They can be a very powerful tool in the war on spam, but they can also cause you headaches. You can think of them as the “nuclear option” or “the last resort” if you wish.
Before you implement DNSBL checks at the SMTP level you need to check and doublecheck how the blacklist you are considering works. Please please please check this and check it again.
On my personal mail server, which isn’t running Mailscanner, I rely almost entirely on two things to keep spam out:
- Greylisting
- DNSBLs
Yes I do get some spam, but not enough for me to be overly concerned. I think I get about 2 spam emails a day on average.
In any case if you want to add DNSBLs into exim these are the basic steps that you could / should follow.
You will need to edit exim.conf, so make sure you have a backup first:
cp exim.conf exim.conf.backup
Once you have got your backup you will then need to add in the DNSBLs you want to use.
In exim.conf there should be a section labelled “ACLs”, which might be around line 300 (or thereabouts).
This section basically controls what or who has access to your SMTP and how to treat mails.
We added in a couple of basis blocks after the first set:
#nuclear customisation to take load off
deny
dnslists = sbl-xbl.spamhaus.org
message = $sender_host_address is listed in $dnslist_domain\
${if def:dnslist_text { ($dnslist_text)}}
So in the example above we’re blocking based on SpamHaus’ sbl-xbl list.
There may have been other customisations, but that’s the main one.
NB: This will also stop users from accessing your SMTP to send mail if their IPs are listed.
Someone asked me to post this example. It may work. It may not. The information is provided as is in good faith. YMMV
Leave a Reply