The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Removed RBL from Exim, Still Bouncing Mail

Discussion in 'E-mail Discussions' started by ramorse, Feb 2, 2015.

  1. ramorse

    ramorse Well-Known Member

    Joined:
    Sep 6, 2003
    Messages:
    201
    Likes Received:
    0
    Trophy Points:
    16
    cPanel Access Level:
    Root Administrator
    I was using sorbs as one of the RBLs in Exim. But it keeps bouncing mail for a client that though they use gmail as their server, they have forwarders on my server set up. Some gmail servers get on sorbs, so if they resend they often get another IP that is not on sorbs and it goes through.

    I removed sorbs from this server but it still is bouncing on or more of these google servers. How do I get rid of it completely?
     
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,830
    Likes Received:
    672
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello :)

    Could you elaborate on how you disabled it? Also, could you post the entry in /var/log/exim_mainlog for one of the bounced messages? This command should help you find the entry:

    Code:
    exigrep user@domain /var/log/exim_mainlog
    Thank you.
     
  3. ramorse

    ramorse Well-Known Member

    Joined:
    Sep 6, 2003
    Messages:
    201
    Likes Received:
    0
    Trophy Points:
    16
    cPanel Access Level:
    Root Administrator
    I'll try. It's been a while. In WHM I went to Exim Configurations -> RBL. I had 3 and sorbs was one. I clicked the radio button for Sorbs from on to off and clicked Save. That was the first step, but I was still getting complaints that email was being blocked by Sorbs. So I went back and clicked on the Manage button on the RBL screen and deleted references to Sorbs and clicked Save.

    After continued complaints I did to a grep for the one user and here's an example with actual domains changed to protect the innocent :):

    2015-02-02 10:52:41 H=mail-wi0-f197.google.com [209.85.212.197]:40014 I=[69.50.241.226]:25 X=TLSv1:RC4-SHA:128 F=<khsu-allstaff+bncBD2NX2OMHUILR456UYCRUBBJ6DGLQ@somecollege.edu> rejected RCPT <user@domain.org>: "JunkMail rejected - mail-wi0-f197.google.com [209.85.212.197]:40014 is in an RBL, see Currently Sending Spam See: http://www.sorbs.net/lookup.shtml?209.85.212.197"

    Also if I just do a grep sorbs exim_mainlog I get tons of results.

    Finally I looked at /etc/exim.conf and found:

    # BEGIN INSERT SORBS_rbl

    deny message = JunkMail rejected - $sender_fullhost is in an RBL, see $dnslist_text
    hosts = +backupmx_hosts
    dnslists = dnsbl.sorbs.net

    warn
    !hosts = 209.17.115.53 : 209.17.115.51 : 75.109.250.204 : 69.50.246.34 : 108.174.96.51
    dnslists = dnsbl.sorbs.net
    set acl_m8 = 1
    set acl_m9 = "JunkMail rejected - $sender_fullhost is in an RBL, see $dnslist_text"

    warn
    condition = ${if eq {${acl_m8}}{1}{1}{0}}
    ratelimit = 0 / 1h / strict / per_conn
    log_message = "Increment Connection Ratelimit - $sender_fullhost because of RBL match"

    drop
    condition = ${if eq {${acl_m8}}{1}{1}{0}}
    message = ${acl_m9}


    # END INSERT SORBS_rbl
     
  4. ramorse

    ramorse Well-Known Member

    Joined:
    Sep 6, 2003
    Messages:
    201
    Likes Received:
    0
    Trophy Points:
    16
    cPanel Access Level:
    Root Administrator
    Any help? Now users are complaining about sorbs rejecting mail from mxlogic servers.
     
  5. ramorse

    ramorse Well-Known Member

    Joined:
    Sep 6, 2003
    Messages:
    201
    Likes Received:
    0
    Trophy Points:
    16
    cPanel Access Level:
    Root Administrator
    I don't really like doing so, but it seems my only option is to edit /etc/exim.conf, removing the whole sorbs block and then restarting exim. Anyone have a better idea? Is this a good idea?
     
  6. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,830
    Likes Received:
    672
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    There are no SORBS entries in /etc/exim.conf by default. Thus, those would have to be custom entries that you added in at some point. You can try backing up and resetting the Exim configuration via:

    "WHM Home » Service Configuration » Exim Configuration Manager"

    Thank you.
     
  7. ramorse

    ramorse Well-Known Member

    Joined:
    Sep 6, 2003
    Messages:
    201
    Likes Received:
    0
    Trophy Points:
    16
    cPanel Access Level:
    Root Administrator
    Not helpful. The whole point of this thread is that yes, I added sorbs as a custom rbl at "WHM Home » Service Configuration » Exim Configuration Manager". Then I removed sorbs because of all the issues, again using "WHM Home » Service Configuration » Exim Configuration Manager". However, mail is STILL being bounced by sorbs.

    Earlier you, cPanelMichael asked me to recount the steps I used to remove it which I did, and then notices that sorbs was still in /etc/exim.conf. I really just want to know the best/safest way to get rid if it.
     
  8. ramorse

    ramorse Well-Known Member

    Joined:
    Sep 6, 2003
    Messages:
    201
    Likes Received:
    0
    Trophy Points:
    16
    cPanel Access Level:
    Root Administrator
    Never mind. Commented out the sorbs block in exim.conf. Seems to be working fine. No more sorbs blocking.
     
  9. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,830
    Likes Received:
    672
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    I am happy to see the issue is now resolved. Feel free to open a support ticket using the link in my signature if you want us to take a closer look at why the custom RBL was not removed from your /etc/exim.conf file after it was disabled in WHM. You can post the ticket number here so we can update this thread with the outcome.

    Thank you.
     
Loading...

Share This Page