EDIT 26 December 2006:

SpamBlocker3 is going into Beta Testing today. It optionally includes ClamAV, for those who've wanted Anti-Virus built into DA.

In order to help us support SpamBlocker as we move forward we've created several new sub-forums; be sure to check out the complete list here (http://www.directadmin.com/forum/forumdisplay.php?s=&forumid=53).

Note that there are both forums and threads on that page, including this thread, which I've moved into the new subforums today.


EDIT 29 Oct 2004:

The second free DA version of SpamBlocker has just been released as Version "RSS-1.2da".

The modifications, (taken from the modifications log) are:

RSS-1.2da 29-Oct-2004

Modified to change use of sbl.spamhaus.org list to use of sbl-xbl.spamhaus.org list.

Modified to add bad_sender_hosts check; see modification instructions.

I highly recommend the update, as it allows you to block by IP# or by hostname in addition to by "From" address.

But it's NOT currently included in DirectAdmin.

Should you decide to use it you MUST make all the modifications you made to the original file, so that anyone who get's a false positive bounce will be able to visit your website to be unblocked.

In addition, you'll also need to add a new file at /etc/virtual/bad_sender_hosts, to be populated by the IP#s and hostnames you want blocked.

End of edits.

I've just released the Free DA version of SpamBlocker.

John and Mark have indicated that they may include it in a future version of DA, and I've given that my blessing.

The advantage of having it included in DA would be that DA would control the contents of the added files.

But you can certainly use it as-is; I do. The file is at:

http://www.nobaloney.net/downloads/spamblocker/DirectAdmin/

and is well documented. Be sure to read the documentation completely before using it to replace /etc/exim.conf on your system, and be sure to keep a copy of your original exim.conf file in the event you'll need to revert.

It does require some well documented file additions to /etc/virtual/ but it should be quite easy to install into your DirectAdmin server.

The license under which exim.conf.spamblocked is released may be found at:

http://www.nobaloney.net/downloads/gnu-gpl-v2.txt

Please post to let me know about your experience with it.

Thanks.

Jeff

Thanks Jeff, I will test it out~ :)

I have just read your "README" at the top of the conf, it seems a little bit complicated..
:p

It's really quite simple.

Please ask me any questions you might have.

Here is okay for now; when I release the generic exim version (for exim but not DA) I'll probably start my own forum for it.

Maybe you can write simplified instructions once you understand it.

Jeff

:)

Cheers!

What do you think of using SpamAssassin in to block as opposed to just mark?

What I really want to do is block spam at rcpt time (sorry if you're not very familiar with smtp and/or exim language) for listing in various blocklists (which is what the exim.conf.spamblocked file I released last night does) AND at data time for certain scores in spamassassin.

It would require that you use exim with exiscan, but Chris has already done a good job of enabling that, and I'd be building on the work he's done with more custom exim.conf files.

What do you think about that?

SpamAssassin currently (by default) marks as spam, anything that scores 5.0 or above. What score do you think we should use to block?

Thanks for any input, to help make this a better project.

Jeff

Sorry I still have no time to squeeze for testing it.. :p

I will try my best to have it tested, and give you some feedback!


SpamAssassin can detect spam quite successfully, but it's not too flexible for customization. For example, till now there is no clear guide to control the way of spamassassin does. At least I have googled for half an hour and can't find one suitable..


Comparing with the blocklist can still have a hole, they can send the email with fake address like bob@somewhereelse.com, which is hard to catch.


5.0 is not a bad idea, if it is really a spam message, it is caught by a high score. If it's a *SMART* spam, score 1.0 may still unable to catch it.

:)

Well, I created the necessary files in /etc/virtual, changed the @example.com addresses, dropped in the exim.conf and restarted exim. Now, when trying to send a test message to a domain on that server I get the following:

This message was created automatically by mail delivery software.

A message that you sent could not be delivered to one or more of its
recipients. This is a permanent error. The following address(es) failed:

tweedle@dum.com
local delivery failed

The following text was generated during the delivery attempt:

------ tweedle@dum.com ------

An error was detected while processing a file of BSMTP input.
The error message was:

421 Lost incoming connection

The SMTP transaction started in line 0.
The error was detected in line 3.
0 previous messages were successfully processed.
The rest of the batch was abandoned.
421 Lost incoming connection
Transaction started in line 0
Error detected in line 3
_________________________
Any ideas? After replacing with original default config file it works fine.


SOLUTION: Since I am not running Spam Assassin, it was necessry to comment out the Spam Assassin portion of the DIRECTORS CONFIGURATION. All works fine now with the spamblocked exim.conf file.

What OS? You're using Exim 4.24, as I am, and the file works successfully for me.

Are you sure you didn't accidentally change anything else? (use a "diff" to see)

If you edited it on a Windows system did you remember to ftp it back to the server as ascii?

Did you find any log output referring to that email?

I don't have time to do anything tonight, but I'm willing to check on your server if you're willing to let me.

Let me know by email if you'd like me to test this for you.

Jeff

Thanks for your reply! It seems to be a BSMTP and Spam Assassin error when spamc is not running :)

Great job on this! I'm running FreeBSD 4.9, DA Exim 4.24.
I've been examining logs since yesterday evening and I don't think a piece of spam has made it through.

I made 2 changes to the config and life is now happy:

1. Comment out Spam Assassin in the Directors Configuration. Since I'm not running Spam Assassin, the error in my post above was being generated.

2. Comment out: Require sender_verify. While I would like to believe that all mailserver/dns admins do things properly, I know from experience, they don't. This line was causing fits with outsourced domain mail and I didn't want to immediately start trying to whitelist everything. I'm gonna try to work to build a starting whitelist and turn it back on.

Thanks for bringing to my attention that I didn't make a great enough deal of it using SpamAssassin as set up by DirectAdmin.

I'll change the included documentation to show that.

Jeff

Jeff,

The install went great, worked like a charm. Thanks for the hard work. The amount of work that you put in was apparent.

I do have a question about it. I have been having a problem with people using my server to send spam, will this conf file filter outgoing mail as well as incoming?

Thanks again for all that you have done.

I can send/receive mail fine but my headers only show the following:

Received: from mail by santacruz.i2iwebsolutions.com with spam-scanned (Exim 4.24)
id 1BSeYc-000LFX-EP

I am using Freebsd 4.9 with spamassasin. Is this header above normal?

Thanks for releasing this... but I was wondering, what advantage does it have over SpamAssassin etc?

Thanks,
Matt :)

yes, want to know too

and, how does this work? Does it check validity of email adresses from blacklists at bl.spamcop.net, dnsbl.njabl.org, etc and then either let it pass or not pass?

This exim.conf file will reject mail coming from known spam servers as verified against the blacklists you see in the file. It does this before continuing on with delivery and finally sending it over to SpamAssassin for message scanning.

The advantage: SpamAssassin uses system resources to complete it's tasks. SpamAssassin only gives a "SpamRating" and sends the message on to the recipient (unless you have something else installed to reject/sort/etc.)

This config file rejects a massive amount of Spam (according to my log files) with no (as far as I can tell) false positives. Anything that gets through the blacklists is then sent on to SpamAssassin.

SpamAssassin doesn't work so hard and user mailboxes aren't full of messages marked as ***SPAM***.

i2iweb: That's how my header looked after I installed SpamAssassin from the DA scripts folder. In order to get the SpamAssassin headers, spamd needs to run, I think. I got it all working by:

1. Add: spamd_enable="YES" to /etc/rc.conf

2. Add: spamd.sh file to /usr/local/etc/rc.d folder and chmod file to 744. Mine looks like this:

#!/bin/sh
#
# Startup / shutdown script for SpamAssassin daemon

case "$1" in
start)
/usr/local/bin/spamd -a -d -r /var/run/spamd.pid && echo -n ' spamd'
;;

stop)
/bin/kill `cat /var/run/spamd.pid` > /dev/null 2>&1 && echo -n ' spamd'
;;

*)
echo "Usage: `basename $0` {start|stop}" >&2
;;
esac

exit 0

3. search the /etc/exim.conf for spamc. Replace this:

/usr/bin/spamc

to

/usr/local/bin/spamc

4. I rebooted my server because of the changes to rc.conf :)

do i need spamassassin for this script to work? i thought it was either spamassasin or this script?

This config is set-up by default to work in conjunction with SpamAssassin. If you wish to use just the blacklists in this exim.conf and not use SpamAssassin, you will need to comment out these lines in this exim.conf. You'll find them under the "Directors Configuration" section. Just put the # sign in front of each line as below:

# Spam Assassin
# spamcheck_director:
# driver = accept
# condition = "${if and { {!def:h_X-Spam-Flag:} {!eq {$received_protocol}{spam-scanned}} {!eq {$received_protocol}{local}} } {1}{
0}}"
# retry_use_local_part
# transport = spamcheck
# no_verify

Thanks for the info LyricTung...

I had a client that was literally receiving hundreds of spam per day that he had to download over a dialup connection to weed out the good from the bad emails and this solution here has made it sooo much easier for him now not to mention for me too.

Thanks,

Kevin

Originally posted by jlasman
I
John and Mark have indicated that they may include it in a future version of DA, and I've given that my blessing.

The advantage of having it included in DA would be that DA would control the contents of the added files.


If it is included in a future release of DA I hope there will be an option to switch it off.

Originally posted by i2iweb
I had a client that was literally receiving hundreds of spam per day that he had to download over a dialup connection to weed out the good from the bad emails and this solution here has made it sooo much easier for him now not to mention for me too.
In fact, the reason we began work on SpamFilter was because one of our important clients started using a Blackberry for remote email. We've saved him hundreds of spam downloads a day.

Jeff

Originally posted by blacknight
If it is included in a future release of DA I hope there will be an option to switch it off.
When installed, SpamBlocker, by default, is turned off for all domains. You have to turn it on for it to work.

I'd expect that DA would set it up the same way.

Jeff

Originally posted by dr2web
The install went great, worked like a charm. Thanks for the hard work. The amount of work that you put in was apparent.
Thanks <blush>.
I do have a question about it. I have been having a problem with people using my server to send spam, will this conf file filter outgoing mail as well as incoming?
SpamBlocker blocks email from servers in blocklists. You don't want your server in blocklists.

