Adding DNSBLs Into Exim

It's only fair to share...Share on Facebook0Share on Google+0Tweet about this on Twitter0Share on LinkedIn0


I've mentioned DNS blacklists several times in the past.

They can be a very powerful tool in the war on spam, but they can also cause you headaches. You can think of them as the "nuclear option" or "the last resort" if you wish.

Before you implement DNSBL checks at the SMTP level you need to check and doublecheck how the blacklist you are considering works. Please please please check this and check it again.

On my personal mail server, which isn't running Mailscanner, I rely almost entirely on two things to keep spam out:

  1. Greylisting
  2. DNSBLs

Yes I do get some spam, but not enough for me to be overly concerned. I think I get about 2 spam emails a day on average.

In any case if you want to add DNSBLs into exim these are the basic steps that you could / should follow.

You will need to edit exim.conf, so make sure you have a backup first:

cp exim.conf exim.conf.backup

Once you have got your backup you will then need to add in the DNSBLs you want to use.

In exim.conf there should be a section labelled "ACLs", which might be around line 300 (or thereabouts).
This section basically controls what or who has access to your SMTP and how to treat mails.
We added in a couple of basis blocks after the first set:
#nuclear customisation to take load off
    dnslists    =
    message     = $sender_host_address is listed in $dnslist_domain\
                  ${if def:dnslist_text { ($dnslist_text)}}

So in the example above we're blocking based on SpamHaus' sbl-xbl list.

There may have been other customisations, but that's the main one.

NB: This will also stop users from accessing your SMTP to send mail if their IPs are listed.
Someone asked me to post this example. It may work. It may not. The information is provided as is in good faith. YMMV

It's only fair to share...Share on Facebook0Share on Google+0Tweet about this on Twitter0Share on LinkedIn0

Related Posts:

, , , ,

2 Responses to Adding DNSBLs Into Exim

  1. Colm MacCarthaigh August 28, 2007 at 10:54 am #

    Hmmmm, this configuration relies on distribution-specific layouts of exim.conf, it will have easily have zero effect on many exim configurations.
    It’s critical that the lines be within a defined ACL. Ideally I would use the check-connect acl, so:
    acl_smtp_connect = acl_check_connect
    begin acl

    dnslists = : +exclude_unknown
    message = $sender_host_address is listed in $dnslist_domain\
    ${if def:dnslist_text { ($dnslist_text)}}
    This way the check happens as early as possible, to avoid the connection wasting CPU. Of course if you want to continue to accept postmaster mail from anywhere, you need to put it in something as late as the RCPT filter.

  2. Michele Neylon September 5, 2007 at 8:49 am #

    Sorry – I should have been more specific. The config section I posted would be relevant to anyone using Exim installed via DirectAdmin, so it wouldn’t be of much use to a vanilla install

Leave a Reply

Notify me of followup comments via e-mail. You can also subscribe without commenting.

Powered by WordPress. Designed by WooThemes