Unified list of Blacklisted SMTP IP addresses

[albatroz]

I use this WHM/exim option to block lots of IP addresses that RBL lists don´t block,
so I was wondering if there is a way to have a merged list that could be shared among
all my WHM/CPanel servers.

I am currently using WHM/CPanel version 11.38.2 (build 6)

 

[MikeDVB]

The IPs blocked in Exim are just stored in a configuration file - nothing super special about that.

In essence it sounds like you want to start your own RBL - there are already quite a few purpose-built solutions out there for that already. Just as you're adding IPs to your block list - so are all of the RBLs on a 24/7/365 basis.

 

[cPanelMichael]

Hello

The IP addresses you block with this option are stored in the following file:

/etc/spammeripblocks

You could add entries from all servers to this file and add to it on each server every time you block a new IP address.

Thank you.

 

[albatroz]

Yes, it seems that I will start my own RBL for local spammers (peruvian spam written in spanish).
I am looking for a solution like this one....
DNS Blacklist Editor

 

[MikeDVB]

One thing you can do - if you have the time and want to make the effort - is to report the messages that are spam to a service like SpamCop.

I can't say how well it will handle languages other than English - but you can ask them .

 

[albatroz]

What I am doing right now is configuring Simple DNS with this Blacklist Plugin
DNS Blacklist (DNSBL / RBL) Plug-In - Simple DNS Plus

 

[albatroz]

I finally managed to have my RBL/DNS blacklist working, but have the impression that Exim is not reading
the information from my DNS server. Could that be possible?

Hello

The IP addresses you block with this option are stored in the following file:

/etc/spammeripblocks

You could add entries from all servers to this file and add to it on each server every time you block a new IP address.

Thank you.

 

[cPanelMichael]

I finally managed to have my RBL/DNS blacklist working, but have the impression that Exim is not reading
the information from my DNS server. Could that be possible?

What method/steps have you used to enable it?

Thank you.

 

[albatroz]

The hostname of the RBL server is rbl.enlanube.pe,
so I added it on this screen
/https://www.dropbox.com/s/b0g032ucazssc99/Screenshot%202014-04-15%2014.05.19.png

and then enabled it on this other one
/https://www.dropbox.com/s/etu3kevp1rhpj9p/Screenshot%202014-04-15%2014.05.37.png

- - - Updated - - -

BTW,
You can use the following command to make test queries to the RBL

host 214.124.58.198.rbl.enlanube.pe
Host 214.124.58.198.rbl.enlanube.pe not found: 3(NXDOMAIN)
Mac-mini-de-Ale:~ ale$ host 214.124.58.198.rbl.enlanube.pe rbl.enlanube.pe
Using domain server:
Name: rbl.enlanube.pe
Address: 162.243.209.40#53
Aliases:

214.124.58.198.rbl.enlanube.pe has address 127.0.0.2

 

[cPanelMichael]

but have the impression that Exim is not reading the information from my DNS server.

Is there a reason you feel that Exim is not utilizing this custom RBL?

Thank you.

 

[albatroz]

I added the IP 95.215.224.12 to my custom blacklist to make some tests as you can see in the following lines

[email protected] [~]# host 12.224.215.95.rbl.enlanube.pe rbl.enlanube.pe
Using domain server:
Name: rbl.enlanube.pe
Address: 162.243.209.40#53
Aliases:

12.224.215.95.rbl.enlanube.pe has address 127.0.0.2

however when I send an email from that IP to my CPanel/Exim server it is blocked

[email protected] [~]# grep 95.215.224.12 /var/log/exim_mainlog
2014-04-17 08:22:18 1WalKb-0008ph-Vb <= [email protected] H=enkompassmail1.ukdns.biz [95.215.224.12]:50997 P=esmtps X=TLSv1:AES128-SHA:128 S=2607 [email protected] T="fw: Re: Prueba 6.49am" for [email protected]
2014-04-17 08:22:18 SMTP connection from enkompassmail1.ukdns.biz [95.215.224.12]:50997 closed by QUIT

 

[cPanelMichael]

To clarify, it's not that the RBL is failing, but you mean the IP addressed used for your RBL can not send emails to your server?

Thank you.

 

[albatroz]

The problem is that I CAN send mails to my server from an IP that is included in blacklist of RBL, without being blocked.

 

[cPanelMichael]

Please open a support ticket using the link in my signature so we can take a closer look. You can post the ticket number here so we can update this thread with the outcome.

Thank you.

 

[albatroz]

Please check this support ticket: 4821187

Please open a support ticket using the link in my signature so we can take a closer look. You can post the ticket number here so we can update this thread with the outcome.

Thank you.

 

[cPanelMichael]

To update, it was advised that a zone forwarder should be setup within /etc/named.conf in the "localhost_resolver" view forwarding all requests for the RBL to the appropriate server.

Thank you.

 

[albatroz]

I finally have my RBL working as expected and I am updating it using the ban list from one of my whm/cpanel servers
Now I am thinking on a way to make it public
and make some cash with it (why not)