85.212.197"

Also if I just do a grep sorbs exim_mainlog I get tons of results.

Finally I looked at /etc/exim.conf and found:

# BEGIN INSERT SORBS_rbl

deny message = JunkMail rejected - $sender_fullhost is in an RBL, see $dnslist_text
hosts = +backupmx_hosts
dnslists = dnsbl.sorbs.net

warn
!hosts = 209.17.115.53 : 209.17.115.51 : 75.109.250.204 : 69.50.246.34 : 108.174.96.51
dnslists = dnsbl.sorbs.net
set acl_m8 = 1
set acl_m9 = "JunkMail rejected - $sender_fullhost is in an RBL, see $dnslist_text"

warn
condition = ${if eq {${acl_m8}}{1}{1}{0}}
ratelimit = 0 / 1h / strict / per_conn
log_message = "Increment Connection Ratelimit - $sender_fullhost because of RBL match"

drop
condition = ${if eq {${acl_m8}}{1}{1}{0}}
message = ${acl_m9}


# END INSERT SORBS_rbl
 

ramorse

Well-Known Member
Sep 6, 2003
256
5
168
cPanel Access Level
Root Administrator
I don't really like doing so, but it seems my only option is to edit /etc/exim.conf, removing the whole sorbs block and then restarting exim. Anyone have a better idea? Is this a good idea?
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,903
2,237
463
There are no SORBS entries in /etc/exim.conf by default. Thus, those would have to be custom entries that you added in at some point. You can try backing up and resetting the Exim configuration via:

"WHM Home » Service Configuration » Exim Configuration Manager"

Thank you.
 

ramorse

Well-Known Member
Sep 6, 2003
256
5
168
cPanel Access Level
Root Administrator
Not helpful. The whole point of this thread is that yes, I added sorbs as a custom rbl at "WHM Home » Service Configuration » Exim Configuration Manager". Then I removed sorbs because of all the issues, again using "WHM Home » Service Configuration » Exim Configuration Manager". However, mail is STILL being bounced by sorbs.

Earlier you, cPanelMichael asked me to recount the steps I used to remove it which I did, and then notices that sorbs was still in /etc/exim.conf. I really just want to know the best/safest way to get rid if it.
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,903
2,237
463
I am happy to see the issue is now resolved. Feel free to open a support ticket using the link in my signature if you want us to take a closer look at why the custom RBL was not removed from your /etc/exim.conf file after it was disabled in WHM. You can post the ticket number here so we can update this thread with the outcome.

Thank you.