Hey,

Jeff & Co. do you know what the best RBL lists are to include in exim configuration, am getting a lot of relay attempts, and a bit of spam to some domains, an looking into putting some RBL's in the exim configuration, but don't know which to use.

Rgds,

Hi Chris,

Spamhaus is an excellent RBL to use. Anyone listed there is pretty much guaranteed to be a spammer, or originate from a well known spam based netblock.

SORBS is horrible, as they will permanently blacklist servers at their own discretion and demand payment for removal.

SpamCop is decent. They can be a headache for an administrator, but end users seem to really like them.

That's great, i'll give that a try now and put them into force.

I already have heavy filters on my own domain as listed in my Sig, but client domains are yet to be protected by RBL's.

Just confirming, is this correct Jeff;

Never too sure with RBL's as just the slight bit wrong and it'll kill all mail;

accept hosts = :

deny dnslists = sbl-xbl.spamhaus.org
message = MailServer Rejected SpamHaus BlockList

That's all i have put in there for now.

You'll need to check the Exim documentation at exim.org, and/or consult the searchable Exim mailing list archives for detailed information on Exim.

From what I can tell, this:


deny dnslists = sbl-xbl.spamhaus.org


should be this:


dnslists = sbl-xbl.spamhaus.org




and this:


message = MailServer Rejected SpamHaus BlockList


should be this:


deny message = MailServer Rejected SpamHaus BlockList


or, alternately, this:


deny message = Message rejected because $sender_fullhost \
is blacklisted at $dnslist_domain see $dnslist_text

Here's a piece of the /etc/exim.conf from one of our servers that contains the lines you mentioned above. I think this will help.



begin acl



#!!# ACL that is used after the RCPT command
check_recipient:
# Exim 3 had no checking on -bs messages, so for compatibility
# we accept if the source is local SMTP (i.e. not over TCP/IP).
# We do this by testing for an empty sending host field.
accept hosts = :

#**#
#**# RBL List Begin
#**#
#
# Always accept mail to postmaster & abuse for any local domain
#
accept domains = +local_domains
local_parts = postmaster:abuse
#
# Check sending hosts against DNS black lists.
# Accept all locally generated messages
# Reject message if address listed in blacklist.
deny message = Message rejected because $sender_fullhost \
is blacklisted at $dnslist_domain see $dnslist_text
!hosts = +relay_hosts
!authenticated = *
dnslists = sbl-xbl.spamhaus.org
#**#
#**# RBL List End
#**#

Sorted, i placed your last piece of configuration in, and rebooted exim, should work fine.

Thanks Jeff!

Good deal Chris, very glad to hear it. You might want to cd /var/log ; tail -f exim_mainlog exim_rejectlog exim_paniclog to see how well it's all working out.

Seems to of worked Jeff, had a peep in the logs and there are lines upon lines of the RBL rule stopping mails, i checked the senders and they were indeed dodgy, had no complaints as of yet, but did alert clients to the change.

They seem happy now, less spam for everyone!