You'll have to use some other method to keep people from spamming through your server.

One idea is to not allow anyone to use your server to send mail. That's actually not a bad idea.

Another is to not rent webspace or email only accounts to spammers. That's perhaps a bit tougher, but definitely worth doing.

Jeff

Originally posted by thoroughfare
Thanks for releasing this... but I was wondering, what advantage does it have over SpamAssassin etc?
I think this has already been well answered, but to make it "official" :) :

SpamBlocker blocks email from known spamming IP#s before it gets to your server. Saves a lot of bandwidth.

Saves a lot of machine cycles as SpamAssassin doesn't have to check email it doesn't get :) .

Saves a lot of download data transfer from your DA server to your clients' desktop systems.

Jeff

Originally posted by sander815
and, how does this work? Does it check validity of email adresses from blacklists at bl.spamcop.net, dnsbl.njabl.org, etc and then either let it pass or not pass?
Yes, SpamBlocker uses block lists. You can look at the source code to see the block lists it uses.

Jeff

Absolutely wonderful code here! This has cut my spam down from 50-100 mails a day (yeah, that many) to maybe 1-2.

I've included a modification that will work with mailscanner, as well as regular exim. In addition, I included an example spam.php , as seen @ http://www.linux-tech.net/spam.php (image included). Simple I know, but hopefully it helps.

Great job, keep up the good work!

This config file let's spammers use the smtp server as a relay without authentication. Just to let you know.

I have commented out and added the following line so users have to authenticate when they want to send it thru the server.

#hostlist relay_hosts = net-lsearch;/etc/virtual/pophosts : 127.0.0.1

hostlist relay_hosts = 127.0.0.1

Further no complaints here it works like charm!

Originally posted by rhoekman
This config file let's spammers use the smtp server as a relay without authentication. Just to let you know.

I have commented out and added the following line so users have to authenticate when they want to send it thru the server.

#hostlist relay_hosts = net-lsearch;/etc/virtual/pophosts : 127.0.0.1

hostlist relay_hosts = 127.0.0.1

Further no complaints here it works like charm!

I'm a lil confused by this. The line you commented out seems to only allow those who have accomplished popb4smtp auth and localhost. The line you added would allow SMTP from localhost only (no authenticated net connections.) I see no open relay with the original code. Am I missing something?

I was able to send email without authentication, no popb4smtp auth enabled. Try to disable popb4smtp and sent something via smtp on the server. Let me know so we can verify this, thanks!

Originally posted by rhoekman
I was able to send email without authentication, no popb4smtp auth enabled. Try to disable popb4smtp and sent something via smtp on the server. Let me know so we can verify this, thanks!

I disabled auth of any kind in my mail client.
I copied /dev/null to /etc/virtual/pophosts to make sure it was empty.
I tried to send mail through the server.

/var/log/exim/exim_mainlog:

2004-06-02 13:55:41 H=bear.dum.net [208.XXX.XX.15] F=<ddancers@dum.com> rejected RCPT <lyric@dum.net>: authentication required
2004-06-02 13:55:41 H=bear.dum.net [208.XXX.XX.15] incomplete transaction (RSET) from <ddancers@dum.com>

I'm guessing that your IP was listed in /etc/virtual/pophosts when you tested it. I think the default time your IP remains permitted to relay is 30 minutes.

I'll look into this.. Some of my clients could use it without authentication and relay tests showed it was getting thru. Odd..

Ok, you are right.. It is not relaying by default. I tested relaying from another pc while my laptop was still pulling email from the server. So the IP of the router was in pophosts. My bad.

Originally posted by twhiting9275
Absolutely wonderful code here! This has cut my spam down from 50-100 mails a day (yeah, that many) to maybe 1-2.
Glad to hear it; we block over 10,000 spams daily with SpamBlocker.
I've included a modification that will work with mailscanner, as well as regular exim.
I'll take a look at your modification. May I merge it into the "official" tree?

I've planned on adding mailscanner and virus checking, but I've been very busy.

Jeff

Go for it, I technically didn't add much other than what was added to the config files the first time, but it seems to work for me ;)

if i use this exim.conf, without any domains on the /etc/virtual/use_rbl_domains list, does it work the same way as the original exim.conf?

The only way to get someone to use the extra "features" of this configuration is to put them in that list, so yeah, I'd say it does.

Well, perhaps not quite, but almost exactly the same.

We do some checking a bit differently than DA does.

You can certainly compare our file against the DA default file. We've documented everything fully.

Jeff

i got it running
if i want some server on the whitelist, is it enough to have its domain?
or do i need the ipadress or full server name only?

f.i. g69119.upc-g.chello.nl ? it got blocked, but that mail should not be blocked

does exim need a restart when i add domians/ips or when i add a domain to use_rbl_domains?

Originally posted by sander815
f.i. g69119.upc-g.chello.nl ? it got blocked, but that mail should not be blocked
We always put in the fqdn (fully qualified domain name) of the server we want to whitelist.
does exim need a restart when i add domians/ips or when i add a domain to use_rbl_domains?
Nope. The only time you need to restart exim is when you make a change to exim.conf (or for example, when you install the new exim.conf).

Jeff

Just wondering something...when Spam is recieved does't the mailer get a responce?

Screw-them can't get your mail to me o well. I think for most people it would be better to not respond and let the bot know they your address is real?

Just wondering if I understand this properly...

Spamblocker refuses email with a message that should go back to the sender, if the sender's outging MTA follows the rules.

Jeff

Why...? Not not just lead it drop? Do you really want to let everyone know that is a valid address? I don't understand the specifics of how you are doing it. Will it send that to *any* including address that don't exist?

I could just see more mail being send to people's servers and if or when they move their website then they are screwed now that it is a published valid address.

Just wondering your thoughts?

Originally posted by existenz
Why...? Not not just lead it drop?
Because dropping email is evil. It's also against the RFCs.
Do you really want to let everyone know that is a valid address?
It doesn't let everyone know it's a valid address; it refuses to accept the email with a permanent error and directs senders to a website where they can learn how to be whitelisted.

Spammers don't see the error message; their servers have been modified to never notice errors if they weren't they'd never be able to send any quantity of spam, as error messages stop the transmission.

If some spammer did see the error message s/he wouldn't bother to follow an html link to learn how to unblock his/her address; it's just not worth it to the her/him for a one time email delivery when s/he's got tens of millions of other addresses.
I don't understand the specifics of how you are doing it. Will it send that to *any* including address that don't exist?
It doesn't send anything anywhere. A spammer tries to connect to our server to send spam; we notice it's IP# is listed as a spammer, so we politely refuse to accept the email and close the connection.
I could just see more mail being send to people's servers and if or when they move their website then they are screwed now that it is a published valid address.
If you could explain what you mean, I could address your point. As of now, I don't understand it, and I can't address what I can't understand.

Note that you can always modify SpamBlocker to do whatever you want, or just not use it if you believe it won't help you on your server.

However it was developed with the help of many important members of the anti-spam community and follows RFCs as well. It successfully blocks over ten thousand spams from jsut one of our reference servers every day.

Jeff

What I am not following is what address does a user get a email from? If you could specify the address that would be perfect.

Most spammers have intelligent servers that harvest repleys from sent address. If the address returned is one they sent to they validate the address as real.

The last part is if we assume that the above is happening and the address is not generic then the problem to users is once they move to a server without features like this they could be flooded with Spam.

I am not saying SpamBlocker is bad I just disagree with a bounce message from me. That is as bad as people who leave up vacation messages and are flooded with mail.

As as far as the RFC's are concerned we don't allow domain literals :-) We both know you can't follow the RFC's 100% right now till new ones are released to deal with the spam epidemic.

Originally posted by existenz
What I am not following is what address does a user get a email from?
You've still got me completely lost.

A user gets email from whomever sends it to him. In the case of spam the sender address is usually not valid and is not worth considering.
If you could specify the address that would be perfect.
How could I specify an address someone sends me mail from? I have no idea how I could begin to specify an address for a spammer to use when sending me email.

Or do you mean create a blacklist system so the whole world is forbidden, and then a whitelist system so that I could only get mail from someone if they've registered their address with me?

If the latter, then how would I know who to put in the whitelist? This is doable, and there are already some commercial services doing this; it's called challenge/response, and I'll never write it or support it except as a custom project, because I find it too restrictive and I'll never use it.
Most spammers have intelligent servers that harvest repleys from sent address. If the address returned is one they sent to they validate the address as real.
How would the spammer get an "address returned" as you put it, unless you answer their spam? Do you mean the spammer would get an address from a deliver error (which is what a block message really is)? I've already explained why spammers don't read delivery errors; it's in their interest to ignore delivery errors and focus on the email they don't get delivery errors for.
The last part is if we assume that the above is happening
What above is happening? You're writing back to the spammer? I don't see how else he's going to get what you call an "address returned". Or do you really believe that spammers take the time to harvest addresses from delivery errors? If so, then what leads you to believe that, since all it would do is give spammers a list of addresses that are known to be no good?
and the address is not generic
What's your definition of a generic address? I have no idea what you mean.
then the problem to users is once they move to a server without features like this they could be flooded with Spam.
I'd be a bit more forceful than you; I'd say anyone who has a domain hosted somewhere without SpamBlocking will be flooded with spam, which will have to be handled in some way either automatically or manually.
I am not saying SpamBlocker is bad I just disagree with a bounce message from me.
Then don't use SpamBlocker.

Or rewrite it to drop rather than reject.

However if you drop email based on inclusion in spam block lists then you will see some repurcussions, sooner or later:

1) you may drop some legitimate email without warning

2) if you ever need to post for help to any anti-spam lists you won't get much until you become RFC-compliant.

3) you will continue to receive email from the few spammers who would otherwise drop you once they get a certain number of bounces (some spammers do drop; most don't).
That is as bad as people who leave up vacation messages and are flooded with mail.
I have no idea what you mean by this either.
As as far as the RFC's are concerned we don't allow domain literals :-)
Actually a good many of us do, especially for postmaster accounts.
We both know you can't follow the RFC's 100% right now till new ones are released to deal with the spam epidemic.
Do what you want.

