The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Unified list of Blacklisted SMTP IP addresses

Discussion in 'E-mail Discussions' started by albatroz, Nov 8, 2013.

  1. albatroz

    albatroz Well-Known Member

    Joined:
    Mar 6, 2003
    Messages:
    258
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Virtual Orbis / Peru
    cPanel Access Level:
    Root Administrator
    I use this WHM/exim option to block lots of IP addresses that RBL lists don´t block,
    so I was wondering if there is a way to have a merged list that could be shared among
    all my WHM/CPanel servers.

    I am currently using WHM/CPanel version 11.38.2 (build 6)
     
  2. MikeDVB

    MikeDVB Well-Known Member
    PartnerNOC

    Joined:
    Jun 4, 2008
    Messages:
    212
    Likes Received:
    3
    Trophy Points:
    18
    Location:
    Indiana, USA
    The IPs blocked in Exim are just stored in a configuration file - nothing super special about that.

    In essence it sounds like you want to start your own RBL - there are already quite a few purpose-built solutions out there for that already. Just as you're adding IPs to your block list - so are all of the RBLs on a 24/7/365 basis.
     
  3. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,723
    Likes Received:
    660
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello :)

    The IP addresses you block with this option are stored in the following file:

    Code:
    /etc/spammeripblocks
    You could add entries from all servers to this file and add to it on each server every time you block a new IP address.

    Thank you.
     
  4. albatroz

    albatroz Well-Known Member

    Joined:
    Mar 6, 2003
    Messages:
    258
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Virtual Orbis / Peru
    cPanel Access Level:
    Root Administrator
    Yes, it seems that I will start my own RBL for local spammers (peruvian spam written in spanish).
    I am looking for a solution like this one....
    DNS Blacklist Editor
     
  5. MikeDVB

    MikeDVB Well-Known Member
    PartnerNOC

    Joined:
    Jun 4, 2008
    Messages:
    212
    Likes Received:
    3
    Trophy Points:
    18
    Location:
    Indiana, USA
    One thing you can do - if you have the time and want to make the effort - is to report the messages that are spam to a service like SpamCop.

    I can't say how well it will handle languages other than English - but you can ask them :).
     
  6. albatroz

    albatroz Well-Known Member

    Joined:
    Mar 6, 2003
    Messages:
    258
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Virtual Orbis / Peru
    cPanel Access Level:
    Root Administrator
  7. albatroz

    albatroz Well-Known Member

    Joined:
    Mar 6, 2003
    Messages:
    258
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Virtual Orbis / Peru
    cPanel Access Level:
    Root Administrator
    I finally managed to have my RBL/DNS blacklist working, but have the impression that Exim is not reading
    the information from my DNS server. Could that be possible?

     
  8. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,723
    Likes Received:
    660
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    What method/steps have you used to enable it?

    Thank you.
     
  9. albatroz

    albatroz Well-Known Member

    Joined:
    Mar 6, 2003
    Messages:
    258
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Virtual Orbis / Peru
    cPanel Access Level:
    Root Administrator
    The hostname of the RBL server is rbl.enlanube.pe,
    so I added it on this screen
    /https://www.dropbox.com/s/b0g032ucazssc99/Screenshot%202014-04-15%2014.05.19.png

    and then enabled it on this other one
    /https://www.dropbox.com/s/etu3kevp1rhpj9p/Screenshot%202014-04-15%2014.05.37.png

    - - - Updated - - -

    BTW,
    You can use the following command to make test queries to the RBL

    host 214.124.58.198.rbl.enlanube.pe
    Host 214.124.58.198.rbl.enlanube.pe not found: 3(NXDOMAIN)
    Mac-mini-de-Ale:~ ale$ host 214.124.58.198.rbl.enlanube.pe rbl.enlanube.pe
    Using domain server:
    Name: rbl.enlanube.pe
    Address: 162.243.209.40#53
    Aliases:

    214.124.58.198.rbl.enlanube.pe has address 127.0.0.2
     
  10. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,723
    Likes Received:
    660
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Is there a reason you feel that Exim is not utilizing this custom RBL?

    Thank you.
     
  11. albatroz

    albatroz Well-Known Member

    Joined:
    Mar 6, 2003
    Messages:
    258
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Virtual Orbis / Peru
    cPanel Access Level:
    Root Administrator
    I added the IP 95.215.224.12 to my custom blacklist to make some tests as you can see in the following lines

    Code:
    root@s3 [~]# host 12.224.215.95.rbl.enlanube.pe rbl.enlanube.pe
    Using domain server:
    Name: rbl.enlanube.pe
    Address: 162.243.209.40#53
    Aliases:
    
    12.224.215.95.rbl.enlanube.pe has address 127.0.0.2


    however when I send an email from that IP to my CPanel/Exim server it is blocked

    Code:
    root@s3 [~]# grep 95.215.224.12 /var/log/exim_mainlog
    2014-04-17 08:22:18 1WalKb-0008ph-Vb <= prueba@roxfarmaperu.com H=enkompassmail1.ukdns.biz [95.215.224.12]:50997 P=esmtps X=TLSv1:AES128-SHA:128 S=2607 id=3826587a$616e23c8$38beaba4$@roxfarmaperu.com T="fw: Re: Prueba 6.49am" for prueba@avances.vo.pe
    2014-04-17 08:22:18 SMTP connection from enkompassmail1.ukdns.biz [95.215.224.12]:50997 closed by QUIT
     
  12. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,723
    Likes Received:
    660
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    To clarify, it's not that the RBL is failing, but you mean the IP addressed used for your RBL can not send emails to your server?

    Thank you.
     
  13. albatroz

    albatroz Well-Known Member

    Joined:
    Mar 6, 2003
    Messages:
    258
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Virtual Orbis / Peru
    cPanel Access Level:
    Root Administrator
    The problem is that I CAN send mails to my server from an IP that is included in blacklist of RBL, without being blocked.
     
    #13 albatroz, Apr 17, 2014
    Last edited: Apr 17, 2014
  14. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,723
    Likes Received:
    660
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Please open a support ticket using the link in my signature so we can take a closer look. You can post the ticket number here so we can update this thread with the outcome.

    Thank you.
     
  15. albatroz

    albatroz Well-Known Member

    Joined:
    Mar 6, 2003
    Messages:
    258
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Virtual Orbis / Peru
    cPanel Access Level:
    Root Administrator
    Please check this support ticket: 4821187

     
  16. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,723
    Likes Received:
    660
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    To update, it was advised that a zone forwarder should be setup within /etc/named.conf in the "localhost_resolver" view forwarding all requests for the RBL to the appropriate server.

    Thank you.
     
  17. albatroz

    albatroz Well-Known Member

    Joined:
    Mar 6, 2003
    Messages:
    258
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Virtual Orbis / Peru
    cPanel Access Level:
    Root Administrator
    I finally have my RBL working as expected and I am updating it using the ban list from one of my whm/cpanel servers :)
    Now I am thinking on a way to make it public :)
    and make some cash with it (why not)
     
Loading...

Share This Page