Mailing List Archive: need urgent help with exim 4 and RBL ?

need urgent help with exim 4 and RBL ?

Jun 11, 2002, 6:14 PM

Post #1 of 4 (555 views)

hi,

i need help with useing RBLs and exim 4, i want to stop relaying .....
i put

hostlist relay_from_hosts = ! ${lookup pgsql{SELECT host FROM
host_blacklist where aktiv=1 group by host}{$value}fail}
acl_smtp_rcpt = acl_check_rcpt

in the mainsection
and

acl_check_rcpt:

# accept hosts = :
deny local_parts = ^.*[@%!/|]
message = invalid characters in local part

accept local_parts = postmaster
domains = +local_domains
require verify = sender

accept domains = +local_domains
endpass
message = unknown user
verify = recipient

accept domains = +relay_to_domains
endpass
message = unrouteable adress
verify = recipient

deny senders = :
deny dnslists = blackholes.mail-abuse.org
message = rbltest

accept hosts = +relay_from_hosts

#senders ="${lookup pgsql{select adr from account where
adr is not null}}"
verify = sender

accept authenticated = *
deny message = relay not permitted

in the acl-section of exim, but i dont know if it works.... spammers
still relaying, my server is also listed now :(( how can i stop
spamming? i thought acl and rbl was the right way, but it doesnt work
for me....please please please help!

...and senders with an empty from-field <> are also relayed :(( how can
i stop this?

i read so many howtos, docs and manpages, but im very confused now,
.....

volker

Re: need urgent help with exim 4 and RBL ? [ In reply to ]

djc at microwave

Jun 11, 2002, 6:33 PM

Post #2 of 4 (544 views)

Permalink

On Wed, 12 Jun 2002, volker augustin wrote:

> hi,
>
> i need help with useing RBLs and exim 4, i want to stop relaying .....
> i put
>
> hostlist relay_from_hosts = ! ${lookup pgsql{SELECT host FROM
> host_blacklist where aktiv=1 group by host}{$value}fail}
> acl_smtp_rcpt = acl_check_rcpt
>
> in the mainsection
> and
>
> acl_check_rcpt:
>
> # accept hosts = :
> deny local_parts = ^.*[@%!/|]
> message = invalid characters in local part
>
> accept local_parts = postmaster
> domains = +local_domains
> require verify = sender
>
> accept domains = +local_domains
> endpass
> message = unknown user
> verify = recipient
>
> accept domains = +relay_to_domains
> endpass
> message = unrouteable adress
> verify = recipient
>
> deny senders = :

You dont want this one This will prevent bounce messages from being
delivered.

> deny dnslists = blackholes.mail-abuse.org
> message = rbltest
>
> accept hosts = +relay_from_hosts
>
> #senders ="${lookup pgsql{select adr from account where
> adr is not null}}"
> verify = sender
>
> accept authenticated = *
> deny message = relay not permitted
>
> in the acl-section of exim, but i dont know if it works.... spammers
> still relaying, my server is also listed now :(( how can i stop
> spamming? i thought acl and rbl was the right way, but it doesnt work
> for me....please please please help!
>
> ...and senders with an empty from-field <> are also relayed :(( how can
> i stop this?

An empty envelope sender is an indication of a bounce. You do NOT want
to reject messages on that criteria.

> i read so many howtos, docs and manpages, but im very confused now,

Start over with a simpler ACL.

Get rid of your MYSQL stuff, and see if it works without that. (Eg, just
list your IP networks directly in the ACL. Be sure to only list YOUR IP
networks, that you own/control.

Be sure to HUP (or restart) the exim daemon after making changes to your
config file, so that it will see the changes.

If that works, then your MYSQL query is probably hosed and you can start
debugging there..

