I'm looking to install "no listing and greylisting" to prevent spams. Using Spamblocker2 but so much spams for the past 2-3 days. Need to move a step further. I'm using exim.

There is no good howto on grey listing and its not supported by Spamblocker 2.

Nolisting is easy. Google "nolisting" and follow the wikipedia guide.

You're using spamblocker 2? Just to make sure, Spamblocker is nothing but the exim.conf file and exim.pl to it right? I'm newbie on this matter. Been running my server for few years but suddenly so much spams since last firday passing through. :( Don't know if I have to do something in the exim.conf either.

Its the exim.conf file that jlasman modified and is the official version that DA distributes. But to use it to block spam you have to put the domains you want protected in /etc/virtual/use_rbl_domains or deleted it and create a symlink for it to /etc/virtual/domains.

You also should modify the deny messages in it to point to your web site instead of example.com

Wow this is new to me :)

you put basically the list of domains on our server into /etc/virtual/use_rbl_domains and this is the list of domains under protection? Wow, my list is empty right now :(

If its empty then you have never benefited from using SpamBlocker.

Its good to read the forums every day. Amazing what we learn.

Tried to find a HOWTO but nothing I could pin on to do it right.

I'm really not a wis to do a symbolic link. Can you outline me the syntax?

Many thanks!

rm /etc/virtual/use_rbl_domains
ln -s /etc/virtual/domains /etc/virtual/use_rbl_domains

Cool! this way I won't need to recreate/update the file everything new client comes over.

So I've updated the list and now, let's wait and see :) Thanks!

Did you also change the deny messages in exim.conf and then restart exim? If you change the deny messages to something unique to you then you can easily grep the exim log for those messages and know how many emails were rejected.

1) I've changed the www.example.com to ... www.<mydomain>.com
Any particular thing I should put there or this should be fine?

2) yes I did a /sbin/service exim restart

Any good?

You should have it point to a page on your web site about to get delisted or how to get whitelisted with your server.

Just looking at the rejectlog of exim from directadmin, lots of them since I've changed the www.example.com into mine and explanation is there. Very cool! :rolleyes:

true. I will do something about it. Long due :)

I'm checking on the paniclog of exim and it says...

2009-07-07 16:05:27 failed to open /etc/virtual/use_rbl_domains for linear search: No such file or directory

I think started after I did the symbolic link. Normal?

you didnt do it right then.

Post output of:

ls -l /etc/virtual/use_rbl_domains

Correct. I didn't. Luckily I felt with this thread's enthusiast. Much to thank! Now it seems to do well. I still don't know how I would have done it. Got to see if any documentation on spamblocker readme.

http://www.nobaloney.net/downloads/spamblocker/DirectAdminSpamBlocker2/ReadMe.SpamBlocker.exim.conf.2.1.1.txt

lrwxrwxrwx 1 root root 20 Jul 7 16:05 /etc/virtual/use_rbl_domains -> /etc/virtual/domains

Maybe error when I was opening the file before? Nothing since 16:05. now it's 16:54.

Shold I still go to do a "nolisting" theory?

The log entry was probably after removing the old file and before creating the link.

OMG... I'm bad :( I'll read and make sure everything is correct. Many thanks!

Shold I still go to do a "nolisting" theory?

I would and do.

thank you floyd! You just help many on filtering spam mails! Thank you!

I have right now...

ftp A xxx.xxx.xxx.11
domain.com. A xxx.xxx.xxx.11
localhost A 127.0.0.1
mail A xxx.xxx.xxx.11
ns1.domain.com. A xxx.xxx.xxx.11
ns2.domain.com. A xxx.xxx.xxx.12
pop A xxx.xxx.xxx.11
www A xxx.xxx.xxx.11
domain.com. NS ns1.domain.com.
domain.com. NS ns2.domain.com.
mail MX 10
domain.com. TXT "v=spf1 a mx ip4:xxx.xxx.xxx.11 ?all"

do I just change to...

none1.domain.com MX 10
mail.domain.com MX 20
none2.domain.com MX 30

where I just leave none1 and none2 without any A record to point to no where?

I have everything in the same box. everyone is sharing xxx.xxx.xxx.13 for their hosting.

Any good of the above?

where I just leave none1 and none2 without any A record to point to no where?



The have to have valid A records pointing to valid ip addresses. But those ip addresses should not be listening on port 25.

Possible to outline me the syntax to close the port 25? I'll forward both none1 and none2 to IP xxx.xxx.xxx.14 (which is free, no one using it). Need to close that port 25 on it. something in iptables???

iptables -I INPUT -i eth0 -s xxx.xxx.xxx.14 -p tcp --dport 25 - j DROP

Would this be good?

Where do we edit so that it can be set everytime we restart the machine?

Read the information at http://www.nolisting.org

There's sample iptables code there.

To make sure it starts every time you restart the server put it (on it's own line) in your server's rc.local file.

Jeff

So, all a spammer has to do is do 2 passes, one for each MX or go straight for the 2nd MX...
Is this happening?

So? Its not meant to be 100% fool proof but it will discourage some automated bots from sending you junk. Usually when scanning netblocks when an ip doesnt respond to the port open request it will just go to the next ip address instead. I think its worth it as a step to remove some spam.

It should reduce alot. I still haven't got a chance to change it yet :(

It works surprisingly well...I mostly get wrong FQDN in my logs now and the occasional blocklist hit.