Spamlists and exim4?
I used
Now I need some further protection. Help?
Anyone got any howtos on how to configure exim4 to use the popular spamlists etc? Or what are some good ones etc? Mail isn't something I play with too often, and spam was never that much of an issue for myself, but since I'm moving more and more people to my box, i'd like to limit the spam.
6 Replies
If you are using the split config file method for exim4, the config file you want will be /etc/exim4/conf.d/acl/30exim4-configcheck_rcpt
For monolithic configs search for the string:
### acl/30_exim4-config_check_rcpt" in /etc/exim4/exim4.conf.template
Scroll down until you find this comment:
# Accept mail to postmaster in any local domain, regardless of the source,
# and without verifying the sender.
You want to add your DNSBL checking below this check. This will allow inadvertently blocked legitimate senders to send a message to postmaster@yourdomain requesting that their IP be white-listed.
The configuration of a DNSBL check looks like this:
deny
message = $sender_host_address listed by $dnslist_domain\n$dnslist_text
dnslists = cbl.abuseat.org : bl.spamcop.net : dynamic.spamlists.tqmcube.com : dnsbl.sorbs.net=127.0.0.10
!hosts= ${if exists{CONFDIR/dnsbl_exceptions}\
{CONFDIR/dnsbl_exceptions}\
{}}
I this case, 4 lists are checked. Any positive responses from the first three are used. The fourth is an aggregate list and I, personally, only care about one of the reasons to be listed in this aggregate list. 127.0.0.10 is returned if the IP is on Sorbs's dynamic/generic rDNS list. The "=127.0.0.10" means that only positive responses with this IP will be used for this list.
The last bit provides a mechanism for exempting IPs from DNSBL lists. If /etc/conf.d/dnsbl_exceptions exists, it is checked for the remote host's IP or network.
Thanks much.
With this complete, I can go ahead and move mail back to my linode and off of my personal server at my work.
edit: Worked excellent on my personal server at work.
Spamassassins load went down significantly with mail being rejected instead of scanned and marked spam.
If it wasnt 5:30 am, i'd buy you a taco Mike! (Dont ask… i donated once to another project and the admin was just like "woot thanks bez you just got me a taco!" so it stuck.)
Does anyone have a dnsbl_exceptions example which would prevent the main mail hosts from being denied ? Or is there a site which lists the main mail hosts ?
Here is my dnsbl_exceptions:
(I added the comments - not sure if they are allowed in the file):
66.35.250.225 # lists-outbound.sourceforge.net
66.94.237.35 # yahoo.com host
209.73.160.90 # another yahoo.com host
64.233.182.0/24 # Gmail
64.233.166.0/24 # Gmail
66.163.187.0/24 # Yahoo
193.252.22.0/24 # Wanadoo (freeserve)
64.4.56.0/24 # Hotmail
65.54.246.0/24 # Hotmail
These are just addresses I gathered from rejections in exim's log file.
Thanks,
Graham.
You need to be aware of how greylisting works (introducing a delay for each first-time mail delivery and automatically allowing subsequent retries) or you'll be baffled by "why did my email take so long to arrive?" questions. In return, I saw a huge decrease in spam, from 200 a day to about 40. It's also a very lightweight technique so it's ideal to be used in front of content scanning techniques such as bayesian or heuristic scanners.
Finally, it's a great first line of protection; usually a first attempt from a spammer gets greylisted and by the time it retries (if at all), it's already on one of the RBLs so you don't get it at all.