Aug 28

Adding DNSBLs Into Exim

by in MailScanner, Spam Filtering

smallmailscannerlogo.gif

I've mentioned DNS blacklists several times in the past.

They can be a very powerful tool in the war on spam, but they can also cause you headaches. You can think of them as the "nuclear option" or "the last resort" if you wish.

Before you implement DNSBL checks at the SMTP level you need to check and doublecheck how the blacklist you are considering works. Please please please check this and check it again.

On my personal mail server, which isn't running Mailscanner, I rely almost entirely on two things to keep spam out:

  1. Greylisting
  2. DNSBLs

Yes I do get some spam, but not enough for me to be overly concerned. I think I get about 2 spam emails a day on average.

In any case if you want to add DNSBLs into exim these are the basic steps that you could / should follow.

You will need to edit exim.conf, so make sure you have a backup first:

cp exim.conf exim.conf.backup

Once you have got your backup you will then need to add in the DNSBLs you want to use.

In exim.conf there should be a section labelled "ACLs", which might be around line 300 (or thereabouts).
This section basically controls what or who has access to your SMTP and how to treat mails.
We added in a couple of basis blocks after the first set:
#nuclear customisation to take load off
deny
    dnslists    = sbl-xbl.spamhaus.org
    message     = $sender_host_address is listed in $dnslist_domain\
                  ${if def:dnslist_text { ($dnslist_text)}}

So in the example above we're blocking based on SpamHaus' sbl-xbl list.

There may have been other customisations, but that's the main one.

NB: This will also stop users from accessing your SMTP to send mail if their IPs are listed.
Someone asked me to post this example. It may work. It may not. The information is provided as is in good faith. YMMV

Related Posts:

Tags: , , , ,

2 Responses to “Adding DNSBLs Into Exim”

  1. From Colm MacCarthaigh:

    Hmmmm, this configuration relies on distribution-specific layouts of exim.conf, it will have easily have zero effect on many exim configurations.
    It’s critical that the lines be within a defined ACL. Ideally I would use the check-connect acl, so:
    acl_smtp_connect = acl_check_connect
    begin acl

    acl_check_connect:
    deny
    dnslists = sbl-xbl.spamhaus.org : +exclude_unknown
    message = $sender_host_address is listed in $dnslist_domain\
    ${if def:dnslist_text { ($dnslist_text)}}
    This way the check happens as early as possible, to avoid the connection wasting CPU. Of course if you want to continue to accept postmaster mail from anywhere, you need to put it in something as late as the RCPT filter.

    Posted on August 28, 2007 at 10:54 am #
  2. From Michele Neylon:

    Colm
    Sorry – I should have been more specific. The config section I posted would be relevant to anyone using Exim installed via DirectAdmin, so it wouldn’t be of much use to a vanilla install
    Michele

    Posted on September 5, 2007 at 8:49 am #

Leave a Reply

Notify me of followup comments via e-mail. You can also subscribe without commenting.

css.php