The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

setup blacklist

Discussion in 'General Discussion' started by centaur777, Nov 26, 2005.

  1. centaur777

    centaur777 Active Member

    Joined:
    Apr 9, 2004
    Messages:
    34
    Likes Received:
    0
    Trophy Points:
    6
    Hi

    Need a bit of advice on something not covered in WHM manual.
    Am using WHM 10.8 with exim-4.52-7 and trying to setup spam blacklist in Exim.

    In WHM->Exim config->Advanced Mode I am adding the following lines after
    accept hosts = :

    #**# RBL List Begin
    # Always accept mail to postmaster & abuse
    #
    accept domains = +local_domains
    local_parts = postmaster:abuse

    # Check sending hosts against DNS black lists.
    drop dnslists = relays.ordb.org :\
    sbl.spamhaus.org :\
    !hosts = +relay_hosts
    !authenticated = *

    message = your mail server $sender_host_address is in a black list \
    at $dnslist_domain ($dnslist_text)
    #**# RBL List End

    1. Does the above need correction because upon scrolling way down I saw accept domains = +local_domains is already there under the following:

    #sender verifications are required for all messages that are not sent to lists
    require verify = sender
    accept domains = +local_domains
    endpass

    Do we need to repeat accept domains = +local_domains in RBL section also?

    2. Syntax should be "message =" or "deny message ="? Should it come before drop dnslists line or after?

    3. !hosts = +relay_hosts Is that needed in RBL also? I ask this because it seems to be already there under:

    warn message = ${perl{popbeforesmtpwarn}{$sender_host_name}}
    hosts = +relay_hosts
    accept hosts = +relay_hosts

    Thanks for your advice.
     
    #1 centaur777, Nov 26, 2005
    Last edited: Nov 26, 2005
  2. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    The key with ACL's is to remember that consecutive lines form a single ACL and spaces between lines delineate them. So:

    1. This:
    Code:
    accept domains = +local_domains
    local_parts = postmaster:abuse
    Is a single ACL that says to accept email for domains in local_domains that are addressed to postmaster@ or abuse@

    It has no bearing on the later use of accept domains wihich is a separate ACL.

    2. The ACL you quoted appears to have a blank line where there shouldn't be one, i.e. to me it looks like it should be:

    Code:
    drop dnslists = relays.ordb.org :\
    sbl.spamhaus.org :\
    !hosts = +relay_hosts
    !authenticated = *
    message = your mail server $sender_host_address is in a black list \
    at $dnslist_domain ($dnslist_text)
    it then makes sense.

    3. Again, each reference of that line is relevant only to the ACL within which it is being used.

    A good set of inline RBL ACL's can be had from:
    http://www.rvskin.com/index.php?page=public/antispam
     
  3. centaur777

    centaur777 Active Member

    Joined:
    Apr 9, 2004
    Messages:
    34
    Likes Received:
    0
    Trophy Points:
    6
    Thanks for that reference article.

    I studied http://www.rvskin.com/index.php?page=public/antispam and added below lines after require verify = sender in the ACL section.

    Objective : EXIM to reject mails from spammers blacklisted in spamhaus.org and
    ordb.org.

    Result: The lines seem to work so far.

    deny message = your mail server $sender_host_address is in a black list \
    at $dnslist_domain ($dnslist_text)
    !hosts = +relay_hosts
    !authenticated = *
    dnslists = relays.ordb.org :\
    sbl.spamhaus.org :\

    1. Any refinements in the code?

    2. Just curious why some people use "deny message=" and some use "message=" in the above ACL. Do both work similarly? Also some people use "dnslists=" and some use "drop dnslists=" in that ACL. Is this because of different verions of EXIM in the past?

    3. I have added !hosts = +relay_hosts and !authenticated = * in above ACL.
    Will my users now be able to send mail to addresses blacklisted at Spamhaus?

    Regards
     
Loading...

Share This Page