Re: [exim] Using local_host_blacklist

Etusivu
Poista viesti
Vastaa
Lähettäjä: Mike Brudenell
Päiväys:  
Vastaanottaja: Exim Users
Kopio: Amanda Giarla
Aihe: Re: [exim] Using local_host_blacklist
Hi, Amanda -

On 15 February 2016 at 19:55, Amanda Giarla <amandagiarla@???> wrote:

> First time I read through the piped output I was looking for the file name
> "local_host_blacklist"
> to see that it was read from AND it is not in the output at all.
>


By itself Exim won't know anything about a file called
"local_host_blacklist". Instead it will only check the contents of that
file if something in Exim's configuration file tells it to do so. That
something not only has to say the name of the file buy how to check it —
that is, how to search its content and what for, and how to interpret any
matching entry found.

It could be that your control panel has provided you with a template Exim
configuration file that includes directives to do this check. I don't know
anything about the VestaCP you've installed and are using so can't say.
Likewise, it looks like some packaged versions of Exim that come with
various Linux distributions might include this (optional) file, and by
implication directives in the template Exim configuration file to check
them — for example Debian Linux seems to include this feature
<http://pkg-exim4.alioth.debian.org/README/exim4-config_files.5.html#/etc/exim4/local_host_blacklist>
.

Of course, if…

- you've replaced its template Exim configuration file with your own
(rather than just tweaking the template), or
- have built Exim yourself from source rather than using a packaged
version

then its configuration file won't include the necessary directives to check
the contents of the file. (Here, although we use the Exim package provided
by Ubuntu we don't use their configuration files; instead we create and use
a single monolithic /etc/exim4/exim4.conf file ourselves and replace the
standard one provided.)

So first of all you'll need to track down the main Exim configuration file
and look through it, and any sub-files it includes within itself, to see if
the checks are there. Perhaps the easiest way is to use 'grep' to search
through the file(s) looking for the "local_host_blacklist" name of the data
file.

If it's not there then Exim is almost certainly not checking it: it doesn't
know the file exists! In which case let us know and we'll know a bit more
about your setup and how to advise further.


The output does not show any sign that the IP Address 64.142.111.80 was
> checked against
> the contents of file "local_host_blacklist".
>
> looking in the main config template located at
> /etc/exim4/exim4.conf.template
> the only thing I see that might be related to local_host_blacklist
>
> acl_check_spammers:
>   accept  hosts            = +whitelist

>
>   drop    message        = Your host in blacklist on this server.
>             log_message   = Host in blacklist
>             hosts              = +spammers

>
> accept
>


The "+somename" construct is telling Exim to perform a check against a
named list of items defined elsewhere. In the two example lines above Exim
is being told to check the host against a named list called "whitelist"
and, later, another named list called "spammers". You can read more about
named lists in the *Domain, host, address, and local part lists
<http://www.exim.org/exim-html-current/doc/html/spec_html/ch-domain_host_address_and_local_part_lists.html>*
chapter of the Exim Specification.

If you look elsewhere in your Exim configuration you'll find where these
two named lists are created and have their values assigned. In the simplest
case the list of values can be a colon-separated list — for example:

hostlist whitelist = 127.0.0.1 : 10.0.0.0/8


When you want to use the list in a check you put a "+" before its name:

accept hosts = +whitelist


However often you don't want to store the values of the list within your
Exim configuration file, but in a separate data file. For this to work you
need to create the list in a different way, using one of Exim's search
operators to operate on the file (and include the name of the file!). For
example, assuming I get this right without testing it, this will perform a
linear search of a text file called "/etc/exim4/spammer_blacklisted_ips"

hostlist spammer_ips = lsearch;/etc/exim4/spammer_blacklisted_ips


You'd then use it in the same way, by putting a "+" before the name of the
list to expand it…

drop message = Your server is blacklisted here
hosts               = +spammer_ips



So…


> HOWEVER having read Chapter 7 of the Exim Internet Mailer Chapter 7
> Am I suppose to add something like the following and place it in the
> /etc/exim4/exim4.conf.template file?
>
>   drop    message         = Your host in blacklist on this server.
>             log_message   = Host in blacklist
>             hosts               = +local_host_blacklist

>
> Sorry if I appear to be confused - this is a difficult puzzle to put
> together.
>


As you can see, the two parts work together: a directive somewhere that
creates the named list, and then one or more places where you use it. So
now, just adding "hosts = +local_host_blacklist" by itself won't work,
unless there's also a directive somewhere else that creates the named list
"local_host_blacklist".

But remember: all this magic might already be done for you if you're using
the Exim configuration file from certain packages/Linux distributions.

Cheers,
Mike B-)

--
Systems Administrator & Change Manager
IT Services, University of York, Heslington, York YO10 5DD, UK
Tel: +44-(0)1904-323811

Web: www.york.ac.uk/it-services
Disclaimer: www.york.ac.uk/docs/disclaimer/email.htm