Unified list of Blacklisted SMTP IP addresses

MikeDVB

Well-Known Member
PartnerNOC
Jun 4, 2008
218
3
68
Indiana, USA
The IPs blocked in Exim are just stored in a configuration file - nothing super special about that.

In essence it sounds like you want to start your own RBL - there are already quite a few purpose-built solutions out there for that already. Just as you're adding IPs to your block list - so are all of the RBLs on a 24/7/365 basis.
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,913
2,201
363
Hello :)

The IP addresses you block with this option are stored in the following file:

Code:
/etc/spammeripblocks
You could add entries from all servers to this file and add to it on each server every time you block a new IP address.

Thank you.
 

MikeDVB

Well-Known Member
PartnerNOC
Jun 4, 2008
218
3
68
Indiana, USA
One thing you can do - if you have the time and want to make the effort - is to report the messages that are spam to a service like SpamCop.

I can't say how well it will handle languages other than English - but you can ask them :).
 

albatroz

Well-Known Member
Mar 6, 2003
387
5
168
Virtual Orbis / Peru
cPanel Access Level
Root Administrator
Twitter
I finally managed to have my RBL/DNS blacklist working, but have the impression that Exim is not reading
the information from my DNS server. Could that be possible?

Hello :)

The IP addresses you block with this option are stored in the following file:

Code:
/etc/spammeripblocks
You could add entries from all servers to this file and add to it on each server every time you block a new IP address.

Thank you.
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,913
2,201
363
I finally managed to have my RBL/DNS blacklist working, but have the impression that Exim is not reading
the information from my DNS server. Could that be possible?
What method/steps have you used to enable it?

Thank you.
 

albatroz

Well-Known Member
Mar 6, 2003
387
5
168
Virtual Orbis / Peru
cPanel Access Level
Root Administrator
Twitter
The hostname of the RBL server is rbl.enlanube.pe,
so I added it on this screen
/https://www.dropbox.com/s/b0g032ucazssc99/Screenshot%202014-04-15%2014.05.19.png

and then enabled it on this other one
/https://www.dropbox.com/s/etu3kevp1rhpj9p/Screenshot%202014-04-15%2014.05.37.png

- - - Updated - - -

BTW,
You can use the following command to make test queries to the RBL

host 214.124.58.198.rbl.enlanube.pe
Host 214.124.58.198.rbl.enlanube.pe not found: 3(NXDOMAIN)
Mac-mini-de-Ale:~ ale$ host 214.124.58.198.rbl.enlanube.pe rbl.enlanube.pe
Using domain server:
Name: rbl.enlanube.pe
Address: 162.243.209.40#53
Aliases:

214.124.58.198.rbl.enlanube.pe has address 127.0.0.2
 

albatroz

Well-Known Member
Mar 6, 2003
387
5
168
Virtual Orbis / Peru
cPanel Access Level
Root Administrator
Twitter
I added the IP 95.215.224.12 to my custom blacklist to make some tests as you can see in the following lines

Code:
[email protected] [~]# host 12.224.215.95.rbl.enlanube.pe rbl.enlanube.pe
Using domain server:
Name: rbl.enlanube.pe
Address: 162.243.209.40#53
Aliases:

12.224.215.95.rbl.enlanube.pe has address 127.0.0.2


however when I send an email from that IP to my CPanel/Exim server it is blocked

Code:
[email protected] [~]# grep 95.215.224.12 /var/log/exim_mainlog
2014-04-17 08:22:18 1WalKb-0008ph-Vb <= [email protected] H=enkompassmail1.ukdns.biz [95.215.224.12]:50997 P=esmtps X=TLSv1:AES128-SHA:128 S=2607 [email protected] T="fw: Re: Prueba 6.49am" for [email protected]
2014-04-17 08:22:18 SMTP connection from enkompassmail1.ukdns.biz [95.215.224.12]:50997 closed by QUIT
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,913
2,201
363
To clarify, it's not that the RBL is failing, but you mean the IP addressed used for your RBL can not send emails to your server?

Thank you.
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,913
2,201
363
Please open a support ticket using the link in my signature so we can take a closer look. You can post the ticket number here so we can update this thread with the outcome.

Thank you.
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,913
2,201
363
To update, it was advised that a zone forwarder should be setup within /etc/named.conf in the "localhost_resolver" view forwarding all requests for the RBL to the appropriate server.

Thank you.