Spamhaus RBL in exim

you can seperate sbl and xbl

sbl.spamhaus.org
xbl.spamhaus.org


For me, xbl is too agressive because this blacklist will also list those IPs from virus infected users and other dial-up users. So, some of my users was complaining about them being banned when they dial up their ADSL and was assigned an IP which was banned.

Anyway, adding blacklist server is very specified to user's requirement. For me, the one that catches most BL is spamcop.net.

 

does a exim update from cpanel will remove all your changes ? i think so...
Any confirmation ?

 

great, this is good to know.
thanks for that info!

 

I did not write this.
Unfortunately I can't remember where it came from as I have it in a text file in my "useful things" folder.
Apologies to whoever wrote it for not crediting them.

This allows you to have whitelist domaisn and domains for which RBL's are not used.
You can delete blacklists you don;t want to use or comment them out with a #.
I have commented out two in this example so you can see how to do it.

The advantage of this way of doing it is you can turn of filtering for people who don't want it and you can easily add or remove RBL's by commenting them in and out.


Creating lsearch files
*****************

Create three text files in the /etc directory:
/etc/rblblacklist
/etc/rblbypass
/etc/rblwhitelist


Do this by executing the following commands:

cd /etc
touch rblblacklist
touch rblbypass
touch rblwhitelist


SAMPLE DATA
/etc/rblblacklist is a manual blacklist, it rejects specific spammer hosts BEFORE they can send more email to your server:
domain1.com
domain2.com
domain3.com

/etc/rblbypass bypasses RBL email testing for specific destination (local) domains that don't want RBL filtering or prefer SpamAssassin tagging:
domain1.com
domain2.com
domain3.com

/etc/rblwhitelist blocks RBL email testing for listed incoming hosts, (wildcards allowed), in case an important client's mailserver is listed on an RBL you use, also automatically excludes relayhosts:
mail.domain1.com
*.domain2.com
*.domain3.com


-------------------------------
EXIM CONFIGURATION EDITOR
-------------------------------

If you use the WHM-based Exim Configuration Editor, all of your modifications will be reproduced after each update. If you edit exim.conf directly, cPanel updates MAY overwrite your changes! Because of this, the following changes should be entered using the Exim Configuration Editor.

------------------------
Setting up lsearch files
*******************

At the top of the editor, in the window below:
#!!# cPanel Exim 4 Config

Enter these lines:
domainlist rbl_blacklist = lsearch;/etc/rblblacklist
domainlist rbl_bypass = lsearch;/etc/rblbypass
hostlist rbl_whitelist = lsearch;/etc/relayhosts : partial-lsearch;/etc/rblwhitelist

----------------------------
RBL entries in ACL Section
*********************

RBL selection depends on many factors, be sure to edit the list below to reflect your priorities... Postmaster and abuse bypass allows blocked users to contact admin.

In the center window of the ACL section, directly below the line:
accept hosts = :

Enter these lines:

#**#
#**# RBL List Begin
#**#
#
# Always accept mail to postmaster & abuse for any local domain
#
accept domains = +local_domains
local_parts = postmaster:abuse
#
# Check sending hosts against DNS black lists.
# Reject message if address listed in blacklist.
deny message = Message rejected because $sender_fullhost \
is blacklisted at $dnslist_domain see $dnslist_text
dnslists = sbl-xbl.spamhaus.org : \
#bl.spamcop.net : \
#relays.ordb.org
# RBL Bypass Local Domain List
!domains = +rbl_bypass
# RBL Whitelist incoming hosts
!hosts = +rbl_whitelist
#**#
#**# RBL List End
#**#

--------------------------------
RBL entries in ROUTERS Section
**************************

In the ROUTERS section window, directly below the line:
# in the "local_domains" setting above.

Enter these lines:
# Deny and send notice to list of rejected domains.
reject_domains:
driver = redirect
# RBL Blacklist incoming hosts
domains = +rbl_blacklist
allow_fail
data = :fail: Connection rejected: SPAM source $domain is manually blacklisted.


-----------------------------
RBL Testing and Verification
***********************

Once your file changes are in place, be sure to keep an eye out for errors... missing files and other errors will be listed here:
tail -50 /var/log/exim_paniclog

You can view your spam filtering by reviewing the reject log:
tail -50 /var/log/exim_rejectlog

 

I have this setup and its been working great, but I can't seem to accept email from one domain that I have listed in /etc/rblwhitelist. I've added the domain name, mail server name and IP's for both and it still rejects the email since they are in the spamcop RBL. This has worked fine for all others with this same scenario.