Something tells me you will.

Something tells me you will continue to tell people who don't understand the ramifications of doing it your way, to do it your way, because you think it's the best way, and the fact that the concensus of the internet is that you're wrong just doesn't matter to you.

That's fine. Drop anything you want. Tell anyone else to drop anything you want.

Jeff

I don't think we are on the same page! Bottom line lets say you email me and you are rejected, what address do that email come from?

If I email you, and you reject me using the default installation of SpamBlocker I'll get a message from my mailserver telling me it couldn't deliver the message because your mailserver refused the message.

If my mailserver is properly configured (mine is) it will also tell me the error message your server told it, when it refused to accept the message.

Spamblocker is configured to send a message telling me to go to a website to be unblocked.

Spammers configure their mailservers so they won't get delivery errors; since they get thousands of them an hour they just ignore them.

Jeff

is this conf now included in DA 1.222?

If this is released as part of the default DA install, can we disable it, or use it on a per-user basis? I already have MailScanner running quite nicely and some customers have expressed concerns over blocking emails according to blacklists rather than content, and I agree with them to some extent. I'd like to at least give them the choice.

Matt

I haven't seen the DA version yet, though I'd bet they implemented it much as I did:

In my implementation no domain will have it's email blocked by blocklists unless it's listed in the file /etc/virtual/use_rbl_domains.

Jeff

Hi
I want to add a whole /14 ip block to whitelist_from file.
for example I want to unblock for any senders from
122.122.0.0 to 122.125.255.255 ip adresses. will adding 122.122.0.0/14 directly work? or do I have to add all these 262.000 ip addresses line by line ? :)

what are the correct whitelist_from expressions? only 1 line for 1 ip or allows me some kind of wildcards for ip addresses such as 122.122.*.* ?

whitelist_from is a standard exim.conf [i]domainlist[/] file and the entries therein must follow the specifications for such lists.

Check here (http://www.exim.org/exim-html-4.30/doc/html/spec_10.html#SECT10.7) for complete information on exim domain lists.

Or to be just a bit simplistic, they must be domain names, not IP#s.

You can block IP# access to port 25 using your firewall.

Jeff

Should we donate $$ so that those blocker projects stay alive?

Speaking for me and for SpamBlocker, it will definitely stay alive.

Of course a new car would be nice ;) .

Jeff

So where's the donate button? :)

Sounds as if you're serious :) .

I suppose you could find my main website (info in my sig), find the Payments link, and then click on the PayPal button, but only if you really are serious; I don't require donations to continue doing what I do.

Note if you do that we accept PayPal payments under the name EZInternetUSA, since PayPal limits us to one business account for all our services.

I just spoke to PayPal, and I can set up a personal account, in addition to my business account, but it can only get PayPal balance or checking account.

Should I set that up as well? What do others do when put in the position of getting donations?

Do they take it at their standard PayPal account, or do they create a new personal account where they can't accept Credit Card payments?

Or do they use some other provider?

Thanks for the thought :) .

Jeff

I went to your Paypal page, but it was asking for a " Payment on Account" amount, so I figured it would be better to get your opinion on this.

If those blockers are personal projects, I don't see why you wouldn't be able to setup personal accounts. Better check with your company ;)

Hi, Olivier.

I am nobaloney.net, so a Payment on Account to nobaloney.net / EZ Internet USA will come to me :) , and the description of "donation" or anything else would be fine.

Jeff

Make sure you add your Paypal email to your posts about GPL apps ;)

What do you think if I set up a PayPal personal account; that way people will only be able to donate by echeck or by PayPal balance, but at least it will be separate.

PayPal only allows you to have one account for either Business or Premier, and I already have the business account.

So what do you think?

Thanks.

Jeff

paypal@nobaloney.net worked for me. I think you should just create a donate button that uses that address.

Thanks, Olivier. I'll do it but it'll probably have a slightly different address; I can have multiple addresses with PayPal.

Jeff

Which modifications were made in exim.conf for Spamblocker? I am trying to figure out what was there before since my Directadmin install came with Spamblocker.

I want to use Spamassassin instead and tag all spam so as to give the end email user complete control over what is filtered.

Matthew

Did you install my SpamBlocker file found at "http://www.nobaloney.net/exim/" or some other file, perhaps installed with your DA installation.

Our most recent DA installation was a few days ago, and it did NOT include the SpamBlocker exim.conf file, so I'm not sure what you mean by "my Directadmin install came with Spamblocker".

My SpamBlocker exim.conf file does not block anything by default, and it does have the calls to the standard DA installation of SpamAssassin built into it by default as well, so SpamAssassin should work out of the box.

Jeff

hci, you have to download a separate exim pack to get it.

Then, there is an excellent how to that helps you add antivirus scanning to this setup.

Also, don't forget to add domain names with which you want to use RBLs to the special rbl file.

http://files.directadmin.com/services/8.0/da_exim-4.34-1.i386.rpm

the new exim 4.34 rpm contains spamblocker modifications already.
It's not mentioned anywhere in forum but I think john released it silently :)

just upgrade with rpm -Uvh

ps: this rpm is not creating the necesarry files in /etc/virtual folder you have create them and chown + chmod'em :)

Originally posted by hci
Which modifications were made in exim.conf for Spamblocker? I am trying to figure out what was there before since my Directadmin install came with Spamblocker.
Because I haven't yet installed the new exim update from DA I don't know the contents of their exim.conf file.

Can you please send me a copy, to my email address (below in my sig)? That will help me answer your question.
I want to use Spamassassin instead and tag all spam so as to give the end email user complete control over what is filtered.
My original SpamBlocker exim.conf file automatically had SpamAssassin turned on and SpamBlocker turned off, but I don't know if the DA folk implemented it that way or not. So please send me a copy so I can help you.

Jeff

How about instead of blocking the SPAM mark it all as low priority. Outlook Express can filter based on priority. Hopefully most users that don't want SPAM filtering at all won't be too annoyed by a simple change of priority.

I think Razor and DCC+ are critical for effective SPAM filtering as well. They filter based on signature like a virus scanner.

Matthew

RBLS have two actions available to them:
warn and block
warn would allow the spam through, but it's not wise to allow an entire rbl such as spamcop through with a simple warning.

In the past few weeks that this thing has been in effect on my server, it's dropped more than 8000 messages that would have been spam, undoubtedly. This saves me the time of having to address each and every one of those, and as we all know time = $ .

Adjusting something's priority really shouldn't be done unless absolutely necessary. When ISP's learn to stop spammers, then they'll have no issue with the RBL's, and we'll be in a far better place as far as the internet is concerned.

Total domains on server: 546
Total mail addressess on server:2214

Total rejected spam mails for the period of 2004-07-04 04:02:30 till 2004-07-11 04:02:09 / 1 week total: 178.214

It's working :)

Originally posted by hci
How about instead of blocking the SPAM mark it all as low priority. Outlook Express can filter based on priority. Hopefully most users that don't want SPAM filtering at all won't be too annoyed by a simple change of priority.
I don't believe in filtering spam at all.

For several reasons.

Among others:

1) It doesn't work. It just ups the ante; the filter guys create a new filter, the spammers a new way around it. It's a never ending battle. Lately I've seen spam that can make it through any filter at all (and in fact does. It consists of a page from a book [any book] as text in the text part of the message, and in the html message a simple html page that calls up the actual spam over the Internet. It's going to be hard to filter that out.

2) It keeps the cost of spam squarely on the recipient's shoulders, where it doesn't belong.

You, of course, may feel differently, and you can certainly do all the filtering you want.

For example, we offer on our boxes (and the new exim.conf file we've donated to the community does as well) both SpamBlocker and SpamAssassin, so our domain owners can take their choice of what they want on their servers.
I think Razor and DCC+ are critical for effective SPAM filtering as well. They filter based on signature like a virus scanner.
Then go ahead and use them :) .

Jeff

Originally posted by twhiting9275
RBLS have two actions available to them:
warn and block
Actually, as most RBL operators tell you on their home pages, RBLs do nothing at all, except list domains that some people think host spam.

What we do with the RBL lists is entirely up to us. And I choose to block :) . Because I don't want to pay for the spam.

Jeff

Wow! This looks really good. One question though, how will using this fille affect the prefrences set up in DA itself?

For example, in DA you can block certain e-mail addressess, certain words, etc. Will this still function correctly when used in conjunction with SpamBlocker?

I also can't see any virus filtering in the file. Is this something you will be adding in the future?

Originally posted by nickc
Wow! This looks really good.
Thanks. DA staff seems to think so as well; they tell me they'll be adding it to a future DA release.
One question though, how will using this fille affect the prefrences set up in DA itself?

For example, in DA you can block certain e-mail addressess, certain words, etc. Will this still function correctly when used in conjunction with SpamBlocker?
In a word, yes.

However DA cannot whitelist SpamBlocker; please read the SpamBlocker exim.conf file carefully; it's well documented.

SpamBlocker is turned off for every domain by default. You can turn it on or off on a per domain basis. You can blacklist domains (blacklisting them here is much more efficient than through any other method) and you can whitelist mailservers.
I also can't see any virus filtering in the file. Is this something you will be adding in the future?
Yes, see this thread (http://www.directadmin.com/forum/showthread.php?s=&threadid=3155).

Jeff

Originally posted by sHuKKo
Total domains on server: 546
Total mail addressess on server:2214

Total rejected spam mails for the period of 2004-07-04 04:02:30 till 2004-07-11 04:02:09 / 1 week total: 178.214

It's working :)


how do you get these figures out of your box? some command?

examine the log

/var/log/exim/rejectlog

greetings....

still green behind the ears with DA and all the cool tools and programs out there.

i am confused with spamblocker.
i definitely want to run spamblocker with spam assassin with something like clamAV...but get confused when i read through the forums whether this stuff is already included with DA or not.
today, i looked at the upgrade info page http://www.directadmin.com/versions.php?action=allversions

I don't see anything about spamblocker being added. So, if I read the upgade info page correct, how can the post in this thread be accurate to the point of spamblocker being included in DA? I am not trying to make a mountain out of a molehill but being new makes it that much harder to get caught up and understand (been in the MS world too long, i guess)...

