Spamlists and exim4?

Alright, I'll have to admit it guys. I'm a noob when it comes to exim. I like the robustness and everything of it, but getting certain simple things to work is a little more complicated than I was used to.

I used http://koivi.com/exim4-config/ to configure my exim4 with spamassassin and clamav. This works well. My spamassassin filters thousands of spam a day well.

Now I need some further protection. Help? :P

Anyone got any howtos on how to configure exim4 to use the popular spamlists etc? Or what are some good ones etc? Mail isn't something I play with too often, and spam was never that much of an issue for myself, but since I'm moving more and more people to my box, i'd like to limit the spam.

6 Replies

I used my super Linode admin powers to see that you are using Debian.

If you are using the split config file method for exim4, the config file you want will be /etc/exim4/conf.d/acl/30exim4-configcheck_rcpt

For monolithic configs search for the string:

### acl/30_exim4-config_check_rcpt" in /etc/exim4/exim4.conf.template

Scroll down until you find this comment:

# Accept mail to postmaster in any local domain, regardless of the source,
# and without verifying the sender.

You want to add your DNSBL checking below this check. This will allow inadvertently blocked legitimate senders to send a message to postmaster@yourdomain requesting that their IP be white-listed.

The configuration of a DNSBL check looks like this:

deny
  message  = $sender_host_address listed by $dnslist_domain\n$dnslist_text
  dnslists = cbl.abuseat.org : bl.spamcop.net : dynamic.spamlists.tqmcube.com : dnsbl.sorbs.net=127.0.0.10
  !hosts= ${if exists{CONFDIR/dnsbl_exceptions}\
              {CONFDIR/dnsbl_exceptions}\
              {}}

I this case, 4 lists are checked. Any positive responses from the first three are used. The fourth is an aggregate list and I, personally, only care about one of the reasons to be listed in this aggregate list. 127.0.0.10 is returned if the IP is on Sorbs's dynamic/generic rDNS list. The "=127.0.0.10" means that only positive responses with this IP will be used for this list.

The last bit provides a mechanism for exempting IPs from DNSBL lists. If /etc/conf.d/dnsbl_exceptions exists, it is checked for the remote host's IP or network.

mikegrb, you're the man. =)

Thanks much.

With this complete, I can go ahead and move mail back to my linode and off of my personal server at my work.

:)

edit: Worked excellent on my personal server at work.

Spamassassins load went down significantly with mail being rejected instead of scanned and marked spam.

If it wasnt 5:30 am, i'd buy you a taco Mike! (Dont ask… i donated once to another project and the admin was just like "woot thanks bez you just got me a taco!" so it stuck.)

Mike, what is the format of dnsbl_exceptions ?

Single line per entry with IPs in any format exim normally understands, e. g., full IP address or CIDR form as in 67.18.92.0/24. It may also accept 67.18.92.* but I'm not sure about that one.

I've been using the exim / dnsblacklists setup suggested by mikegrb for quite a while now, and it works great (thanks mikegrb). The only problem is occasionally gmail / hotmail / etc get some of their servers blacklisted, which means I lose real mail.

Does anyone have a dnsbl_exceptions example which would prevent the main mail hosts from being denied ? Or is there a site which lists the main mail hosts ?

Here is my dnsbl_exceptions:

(I added the comments - not sure if they are allowed in the file):

66.35.250.225 # lists-outbound.sourceforge.net

66.94.237.35 # yahoo.com host

209.73.160.90 # another yahoo.com host

64.233.182.0/24 # Gmail

64.233.166.0/24 # Gmail

66.163.187.0/24 # Yahoo

193.252.22.0/24 # Wanadoo (freeserve)

64.4.56.0/24 # Hotmail

65.54.246.0/24 # Hotmail

These are just addresses I gathered from rejections in exim's log file.

Thanks,

Graham.

I also suggest using greylisting with exim; on debian, apt-get install greylistd and it even offers to update your configuration for you.

You need to be aware of how greylisting works (introducing a delay for each first-time mail delivery and automatically allowing subsequent retries) or you'll be baffled by "why did my email take so long to arrive?" questions. In return, I saw a huge decrease in spam, from 200 a day to about 40. It's also a very lightweight technique so it's ideal to be used in front of content scanning techniques such as bayesian or heuristic scanners.

Finally, it's a great first line of protection; usually a first attempt from a spammer gets greylisted and by the time it retries (if at all), it's already on one of the RBLs so you don't get it at all.

Reply

Please enter an answer
Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Community Code of Conduct