Unified list of Blacklisted SMTP IP addresses

MikeDVB

Well-Known Member
PartnerNOC
Jun 4, 2008
218
3
68
Indiana, USA
The IPs blocked in Exim are just stored in a configuration file - nothing super special about that.

In essence it sounds like you want to start your own RBL - there are already quite a few purpose-built solutions out there for that already. Just as you're adding IPs to your block list - so are all of the RBLs on a 24/7/365 basis.
 

cPanelMichael

Technical Support Community Manager
Staff member
Apr 11, 2011
47,911
2,234
363
cPanel Access Level
DataCenter Provider
Twitter
Hello :)

The IP addresses you block with this option are stored in the following file:

Code:
/etc/spammeripblocks
You could add entries from all servers to this file and add to it on each server every time you block a new IP address.

Thank you.
 

MikeDVB

Well-Known Member
PartnerNOC
Jun 4, 2008
218
3
68
Indiana, USA
One thing you can do - if you have the time and want to make the effort - is to report the messages that are spam to a service like SpamCop.

I can't say how well it will handle languages other than English - but you can ask them :).
 

albatroz

Well-Known Member
Mar 6, 2003
350
3
168
Virtual Orbis / Peru
cPanel Access Level
Root Administrator
I finally managed to have my RBL/DNS blacklist working, but have the impression that Exim is not reading
the information from my DNS server. Could that be possible?

Hello :)

The IP addresses you block with this option are stored in the following file:

Code:
/etc/spammeripblocks
You could add entries from all servers to this file and add to it on each server every time you block a new IP address.

Thank you.
 

albatroz

Well-Known Member
Mar 6, 2003
350
3
168
Virtual Orbis / Peru
cPanel Access Level
Root Administrator
The hostname of the RBL server is rbl.enlanube.pe,
so I added it on this screen
/https://www.dropbox.com/s/b0g032ucazssc99/Screenshot%202014-04-15%2014.05.19.png

and then enabled it on this other one
/https://www.dropbox.com/s/etu3kevp1rhpj9p/Screenshot%202014-04-15%2014.05.37.png

- - - Updated - - -

BTW,
You can use the following command to make test queries to the RBL

host 214.124.58.198.rbl.enlanube.pe
Host 214.124.58.198.rbl.enlanube.pe not found: 3(NXDOMAIN)
Mac-mini-de-Ale:~ ale$ host 214.124.58.198.rbl.enlanube.pe rbl.enlanube.pe
Using domain server:
Name: rbl.enlanube.pe
Address: 162.243.209.40#53
Aliases:

214.124.58.198.rbl.enlanube.pe has address 127.0.0.2
 

albatroz

Well-Known Member
Mar 6, 2003
350
3
168
Virtual Orbis / Peru
cPanel Access Level
Root Administrator
I added the IP 95.215.224.12 to my custom blacklist to make some tests as you can see in the following lines

Code:
[email protected] [~]# host 12.224.215.95.rbl.enlanube.pe rbl.enlanube.pe
Using domain server:
Name: rbl.enlanube.pe
Address: 162.243.209.40#53
Aliases:

12.224.215.95.rbl.enlanube.pe has address 127.0.0.2


however when I send an email from that IP to my CPanel/Exim server it is blocked

Code:
[email protected] [~]# grep 95.215.224.12 /var/log/exim_mainlog
2014-04-17 08:22:18 1WalKb-0008ph-Vb <= [email protected] H=enkompassmail1.ukdns.biz [95.215.224.12]:50997 P=esmtps X=TLSv1:AES128-SHA:128 S=2607 [email protected] T="fw: Re: Prueba 6.49am" for [email protected]
2014-04-17 08:22:18 SMTP connection from enkompassmail1.ukdns.biz [95.215.224.12]:50997 closed by QUIT
 

cPanelMichael

Technical Support Community Manager
Staff member
Apr 11, 2011
47,911
2,234
363
cPanel Access Level
DataCenter Provider
Twitter
Please open a support ticket using the link in my signature so we can take a closer look. You can post the ticket number here so we can update this thread with the outcome.

Thank you.
 

cPanelMichael

Technical Support Community Manager
Staff member
Apr 11, 2011
47,911
2,234
363
cPanel Access Level
DataCenter Provider
Twitter
To update, it was advised that a zone forwarder should be setup within /etc/named.conf in the "localhost_resolver" view forwarding all requests for the RBL to the appropriate server.

Thank you.