Since moving from cPanel, things are a little more simple and more challenging at the same time. For example, spamassassin is available via gui. DA apparently is not since I can't find it anywhere.

Our system is running vs 1.224

any guidance would be greatly appreciated.

kind regards...

Take a look at your /etc/exim.conf file.

Does it look like this (http://www.nobaloney.net/downloads/spamblocker/DirectAdmin/exim.conf.spamblocked)?

If it does, it's the spamblocker version.

If not, you can download it from the above URL using wget, right to your server, and install it.

However you MUST add the files and make the changes noted in the notes at the top.

By default, in my download version, SpamBlocker is turned off and SpamAssassin is turned on.

If you want to merge it with an Anti-Virus solution before I do my official one, you're on your own :) .

Jeff

A faster way to get going is to install the latest da_exim packages. It comes with spamblocker. Then follow the clamav + exiscan howto and add the domains you want to free from spam to the "rbl whitelist".

Well, I'm not sure that's faster than installing one file and creating three directories...

but if you think so... :)

To each his/her own.

The Anti Virus solution you mention filters viruses, but still accepts them on the server.

Our solution will block them at data time; so they won't end up on your server with you wondering what to do about them.

Either way, SpamBlocker works!

Jeff

You're right about the way clamav works, but it's the only available solution right now ;)

I enabled the spamblocker script yesterday, now i'm getting some weird stuff.

Mail from one of my domains is being redirected (?) to my email adress... somehow...

The mail is directed to user@domain.com, but it ends up in my mailbox.

Excerp from my maillog:
2004-08-11 09:56:16 1Buny3-0005yU-NF => bart <user@domain.com> F=<sender@domain2.com> R=virtual_user T=virtua...

bart is my account. my account is in no way related or linked to user(@domain.com).

Any ideas? Problem is only with this domain afaik, and not all mail gets 'redirected' to my account, i think.

Originally posted by jlasman
Our solution will block them at data time; so they won't end up on your server with you wondering what to do about them.

Either way, SpamBlocker works!

Jeff

That sounds good - when can we see a solution?

regards

Jon

I don't have a date yet.

i was to have worked on it this week, but I had some car problems, some servers that needed work, and a bad cold that keeps me away from the computer a lot of hours.

:(

I hope, soon.

Jeff

Thanks for all your hard work on this project, I just installed the new DA exim package so I guess I'm not using spamblocker as well :-)

In the new DA exim package you should find an exim.conf file that includes DA.

Don't forget to create the necessary directories (see the comments in the exim.conf file) if they're not there already.

But by default no domains make use of SpamBlocker; you'll have to put domain names into /etc/virtual/use_rbl_domains.

(You don't have to restart anything.)

Jeff

Are there any other special way of adding ip addressess to whitelist_from file to work?

I try to add

*@domain.com
dslxx-xx-50293.adsl.xxnet.net.tr
81.2xx.1x6.117
mailsrv.domain.com
domain.com

not working still mail from this ip adress is blocked.

I also try to add domains just like this into whitelist_from file

whitelist_from user@domain.com
whitelist_from 1.1.1.1
whitelist_from *@domain.com

Its still not working

I double checked permissions etc
-rw-r--r-- 1 mail mail 111 Aug 17 17:15 /etc/virtual/whitelist_from

No solution

I checked exim.conf line bye line nothing wrong I found

what am I doing wrong?

I just want to whitelist an ip address and accept mail from it for all my domains in use_rbl_domains file

It's possible it doesn't work properly by IP#; I'll check into it.

If it needs a change to make it work with IP#s, I'll make the change and announce it in this thread.

Jeff

EDITED for my own stupididty!!!!!!!

i named the whitelist file wrong, lol

thanks for the mod!

can someone post an example of text that goes in black list.

I got nailed with Span Assassin, Spam Blocker with about 10 emails from Rx companies and othe BS. Some how they all got through and i want them gone.

These all text messages are trickey, eh. is there a way to block emails that use the whole "mort.gage looan" technique.

Im just learning this spam blocking thing, lots of fun!!!!

:confused: :confused: :confused:

The short answer is that you take a look at the headers of offending spam and find the mailserver that sent it and add the name of that mailserver to /etc/virtual/blacklist_domains .

The problem here is "How does one decipher the headers?" With all of the relaying and spoofing that goes on it's very difficult, for me atleast, to decipher and figure out what mailserver to block. Usually I just find IP addresses andd throw them in the blacklist_domains file. But I don't even know if that really works or not.

Can someone explain how to read a header that contains some BS? Or better yet give a web resource that will help? Here is an offending header. What do I add to the blacklist_domains file?

Received: from mail by lucie.bli.net with spam-scanned (Exim 4.24)
id 1BxefY-000GkW-C0
for carl@domain.com; Wed, 18 Aug 2004 21:36:56 -0700
Received: from lns-th2-4f-81-56-240-210.adsl.proxad.net ([81.56.240.210])
by lucie.bli.net with smtp (Exim 4.24)
id 1BxefS-000GkO-F1
for carl@domain.com; Wed, 18 Aug 2004 21:36:52 -0700
Received: from 12.48.190.46 by web019.mail.yahoo.com; Wed, 18 Aug 2004 22:35:07 -0700
From: "Carla Cummins" <OYVEHY@msn.com>
To: carl@domain.com
Subject: carl@domain.com
Date: Thu, 19 Aug 2004 02:33:07 -0300
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="--93560288463485817"
X-CS-IP: 248.84.138.42
X-lucieblinet-MailScanner: Found to be clean, Found to be clean, Found to be clean, Found to be clean
X-lucieblinet-MailScanner-SpamCheck: spam (blacklisted), spam (blacklisted), spam (blacklisted), spam (blacklisted)
X-Username: carl@domain.com
Resent-To: "spam@bli.net" <spam@bli.net>
Resent-From: Carl Ratliff <carl@domain.com>
Resent-Date: Wed, 18 Aug 2004 21:49:01 -0700
Resent-Message-ID: <IVPSXZBRXVGWFXQEBWKFJ@hotmail.com>
X-Username: spam@bli.net
X-Spam-Checker-Version: SpamAssassin 2.63 (2004-01-11) on lucie.bli.net
X-Spam-Level: ****
X-Spam-Status: No, hits=4.6 required=8.0 tests=CLICK_BELOW,EXCUSE_3,
HTML_60_70,HTML_IMAGE_ONLY_04,HTML_LINK_CLICK_HERE,HTML_MESSAGE,
MIME_HTML_NO_CHARSET,MIME_HTML_ONLY,MIME_HTML_ONLY_MULTI,REMOVE_PAGE
autolearn=no version=2.63
X-lucieblinet-MailScanner-Information: Please contact the ISP for more information

I just spent 30 minutes looking for already created black lists and found this one with over a million.

bigblacklist (http://urlblacklist.com/?sec=download)

I unzipped it and it is a tone of folders all catagorized by genre of spam and insite are list of domains and urls.

I guess i just copy and paste all domains and IPs in list format with no special code into the blacklist_domains File???

I can find nothing on this on the web. google groups is even being a bitch about returning what i want!!!!!!!well I guess its time to experiment

any info is greatly appreciated!

motobrandt, you seem to be running Mailscanner. You have to get rid of it before you use Spamblocker (meaning undoing all the changes you have done and removing those folders you did create).

Add you domains to the rbl file, activate spamassassin (follow DA instructions), activate clam (there is a good howto) and that's it.

Originally posted by interfasys
motobrandt, you seem to be running Mailscanner. You have to get rid of it before you use Spamblocker (meaning undoing all the changes you have done and removing those folders you did create).

Add you domains to the rbl file, activate spamassassin (follow DA instructions), activate clam (there is a good howto) and that's it.
What??? Why do I have to get rid of Mailscanner? Everything seems to be working fine. Except the fact that I don't truly know how to read a header or what to put in the blacklist_domains file.

Do tell me what the issue with Mailscanner is.

Thanks,
Brandt

Where did you get your exim.conf file?

Do you have my SpamBlocker code in your eixm.conf file, as well as the MailScanner code?

I suppose you could use both, but I don't know if anyone has properly implemented it.

Anyway, to get the name of the server to block:

The top "Received:" line that's accepting email from an outside email is the line that's got the name of the mailserver you want to stop.

Someone has brought to my attention that IP#s may not be working in the blocklist; I'm not sure, because I use names and not IP#s.

So I'll be checking further as time permits and make any required changes.

Jeff

Jeff,
I am using the original spamblocker exim.conf (not sure if it has changed over the last couple months) I added this at the top for Mailscanner.

spool_directory = /var/spool/exim.in
queue_only = true
queue_only_override = false
no_message_logs
log_file_path = /var/log/exim/%s

And I commented out the spamassassin stuff as it's already running under mailscanner.

# Spam Assassin
#spamcheck_director:
# driver = accept
# condition = "${if and { {!def:h_X-Spam-Flag:} {!eq {$received_protocol}{spam-scanned}} {!eq {$received_protocol}{local}} } {1}{0}}"
# retry_use_local_part
# transport = spamcheck
# no_verify

errrr.... well this stuff isn't commented out. It's just down from that last stuff.

# A transport is used only when referenced from a director or a router that
# successfully handles an address.


# Spam Assassin
begin transports

spamcheck:
driver = pipe
batch_max = 100
command = /usr/sbin/exim -oMr spam-scanned -bS
current_directory = "/tmp"
group = mail
home_directory = "/tmp"
log_output
message_prefix =
message_suffix =
return_fail_output
no_return_path_add
transport_filter = /usr/bin/spamc
use_bsmtp
user = mail
# must use a privileged user to set $received_protocol on the way back in!

