[Exim] DNSBL - Local User Problem

Αρχική Σελίδα
Delete this message
Reply to this message
Συντάκτης: Lloyd F. Tennison
Ημερομηνία:  
Προς: exim-users
Αντικείμενο: [Exim] DNSBL - Local User Problem
--
[ Picked text/plain from multipart/alternative ]
Content-description: Mail message body

I am trying to use DNSBL to try and prevent some of the thousands
of pieces of SPAM I get a day. I have seen and tried many setups
- but the problem that I seem to have with all of them is that a user
on the system, that sends email from their home or home office -
gets refused because they are on a dynamic IP, i.e. DSL, or cable.
I really want the ability to dent dynamic IP's addressees - but not
from my authorized users.

The setup I like best comes from
http://www.talkroot.com/showthread.php?s=&threadid=160

and looks like this:

TESTED WITH VERSIONS
------------------------------------
WHM 8.5.1 cPanel 8.5.3-S3 Exim 4.24
RedHat 7.3 - WHM X v2.1.1
------------------------------------

----------------------
Creating lsearch files
*****************

Create three text files in the /etc directory:
/etc/rblblacklist
/etc/rblbypass
/etc/rblwhitelist

SAMPLE DATA
/etc/rblblacklist is a manual blacklist, it rejects specific
spammer hosts BEFORE they can send more email to your
server:
domain1.com
domain2.com
domain3.com

/etc/rblbypass bypasses RBL email testing for specific
destination (local) domains that don't want RBL filtering or
prefer SpamAssassin tagging:
domain1.com
domain2.com
domain3.com

/etc/rblwhitelist blocks RBL email testing for listed incoming
hosts, (wildcards allowed), in case an important client's
mailserver is listed on an RBL you use, also automatically
excludes relayhosts:
mail.domain1.com
*.domain2.com
*.domain3.com


-------------------------------
EXIM CONFIGURATION EDITOR
-------------------------------

If you use the WHM-based Exim Configuration Editor, all of
your modifications will be reproduced after each update. If you
edit exim.conf directly, cPanel updates MAY overwrite your
changes! Because of this, the following changes should be
entered using the Exim Configuration Editor.

------------------------
Setting up lsearch files
*******************

At the top of the editor, in the window below:
#!!# cPanel Exim 4 Config

Enter these lines:
domainlist rbl_blacklist = lsearch;/etc/rblblacklist
domainlist rbl_bypass = lsearch;/etc/rblbypass
hostlist rbl_whitelist = lsearch;/etc/relayhosts : partial-
lsearch;/etc/rblwhitelist

----------------------------
RBL entries in ACL Section
*********************

RBL selection depends on many factors, be sure to edit the list
below to reflect your priorities... Postmaster and abuse bypass
allows blocked users to contact admin.

In the center window of the ACL section, directly below the
line:
accept hosts = :

Enter these lines:
#**#
#**# RBL List Begin
#**#
#
# Always accept mail to postmaster & abuse for any local
domain
#
accept domains = +local_domains
local_parts = postmaster:abuse
#
# Check sending hosts against DNS black lists.
# Reject message if address listed in blacklist.
deny message = Message rejected because $sender_fullhost \
is blacklisted at $dnslist_domain see $dnslist_text
dnslists = dnsbl.njabl.org : \
bl.spamcop.net : \
blackholes.easynet.nl : \
dynablock.easynet.nl : \
proxies.blackholes.easynet.nl : \
sbl.spamhaus.org : \
list.dsbl.org : \
cbl.abuseat.org : \
relays.ordb.org
# RBL Bypass Local Domain List
!domains = +rbl_bypass
# RBL Whitelist incoming hosts
!hosts = +rbl_whitelist
#**#
#**# RBL List End
#**#


--------------------------------
RBL entries in ROUTERS Section
**************************

In the ROUTERS section window, directly below the line:
# in the "local_domains" setting above.

Enter these lines:
# Deny and send notice to list of rejected domains.
reject_domains:
driver = redirect
# RBL Blacklist incoming hosts
domains = +rbl_blacklist
allow_fail
data = :fail: Connection rejected: SPAM source $domain is
manually blacklisted.

I have changed the lists to cuurent ones, i.e. no more easynet,
use njabl.org instead.
Any thoughts on how to allow authorized users to "bypass"
the DNSBL checking?




Thanks.

Lloyd F. Tennison
lloyd_tennison@???

No trees were harmed in the transmission of this message.
However, a rather large number of electrons were temporarily
inconvenienced.

--