Do you want to see the whole file? or does it matter to you?
:rolleyes:

Originally posted by motobrandt
I am using the original spamblocker exim.conf (not sure if it has changed over the last couple months) I added this at the top for Mailscanner.
I presume you read the comments in the SpamBlocker exim.conf file and created the necessary directories. I also presume you restarted exim after you installed the new exim.conf file and after each change you made.
Do you want to see the whole file?
That depends what you want me to help you with :) . In my last post I gave you information on what needs to be in the blocklist, and where to find it. Do you need any other information or help from me?
or does it matter to you?
I was wondering how you implemented it because I'm working on my implementation. However my implmentation will working during data time, so I most likely won't use MailScanner.

Jeff

Originally posted by vincenzobar
I just spent 30 minutes looking for already created black lists and found this one with over a million.
it's not one list; it's lots of them.

As currently implemented, the spamblocker blocklist works on domains taken from from-addresses. I'll soon be isuing an update that also works with hostnames. bigblocklist appears to have domains from from-addresses, so the domains should work, though the IP#s won't.

(I'm still studying whether or not IP#s will work in the hostnames blocklist.)

However you should know that exim will parse these lists in realtime each time an email comes in. Do you really want to slow down your server searching over a million?

I wouldn't do it this way.

If I were going to do it (and I'm most likely not) I'd create my own DNS blocklists. There are instructions for doing this; you can google for them if you decide to do it.

Note however that this method requires hostnames, not from-domains, so this list may be useless, depending on how it was created. It does NOT require you know the IP#s; only that you know how to send back an arbitrary IP# that explains the meaning for the block.

Jeff

Ok these few questions should be all i need before i fully understand this 'ish.



Return-path: <9296.6062652@4oh5.com>
Envelope-to: enzo@underwater-design.com
Delivery-date: Fri, 20 Aug 2004 16:09:08 -0400
Received: from mail by server.Innerearaudio.com with spam-scanned (Exim 4.24)
id 1ByFhD-0005Am-Tf
for enzo@underwater-design.com; Fri, 20 Aug 2004 16:09:08 -0400
Received: from localhost by server.Innerearaudio.com
with SpamAssassin (2.64 2004-01-11);
Fri, 20 Aug 2004 16:09:07 -0400
From: Hot Flashes Be Gone <9296.6062652@4oh5.com>
To: <enzo@underwater-design.com>
Subject: Is there relief from menopause?
Date: Fri, 20 Aug 2004 14:08:32 -0800
Message-Id: <wGgIxbJyihakizKBkihxA-Gsxi@4oh5.com>
X-Spam-Flag: YES
X-Spam-Checker-Version: SpamAssassin 2.64 (2004-01-11) on
server.Innerearaudio.com
X-Spam-Level: *****
X-Spam-Status: Yes, hits=5.9 required=5.0 tests=CLICK_BELOW,EXCUSE_16,
FREE_SAMPLE,FROM_ENDS_IN_NUMS,HTML_30_40,HTML_IMAGE_ONLY_12,
HTML_MESSAGE,HTML_TAG_BALANCE_TABLE,HTML_TITLE_UNTITLED,HTML_WEB_BUGS
autolearn=no version=2.64
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="----------=_41265A63.F66B82C8"


the bolded From: Hot Flashes Be Gone <9296.6062652@4oh5.com> Is this what you are taling about!

do I enter this into blacklist_domains or use_rbl_domains and do i type it in the file like this:

from-9296.6062652@4oh5.com
or
9296.6062652@4oh5.com

All i have read on the net is all this perl code like S=amazon;hotmail to be entered into files. I have spent 3 days researching on the net and have found nothing useful and im the only computer geek of all the people i know in person. this sux :-(

I see in this thread it talks about enabling SpamBlock in conf but all i did was copy paste and according to my header it seems to be working, i think, but i still get a butt load of spam and SpamAssassin is catching it all. I have read through all the code but can't understand it well enough to figure out what to do exactly ( i need my hand held- *what a b!tch i am when it comes to this stuff*)

Also in reading this post - what do you mean enter domains in use_rbl_domains. My domains like www.underwater-design.com or the ones i don't want coming through. if its for non wanted then whats the black list for? I am so confused, I think my brain is fried!

BTW i have aol IM and am vincenzobar if you think IM would be easier to solve this and clarify my questions!

oh and yeah i just chose the ones from the majority of the mail i got like from folder drugs and loans or what ever it was!

Originally posted by vincenzobar
the bolded From: Hot Flashes Be Gone <9296.6062652@4oh5.com> Is this what you are taling about!
Part of it.
do I enter this into blacklist_domains or use_rbl_domains and do i type it in the file like this:

from-9296.6062652@4oh5.com
or
9296.6062652@4oh5.com
You enter just the domain part of the from address, to /etc/virtual/blacklist_domains.

In other words, to block emails sent from this sender you'd add:

4oh5.com

into /etc/virtual/blacklist_domains.

use_rbl_domains is for something completely different... it's for the list of domains hosted on your server which should use SpamBlocked features.

For example, if you want all your domains to use SpamBlocked features (we don't recommend this; we recommend making it a domain-owner's option), you could make it a link to /etc/virtual/domains.

Otherwise you can copy and past domains from /etc/virtual/domains to /etc/virtual/use_rbl_domains so these domains will use SpamBlocked features. Any domains on your server not listed in /etc/virtual/use_rbl_domains will NOT use SpamBlocked features.
All i have read on the net is all this perl code like S=amazon;hotmail to be entered into files. I have spent 3 days researching on the net and have found nothing useful and im the only computer geek of all the people i know in person. this sux :-(
I don't know what you're looking for so I can't make sense of this paragraph.
I see in this thread it talks about enabling SpamBlock in conf but all i did was copy paste and according to my header it seems to be working, i think, but i still get a butt load of spam and SpamAssassin is catching it all. I have read through all the code but can't understand it well enough to figure out what to do exactly ( i need my hand held- *what a b!tch i am when it comes to this stuff*)
If you're still getting lots of spam, then it's probably not working. Did you have the same exim.conf file as that downloadable at http://www.nobaloney.net/downloads? If so, did you check to make sure all the required files have been added to the /etc/virtual directory? Have you created the website for the redirect, and changed the exim.conf code to redirect to your own website?

If you've done all of the above and restarted exim, then you shouldn't be getting too much spam caught by SpamAssassin at all.
Also in reading this post - what do you mean enter domains in use_rbl_domains. My domains like www.underwater-design.com or the ones i don't want coming through. if its for non wanted then whats the black list for? I am so confused, I think my brain is fried!
I answered this above. Only thing I'll add here is that we want the domains as people address email to them; in other words example.com, not www.example.com.
BTW i have aol IM and am vincenzobar if you think IM would be easier to solve this and clarify my questions!
I don't use any kind of IM; though I type at over 100 wpm, I think about a hundred times faster than that, and I find IM just a waste of time for me.

The best place to get help from me at no charge is here on the forum. Of course my business is working for webhosting companies, and we can do administration work, or even install software (such as SpamBlocker) for you if you wish. However, for that there is a charge.

Jeff

Thank you for your responses and trust me i wish i could pay you. But i got 33 dollars to my name until next friday!! lol.

I replaced the example.com with my address but never set up an actual page I will get to that..... Aww DAMN just noticed i must of written over it it wasn't changed... grrrrrrr

Everthing else is created, chmod, and chown.

Thanks for the clarification on the three files that helped alot and as far as the "S=amazon;hotmail" crap... Me either!!!!!!!

Ive been so busy on this server and websites i haven't had time for my own so eventually i will get around to updating it, lol. Ill let you know how it turns out!!

i can't thank you enough!!!!

-vin

Originally posted by jlasman
I presume you read the comments in the SpamBlocker exim.conf file and created the necessary directories. I also presume you restarted exim after you installed the new exim.conf file and after each change you made.

That depends what you want me to help you with :) . In my last post I gave you information on what needs to be in the blocklist, and where to find it. Do you need any other information or help from me?

I was wondering how you implemented it because I'm working on my implementation. However my implmentation will working during data time, so I most likely won't use MailScanner.

Jeff

Jeff,
Actually if you read the post that got me back into this it was simply about what part of the header do you add to the blacklist_domains file. Everything is working great on my server with Mailscanner running spamassassin and clamav. When I started using your exim.conf file (with some small mods listed above) I received way less spam. But now I am getting lots of it. So my main issue is how to continue to make it better.

I guess I've misunderstood this whole time about what should go in the blacklist_domains file. I thought that it had to be a mailserver name not just a domain name. That sure simplifies things if all that is needed is the domain name.

I'll give it a shot.

I think you got it working!!!!!!! with my hands of course (i type at like 30 words an hour!!)

this is a stat from rejectlog
2004-08-20 20:26:24 H=(65.182.143.151) [65.182.143.151] F=<ebay4391@indiatimes.com>
rejected RCPT <info@innerearaudio.com>:
to unblock see http://www.underwaterdesign.com/

most of the others are old email address that don't exist any more. But that is my first valid email address turn away!!!!

Thanks alot!!!!!!!!!!!!:D :o ;) :) :cool: :D

Originally posted by sHuKKo
examine the log

/var/log/exim/rejectlog

I don't see it!?!?!?!

what did you do? vi or pico the log and count???? lol

Originally posted by vincenzobar
Thank you for your responses and trust me i wish i could pay you. But i got 33 dollars to my name until next friday!! lol.
You're about $33 ahead of me.

We have a lot of cashflow, but how much I can spend is a different story.

My car broke down two weeks ago, and in the So. Cal. desert you can't really get by without one, so now I have a car rental bill on top of everything else (I'm scheduled to get a car on Monday; I can't wait). The only good news is that this weekend I'm renting a Chrysler PT Cruiser... I always wanted to try that one out :) .

So instead of buying a new high-end desktop system two weeks ago, I'm buying a car. Oh well.

Jeff

Originally posted by motobrandt
I guess I've misunderstood this whole time about what should go in the blacklist_domains file. I thought that it had to be a mailserver name not just a domain name. That sure simplifies things if all that is needed is the domain name.
I'm beta testing now with another file for hostnames. However I don't like frequent changes so I probably won't bring that out until I have the AV stuff.

Jeff

Originally posted by vincenzobar
I think you got it working!!!!!!! with my hands of course (i type at like 30 words an hour!!)

this is a stat from rejectlog
2004-08-20 20:26:24 H=(65.182.143.151) [65.182.143.151] F=<ebay4391@indiatimes.com>
rejected RCPT <info@innerearaudio.com>:
to unblock see http://www.underwaterdesign.com/
You might want to direct people to a specific page; I doubt you'll want to put unblocking information on your main site page.

Jeff

Yeah i know but i haven't had the time yet. I plan on getting one up within the next couple of days that sent to my error@ account!

I have to cut and format a 400,000 item database then insert it into MySQL by tonight so as you cab=n see im a little busy for my personal site. and if you have visited my site you will see there isn't much there. becuase i did all that in one day!!

work gotta love it!!!!!!!!!!!!!

Let's say I have supadupa.com as a main domain name ans supadupa.ws, supadupa.cc as aliases.

Is there a way to add only the main domain name to use_rbl_domains and have all the invalid emails sent to the both the main domain name and the aliases rejected?

Originally posted by interfasys
Let's say I have supadupa.com as a main domain name ans supadupa.ws, supadupa.cc as aliases.

Is there a way to add only the main domain name to use_rbl_domains and have all the invalid emails sent to the both the main domain name and the aliases rejected?
I'm quite confused as to what you want to do.

However I can say that since the tests all occur at rcpt time, each domain is handled separately, whether it's a real domain or just an alias.

All domains entered in any of the added control files will be handled individually.

Jeff

OK After trying to figure out if this is really working for me or not. I find that it is not completely working. It is blocking those that it can't get a return rcpt from but I'm not sure that any of the blacklisting stuff is working at all.

I tried to block a domain on another one of my servers by adding the
IP address - no luck
server name - no luck
domain name - no luck
email address - no luck.

So there must be something wrong with the way that I'm implementing this or something because it doesn't even appear to be looking in the /etc/virtual/blacklist_domains file that I created.

I am using the da_exim-4.34-1.tgz that uses the spamblocker exim.conf file. All I have done is to comment out the spamassassin stuff near the bottom.

Ideas?

OK, you've answered my question. I wish we could just include a domain name and that would be a rule for the aliases too.

bump

Can someone explain how this thing looks at the blacklist_domains file? Mine is not working or if it is then it isn't blocking domains that are in there. See above post.

basically I set up the /etc/virtual/blacklist_domains file with information on a domain that I have on another server but I can't block it no matter what I try. Does this even work?

thanks!
brandt

Hey jeff,
Do you have anything for exim to block attachments like you have for procmail at
http://www.nobaloney.net/downloads/blockattachments/ by chance? I noticed exim blocks some stuff already but was wondering if there were additional ways to do it.

Thanks!

motor --
The format for the blacklist is:
host.tld: spam. Don't add @'s or it wont work. Just domain names.

Hey Jeff,

I just installed your exim.conf and Its rejecting all my emails with a spamd error.

2004-08-24 13:23:15 SMTP connection from mail lost while reading message data (header)
spamcheck transport output: An error was detected while processing a file of BSMTP input.
spamcheck_director T=spamcheck: Child process of spamcheck transport returned 2 from command: /usr/sbin/exim

config:

## EXIM CONFIGURATION

# primary_hostname =
# qualify_domain =
# qualify_recipient =
perl_startup = do '/etc/exim.pl'
system_filter = /etc/system_filter.exim
message_size_limit = 10M
smtp_receive_timeout = 5m
smtp_accept_max = 100
smtp_accept_queue = 35
smtp_accept_max_per_host = 5
smtp_accept_max_nonmail = 10
smtp_banner = "$primary_hostname ESMTP Exim $version_number $tod_full"
#received_header_text = "Received: ${if def:sender_rcvhost {from ${sender_rcvhost}\n\t} {${if def:sender_ident {from ${sender_ident} }} ${if def:sender_helo_name {(helo=${sender_helo_name})\n\t}}}} by ${primary_hostname} ${if def:received_protocol {with ${received_protocol}}} ${if def:tls_cipher {${tls_cipher}}}\n\t (Exim ${version_number} id ${message_id}) ${if def:received_for {\n\tfor <$received_for>}}"
helo_allow_chars = _

# define what to log:
# define the => log lines
# +delivery_size
# +sender_on_delivery
#
# define the <= log lines:
# +received_recipients
# +received_sender
# +smtp_confirmation
# +subject
#
# define other non '<= =>' log lines:
# +smtp_incomplete_transaction
###################################
# define what to not log:
# define other non "<= =>' log lines:
# -dnslist_defer
# -host_lookup_failed
# -queue_run
# -rejected_header
# -retry_defer
# -skip_delivery
###################################

log_selector = \
+delivery_size \
+sender_on_delivery \
+received_recipients \
+received_sender \
+smtp_confirmation \
+subject \
+smtp_incomplete_transaction \
-dnslist_defer \
-host_lookup_failed \
-queue_run \
-rejected_header \
-retry_defer \
-skip_delivery

syslog_duplication = false
acl_smtp_rcpt = check_recipient
acl_smtp_data = check_message

# define local lists

domainlist blacklist_domains = lsearch;/etc/virtual/blacklist_domains
domainlist whitelist_from = lsearch;/etc/virtual/whitelist_from
domainlist local_domains = lsearch;/etc/virtual/domains
domainlist relay_domains = lsearch;/etc/virtual/domains : localhost
domainlist use_rbl_domains = lsearch;/etc/virtual/use_rbl_domains
hostlist relay_hosts = net-lsearch;/etc/virtual/pophosts : 127.0.0.1
hostlist auth_relay_hosts = *

# local_domains_include_host_literals
allow_domain_literals = false
never_users = root
host_lookup = *
rfc1413_hosts = *
rfc1413_query_timeout = 0s
auto_thaw = 1h
ignore_bounce_errors_after = 2h
timeout_frozen_after = 14h
trusted_users = mail:majordomo:www
tls_certificate = /etc/exim.cert
tls_privatekey = /etc/exim.key
tls_advertise_hosts = *
#auth_over_tls_hosts = *

begin acl

check_recipient:
accept hosts = :
deny domains = +local_domains
local_parts = ^[.] : ^.*[@%!/|]
deny domains = !+local_domains
local_parts = ^[./|] : ^.*[@%!] : ^.*/\\.\\./
accept domains = +whitelist_from
accept local_parts = postmaster
domains = +local_domains
accept local_parts = abuse
domains = +local_domains
accept local_parts = hostmaster
domains =+local_domains
accept local_parts = dns
domains = tentric.com
deny message = Go play with your self
domains = +use_rbl_domains
sender_domains = +blacklist_domains
require verify = sender
deny message = Mail from $sender_host_name rejected; see http://rss.mail-abuse.com/cgi-bin/nph-rss?query=$sender_ip_address
domains = +use_rbl_domains
dnslists = relays.mail-abuse.org
deny message = Mail from $sender_host_name rejected; see http://njabl.org/cgi-bin/lookup.cgi?query=$sender_ip_address
domains = +use_rbl_domains
dnslists = dnsbl.njabl.org
deny message = Mail from $sender_host_name rejected; see http://ordb.org/lookup/?host=$sender_ip_address
domains = +use_rbl_domains
dnslists = relays.ordb.org
deny message = Mail from $sender_host_name rejected; see http://www.spamhaus.org/query/bl?ip=$sender_ip_address
domains = +use_rbl_domains
dnslists = sbl.spamhaus.org
deny message = Mail from $sender_host_name rejected; youre domain may be hacked or infected as per http://opm.blitzed.org/proxy?ip=$sender_ip_address
domains = +use_rbl_domains
dnslists = opm.blitzed.org
deny message = Mail from $sender_host_name rejected; youre domain may be hacked or infected as per http://www.dnsbl.us.sorbs.net/lookup.shtml
domains = +use_rbl_domains
dnslists = dnsbl.sorbs.net=127.0.0.5
deny message = Mail from $sender_host_name rejected; youre domain may be hacked or infected as per http://www.dnsbl.us.sorbs.net/lookup.shtml
hosts = !+relay_hosts
domains = +use_rbl_domains
!authenticated = *
dnslists = dnsbl.sorbs.net!=127.0.0.6
deny message = Mail from $sender_host_name rejected.
hosts = !+relay_hosts
domains =+use_rbl_domains
!authenticated = *
dnslists = bl.spamcop.net : cbl.abuseat.org
deny message = Mail from $sender_host_name rejected.
domains =+use_rbl_domains
dnslists = rhsbl.sorbs.net/$sender_address_domain
accept domains = +local_domains
endpass
verify = recipient
accept domains = +relay_domains
endpass
verify=recipient
accept hosts = +relay_hosts
accept hosts = +auth_relay_hosts
endpass
message = authentication required
authenticated = *
deny message = relay not permitted
deny message = relay not permitted

check_message:
accept

begin authenticators

plain:
driver = plaintext
public_name = PLAIN
server_condition = "${perl{smtpauth}}"
server_set_id = $2

login:
driver = plaintext
public_name = LOGIN
server_prompts = "Username:: : Password::"
server_condition = "${perl{smtpauth}}"
server_set_id = $1


begin routers

lookuphost:
driver = dnslookup
domains = ! +local_domains
ignore_target_hosts = 127.0.0.0/8
transport = remote_smtp
no_more

# domain_literal:
# driver = ipliteral
# transport = remote_smtp

#spamcheck_director:
# driver = accept
#condition = "${if and { {!def:h_X-Spam-Flag:} {!eq {$received_protocol}{spam-scanned}} {!eq {$received_protocol}{local}} } {1}{0}}"
# retry_use_local_part
#transport = spamcheck
#no_verify

majordomo_aliases:
driver = redirect
allow_defer
allow_fail
data = ${if exists{/etc/virtual/${domain}/majordomo/list.aliases}{${lookup{$local_part}lsearch{/etc/virtual/${domain}/majordomo/list.aliases}}}}
domains = lsearch;/etc/virtual/domainowners
file_transport = address_file
group = daemon
pipe_transport = majordomo_pipe
retry_use_local_part
no_rewrite
user = majordomo

majordomo_private:
driver = redirect
allow_defer
allow_fail
condition = "${if eq {$received_protocol} {local} \
{true} {false} }"
data = ${if exists{/etc/virtual/${domain}/majordomo/private.aliases}{${lookup{$local_part}lsearch{/etc/virtual/${domain}/majordomo/private.aliases}}}}
domains = lsearch;/etc/virtual/domainowners
file_transport = address_file
group = daemon
pipe_transport = majordomo_pipe
retry_use_local_part
user = majordomo

domain_filter:
driver = redirect
allow_filter
no_check_local_user
user = "mail"
file = /etc/virtual/${domain}/filter
file_transport = address_file
pipe_transport = virtual_address_pipe
retry_use_local_part
no_verify

uservacation:
driver = accept
condition = ${lookup{$local_part} lsearch {/etc/virtual/${domain}/vacation.conf}{yes}{no}}
require_files = /etc/virtual/${domain}/reply/${local_part}.msg
transport = uservacation
unseen

userautoreply:
driver = accept
condition = ${lookup{$local_part} lsearch {/etc/virtual/${domain}/autoresponder.conf}{yes}{no}}
require_files = /etc/virtual/${domain}/reply/${local_part}.msg
transport = userautoreply

virtual_aliases_nostar:
driver = redirect
allow_defer
allow_fail
data = ${if exists{/etc/virtual/${domain}/aliases}{${lookup{$local_part}lsearch{/etc/virtual/${domain}/aliases}}}}
file_transport = address_file
group = mail
pipe_transport = virtual_address_pipe
retry_use_local_part
unseen
#include_domain = true

virtual_user:
driver = accept
condition = ${if eq {}{${if exists{/etc/virtual/${domain}/passwd}{${lookup{$local_part}lsearch{/etc/virtual/${domain}/passwd}}}}}{no}{yes}}
domains = lsearch;/etc/virtual/domainowners
group = mail
retry_use_local_part
transport = virtual_localdelivery

virtual_aliases:
driver = redirect
allow_defer
allow_fail
data = ${if exists{/etc/virtual/$domain/aliases}{${lookup{$local_part}lsearch*{/etc/virtual/$domain/aliases}}}}
file_transport = address_file
group = mail
pipe_transport = virtual_address_pipe
retry_use_local_part
#include_domain = true

userforward:
driver = redirect
allow_filter
check_ancestor
check_local_user
no_expn
file = $home/.forward
file_transport = address_file
pipe_transport = address_pipe
reply_transport = address_reply
no_verify

localuser:
driver = accept
check_local_user
transport = local_delivery

system_aliases:
driver = redirect
allow_defer
allow_fail
data = ${lookup{$local_part}lsearch{/etc/aliases}}
file_transport = address_file
pipe_transport = address_pipe
retry_use_local_part
user = mail

begin transports

#spamcheck:
# driver = pipe
# batch_max = 100
# command = /usr/sbin/exim -oMr spam-scanned -bS
# current_directory = "/tmp"
# group = mail
# home_directory = "/tmp"
# log_output
# message_prefix =
# message_suffix =
# return_fail_output
# no_return_path_add
# transport_filter = /usr/bin/spamc
# use_bsmtp
# user = mail

majordomo_pipe:
driver = pipe
group = daemon
return_fail_output
user = majordomo

local_delivery:
driver = appendfile
delivery_date_add
envelope_to_add
file = /var/mail/$local_part
group = mail
mode = 0660
return_path_add
user = ${local_part}

virtual_localdelivery:
driver = appendfile
create_directory
delivery_date_add
directory_mode = 700
envelope_to_add
file = /var/spool/virtual/${domain}/${local_part}
group = mail
mode = 660
return_path_add
user = "${lookup{$domain}lsearch*{/etc/virtual/domainowners}{$value}}"
quota = ${if exists{/etc/virtual/${domain}/quota}{${lookup{$local_part}lsearch*{/etc/virtual/${domain}/quota}{$value}{0}}}{0}}

uservacation:
driver = autoreply
file = /etc/virtual/${domain}/reply/${local_part}.msg
from = "${local_part}@${domain}"
log = /etc/virtual/${domain}/reply/${local_part}.log
no_return_message
subject = "${if def:h_Subject: {Autoreply: $h_Subject:} {I am on vacation}}"
text = "\
------ ------\n\n\
This message was automatically generated by email software\n\
The delivery of your message has not been affected.\n\n\
------ ------\n\n"
to = "${sender_address}"
user = mail
#once = /etc/virtual/${domain}/reply/${local_part}.once

userautoreply:
driver = autoreply
bcc = ${lookup{${local_part}} lsearch {/etc/virtual/${domain}/autoresponder.conf}{$value}}
file = /etc/virtual/${domain}/reply/${local_part}.msg
from = "${local_part}@${domain}"
log = /etc/virtual/${domain}/reply/${local_part}.log
no_return_message
subject = "${if def:h_Subject: {Autoreply: $h_Subject:} {Autoreply Message}}"
to = "${sender_address}"
user = mail
#once = /etc/virtual/${domain}/reply/${local_part}.once

remote_smtp:
driver = smtp

address_pipe:
driver = pipe
return_output

virtual_address_pipe:
driver = pipe
group = nobody
return_output
user = "${lookup{$domain}lsearch* {/etc/virtual/domainowners}{$value}}"

address_file:
driver = appendfile
delivery_date_add
envelope_to_add
return_path_add

address_reply:
driver = autoreply

begin retry

* * F,2h,15m; G,16h,1h,1.5; F,4d,8h

Originally posted by apryan
motor --
The format for the blacklist is:
host.tld: spam. Don't add @'s or it wont work. Just domain names.

?? so it needs a colon spam? Like if I wanted to block my own domain bli.net from sendin spam to the server I would add

bli.net: spam

to the blacklist_domains file? hmmm. If this is true then it would solve the mystery for me fo sho. But I can't find anywhere where it says to do this.

???
I'll try it out.

I dont think it needs the : spam. Thats if you wanted to add a username i think?

If you want to block all of bli.net adding it like this:

bli.net

should do the trick. No user@ in front.
-anth

Originally posted by apryan
I dont think it needs the : spam. Thats if you wanted to add a username i think?

If you want to block all of bli.net adding it like this:

bli.net

should do the trick. No user@ in front.
-anth
Thanks for the help but for some reason that isn't working. That is what I tried originally. So I guess it's back to how do I debug this thing? How do I know if it's looking at the blacklist file?

thx,
Brandt

What you should be adding is the domain name from the "from" address; in other words everything after the @ character.

I'll soon be adding a file you'll be able to add mailservers (MTA hosts) to, but that's not ready yet.

Jeff

Originally posted by jlasman
What you should be adding is the domain name from the "from" address; in other words everything after the @ character.

I'll soon be adding a file you'll be able to add mailservers (MTA hosts) to, but that's not ready yet.

Jeff

It doesn't work.

That's why I'm asking for any tips on debugging this thing. Where do I start? It's like it's not checking the file that I created. I entered gmail.com in there. Then I
#killall exim -HUP
#/usr/local/etc/rc.d/exim start

Everything works fine excpet that I can still send mail from gmail to anyone on the server.

It works properly on my server, from here; I just tested it.

What's the fully qualified path/name of the file you added?

You should not have to restart the server when you change the files; only when you change exim.conf.

Jeff

Originally posted by jlasman
It works properly on my server, from here; I just tested it.

What's the fully qualified path/name of the file you added?

/etc/virtual/blacklist_domains
chmod 644
chown mail:mail

[root@lucie /etc/virtual]# ls -l | grep black
-rw-r--r-- 1 mail mail 7978 Aug 24 12:14 blacklist_domains
[root@lucie /etc/virtual]#


You should not have to restart the server when you change the files; only when you change exim.conf.

Jeff
Oh yeah! hehe I've read that about 50 times. But I keep thinking that I'm doing something wrong so I try everything I can think of.

More details? OK I know that some of the blocking is working as I changed the Deny messages so that I could see what was working and what was not. I have added that section below. In my logs I get msg 1, msg 2, and msg 3 so I know that it is working but no msg 0 which is the blacklist_domains one. I think...

Thanks!
Brandt

# accept mail to errors@example.com, regardless of source
accept local_parts = errors
domains = bli.net

# deny so-called "legal" spammers"
# but do bypass all checking for whitelisted host names
deny message = msg 0 : Your domain $sender_host_name is on a public BLACKLIST to remove send a request to errors@bli.net
# only for domains that do want to be tested against RBLs
domains = +use_rbl_domains
sender_domains = +blacklist_domains

# Deny unless sender address can be verified:
# This statement requires the sender address to be verified before any
# subsequent ACL statement can be used. If verification fails, the incoming
# recipient address is refused. Verification consists of trying to route the
# address, to see if a bounce message could be delivered to it. In the case of
# remote addresses, basic verification checks only the domain.

require verify = sender

# Deny stuff from insecure hosts & spammers. No exceptions for known users.
# but do bypass all checking for whitelisted host names

deny message = msg 1 : Your domain $sender_host_name is on a public BLACKLIST to remove send a request to errors@bli.net
# only for domains that do want to be tested against RBLs
domains = +use_rbl_domains
# only smtp.dnsbl.sorbs.net = 127.0.0.5
dnslists = sbl.spamhaus.org : \
relays.ordb.org : \
dnsbl.sorbs.net=127.0.0.5

# Next deny stuff from more "fuzzy" blacklists
# but do bypass all checking for whitelisted host names
deny message = msg 2 : Your domain $sender_host_name is on a public BLACKLIST to remove send a request to errors@bli.net
hosts = !+relay_hosts
domains =+use_rbl_domains
!authenticated = *
# dnslists not including spam.dnsbl.sorbs.net
dnslists = bl.spamcop.net : \
dnsbl.njabl.org : \
cbl.abuseat.org : \
dnsbl.sorbs.net!=127.0.0.6

deny message = msg 3 : Your domain $sender_host_name is on a public BLACKLIST to remove send a request to errors@bli.net
domains =+use_rbl_domains
# rhsbl list is name based
dnslists = rhsbl.sorbs.net/$sender_address_domain

# accept if address is in a local domain as long as recipient can be verified
accept domains = +local_domains
endpass
verify = recipient

# accept if address is in a domain for which we relay as long as recipient
# can be verified
accept domains = +relay_domains
endpass
verify=recipient

I have no idea why it's not working for you.

Surely you don't expect to compare your exim.conf file character for character, do you?

:)

You could always do that yourself.

Have you tried reinstalling exim.conf and restarting exim afterwards?

(If you do, don't forget the changes.)

Jeff

Originally posted by jlasman
I have no idea why it's not working for you.

Surely you don't expect to compare your exim.conf file character for character, do you?

Of course not. I was just showing you that part where I named the messages so that you could see what I meant when I said I wasn't getting any "0 error" messages in the log. But I was getting the others.

Originally posted by jlasman
You could always do that yourself.


I have done this. Every single word. :mad:

Originally posted by jlasman
Have you tried reinstalling exim.conf and restarting exim afterwards?

(If you do, don't forget the changes.)

Jeff
I have done this as well.
I'll keep messing with it I guess and let you know if I ever get it working.

brandt

Originally posted by motobrandt
basically I set up the /etc/virtual/blacklist_domains file with information on a domain that I have on another server but I can't block it no matter what I try. Does this even work?

Is the other server on the same subnet as SpamBlocker server? Is the other server using this server's MTA to send mail? Are you sure you're sending the mail from MTA on the other server to this one?

Just trying to help... :)

Originally posted by Yikes2000
Is the other server on the same subnet as SpamBlocker server? Is the other server using this server's MTA to send mail? Are you sure you're sending the mail from MTA on the other server to this one?

Just trying to help... :)
yeah I thought the same kind of stuff so I tried using my Gmail account. I added gmail.com to /etc/virtual/blacklist_domains and I couldn't get it to block gmail so...

Thanks though. I'll keep trying.

Brandt

It works here and I have no idea why it's not working for you.

While SpamBlocker does offer technical services, I'm not sure I should advertise here :) .

(We do offer a guarantee on our technical services; if we can't fix it, you don't pay.)

Perhaps someone else on these forums who understands exim can help you, or perhaps you can post specific questions on the exim-users list.

If you do post there, remember that listmembers there will have no idea of the blacklist_domains file or the code I added to exim.conf; you'll have to be very explicit in your questions.

Jeff

When you're trying to block something, remember you're not blocking the entire domain, you're blocking the ip address. That could be part of the problem here. I bet if you added the gmail ip address to the block list you'd get the mail blocked ;)

Actually, SpamBlocker's blocklist is by domain, not by IP#.

It doesn't work by IP#, but rather by domain in the "From:" field.
We're working on an an enhancement that will also block by IP#.

Jeff

I still get about 60 spam emails a day :-(

Originally posted by Ross
I still get about 60 spam emails a day :-( Out of how many? 60 out of 100 is a lot, but 60 out of 10000 is nothing.

i see this in my log, from en emal adress i am expecting some email form:

2004-10-15 09:22:47 H=mail.xx.com [12.x.x.x] F=<SMASTENB@xx.com> temporarily rejected RCPT <info@xx.nl>: Could not complete sender verify
2004-10-15 09:33:28 H=mail.xx.com [12.x.x.xsender verify defer for <SMASTENB@xx.com>: host lookup did not complete

what does this mean?

Exim, by default, makes sure a sender domain exists, as if it doesn't, the email is probably spam.

if it can't find xx.com, it can't presume that it doesn't exist, because the problem could be that DNS is temporarily down, or there could be a problem on the 'net. So it sets it aside and tries again later.

Jeff

I've just updated the SpamBlockd exim.conf file; the new one can be found at:

http://www.nobaloney.net/downloads/spamblocker/DirectAdmin/

and includes the addition of the xbl.spamhaus list, and also a new blacklist for blocking email by hostname or IP#.

Read the original post in this thread for more information.

Jeff

Thank you!

You're welcome <blush>.

Next on the list is adding support for SMA over port 587 (see RFC 2476 (http://www.faqs.org/rfcs/rfc2476.html)) so you can offer SMTP AUTH (and only SMTP AUTH) over port 587 to users who need to use your mail server but who's ISPs block port 25.

Jeff

my whitelist_from seems doesn't work

I always get this log like
2004-11-09 16:33:09 H=ms2.epaper.com.tw [211.20.188.72] F=<epaper@msx.epaper.com.tw> rejected RCPT <james@fuche.com.tw>: to unblock ms2.epaper.com.tw at sbl.spamhaus.org see http://www.spamhaus.org/SBL/sbl.lasso?query=SBL12186

whitelist_from file is like this
epaper@msx.epaper.com.tw
ms*.epaper.com.tw

it doen't work,

my exim.conf setting is

domains = +use_rbl_domains
# only smtp.dnsbl.sorbs.net = 127.0.0.5
dnslists = sbl.spamhaus.org : \
relays.ordb.org : \
dnsbl.sorbs.net=127.0.0.5

why the whitelist don't work?

another question, the new exim.conf use
sbl-xbl.spamhaus.org to be RBL,
but it include too much IP, and if my client is on the list , he can't use his own mail account to send mail.
because the setting doen't allow authenticated user?
and only
domains =+use_rbl_domains
!authenticated = *
# dnslists not including spam.dnsbl.sorbs.net
dnslists = bl.spamcop.net : \
dnsbl.njabl.org : \
cbl.abuseat.org : \
dnsbl.sorbs.net!=127.0.0.6
will allow authenticated user?
because it set !authenticated = * ???

whitelist_from looks at the email address the server is using to connect; the "mail from" address.

EDIT 11/30/04:

The above statement is in error; I don't recall why I was thinking it at the time.

The whitelist_from needs to have the canonical name or IP address of the sending server to be whitelisted. Full instructions are in the exim.conf file, and below in a post I wrote dated 11/30/40.

Our tests show it works, but we'll be happy to test further once a few more people have replied to this thread telling us of their experiences.

Our experience has been that sbl-xbl.spamhaus.org works well for us without making exceptions for our own (authenticated) users, but you can of course move it.

After the first issue is resolved we'll bring out our next version, and we'll move sbl-xbl.spamhaus.org to the section that bypasses checking for known authenticated senders.

You can do it yourself first, if you'd like.

If you make any changes to exim.conf be sure to restart exim afterwards.

Jeff

Originally posted by jlasman
whitelist_from looks at the email address the server is using to connect; the "mail from" address. Our tests show it works, but we'll be happy to test further once a few more people have replied to this thread telling us of their experiences.

I've updated to the latest version (two weeks ago) and last night came across my first problem. Our client had sent out a competition newletter and last night was the deadline for the winners to contact them. According to the client alot of the emails seemed not to be getting through to them... so I checked the rejectlog and noticed that the majority of blocks were being made on one isp: ntlworld.com (uk isp provider).

One of the winners used my 'remove me from your spam list' form to contact me and I added his email address to the whitelist. I emailed back to ask him to contact our client again but he was still being rejected by exim?

This is a snippet of our log file:

Legend: "<AT> = @"

2004-11-29 22:03:15 H=mailhost.ntl.com (mta05-winn.mailhost.ntl.com) [212.250.162.8] F=<a.westerman1<AT>ntlworld.com> rejected RCPT <amber<AT>iofilm.co.uk>: to unblock mailhost.ntl.com see http://www.launchsite.co.uk/contact/email.php

Other blocks:


2004-11-29 17:02:18 H=mailhost.ntl.com (mta13-winn.mailhost.ntl.com) [212.250.162.8] F=<flaxmers<AT>ntlworld.com> rejected RCPT <amber<AT>iofilm.co.uk>: to unblock mailhost.ntl.com see http://www.launchsite.co.uk/contact/email.php


2004-11-29 16:56:47 H=mailhost.ntl.com (mta09-winn.mailhost.ntl.com) [212.250.162.8] F=<p.trickett<AT>ntlworld.com> rejected RCPT <amber<AT>iofilm.co.uk>: to unblock mailhost.ntl.com see http://www.launchsite.co.uk/contact/email.php

Our Whitelist:

a.westerman1<AT>ntlworld.com

Eventually I had to remove the clients domain from the "use_rbl" file so that the competition winners could progress.

regards

Jon

Jon,

I've tested the whitelist_from function and it appears to work properly for me.

It appears you're using whitelist_from incorrectly.

Here's the instructions for whitelist_from, taken from the exim.conf file:
# 3) Add a file /etc/virtual/whitelist_from #
# This file should contain the fully-qualified hostnames or IP#s #
# of servers that you DO want to be able to get email from even #
# if they're otherwise caught by blocklists. Your own domain #
# need not be listed here to enable you to get unblock requests, #
# whitelisting of email to your "errors" address will be handled #
# separately, below. #

Here are some further comments on whitelisting, from further down in the exim.conf file:
# You'll need the full name of their server to unblock them, by #
# putting the server name into the /etc/virtual/whitelist_from #
# file. There are two ways you can get this information: #
# #
# 1) You can create a form that will ask them for the address #
# they're trying to reach, the address they're sending the email #
# from, and the canonical name of their email server. Since they #
# may not know the name of their email server, this must be #
# optional, and if they leave it blank you'll have to find their #
# attempt to send email in your exim /var/log/exim/rejectlog file #
# and get the name of the server from there. #
# #
# 2) You can ask them to send you an email from the same address #
# that they were blocked from, but to (for example) #
# "errors@example.com" (but changing it to an address you want to #
# use, at one of your domains). When they send you the email you #
# should be able to find the name of their server in the headers #
# of the incoming email. #
# #
# Either way, you'll need to put the canonical name of their #
# nameserver into your /etc/virtual/whitelist_from file. #

I previously wrote:
whitelist_from looks at the email address the server is using to connect; the "mail from" address.
That's an error in thinking on my part when I wrote the post :( .

I'll edit it now.

Jeff

Should this have been in the whitelist_from file instead:

mailhost.ntl.com

regards

Jon

If that's what the reverse DNS of the IP# refers to, then yes.

Jeff