> .....
>
> volker
>
>
>
> --
>
> ## List details at http://www.exim.org/mailman/listinfo/exim-users Exim details at http://www.exim.org/ ##
>
>

--

Re: need urgent help with exim 4 and RBL ? [ In reply to ]

v.augustin at multiartstudio

Jun 11, 2002, 7:16 PM

Post #3 of 4 (545 views)

Permalink

THANKS!! :)

"Dave C." wrote:

> > > > acl_check_rcpt:
> > > >
> > > > # accept hosts = :
>
> This is ok. You can un-comment this. This allows the message through if
> its not coming from
> outsite your host (eg, some local process does exim -bs or something)
>

ok

>
>
> > but how can i test if a host is blacklisted and this acl is working?
>
> Actually, all of the mail-abuse.org lists are 'by-subscription-only', so
> unless you signed a controct with them, this particular one will surely
> not work.
>
> You dont expect RBL's to prevent you from being an open relay do you?
>

ups ;) ok , that would explain it

>
> > > >
> > > > ...and senders with an empty from-field <> are also relayed :(( how can
> > > > i stop this?
> > >
> > > An empty envelope sender is an indication of a bounce. You do NOT want
> > > to reject messages on that criteria.
> > >
> >
> > hmmmm, but spam is send by this way? or isnt it? in a previous message i posted some of this spam, what i see
> > was:
>
> Very little. (Eg, I have never seen any)
>
> >
> > some messageid... <== <>
> >
> > and then it was relayed to so many addresses.......
>
> Were those addresses in your local domains?

hmmmm, maybe it could be that postgres will return also a NULL value ?! (thats only a thought)... i dont really
think so.

> Was the sender host in your
> relay_from_hosts?

no, i tried this, but then it seems my server would not relay to local-domains.... i played around with it, set
relay_from_hosts to ' ! my.dialup.ip.address' and was denied.

could there be an error in the statement
relay_from_hosts = ! some.host.tobe.blocked ?
does exim know what i mean with that?

> Those are the two checks that control relaying. Your
> confiiguration should require at least one of those conditions to be
> true (or authentication) to accept the message.
>
> The empty sender is not what allowed it to be relayed. Something else
> wrong n your configuration did.
>
> You might try this:
>
> exim -d+acl -bh 1.2.3.4
>
> That will run an fake SMTP session as if it came from host 1.2.3.4
>
> And then do:
>
> HELO whatever
> mail from: fake_address_1231212@aol.com
> rcpt to: fake_address356345@aol.com
>
> You SHOULD get a deny at this point. If not, the debugging output that
> -d+acl gives you should be able to explain why not..
>

i will try out :) still walking through the debug output.....

thanks a lot !!!

volker

>
> > > Get rid of your MYSQL stuff, and see if it works without that. (Eg, just
> > > list your IP networks directly in the ACL. Be sure to only list YOUR IP
> > > networks, that you own/control.
> > >
> >
> > ok, thats working now.

Re: need urgent help with exim 4 and RBL ? [ In reply to ]

dsh8290 at rit

Jun 11, 2002, 9:57 PM

Post #4 of 4 (538 views)

Permalink

--
On Wed, Jun 12, 2002 at 04:16:02AM +0200, volker augustin wrote:
| "Dave C." wrote:

| > > some messageid... <== <>
| > >
| > > and then it was relayed to so many addresses.......
| >
| > Were those addresses in your local domains?
|
| hmmmm, maybe it could be that postgres will return also a NULL value
| ?! (thats only a thought)... i dont really think so.

A NULL sender should only occur with DSN (Delivery Status
Notification) messages, and perhaps some other (eg vacation)
autoresponses. You should basically treat it like any other sender --
accept the message if it is for a valid recipient in your domain and
reject it otherwise.

| > Was the sender host in your relay_from_hosts?
|
| no, i tried this, but then it seems my server would not relay to
| local-domains.... i played around with it, set relay_from_hosts to '
| ! my.dialup.ip.address' and was denied.

What was denied from where to where? There are lots of variables that
decide whether or not the connection is denied. If you set
relay_from_hosts = ! my.own.ip.address
and tried connecting via _that_ address, you would be denied relaying.
However, if you connect from any _other_ address, relaying would be
allowed. See below.

| could there be an error in the statement
| relay_from_hosts = ! some.host.tobe.blocked ?

Yes.

| does exim know what i mean with that?

No.

What you've said there is "any host _but_ that one host can relay".
The list ends with an implicit "*" otherwise nothing would ever be in
the list and writing it would be pointless.

What I'm saying is
relay_from_hosts = ! some.host.tobe.blocked
is the same as
relay_from_hosts = ! some.host.tobe.blocked : *
and you really don't want that '*' in there!

HTH,
-D

--

The truly righteous man attains life,
but he who pursues evil goes to his death.
Proverbs 11:19

Jabber ID : dman@dman.ddts.net
GnuPG key : http://dman.ddts.net/~dman/public_key.gpg
--
[ Content of type application/pgp-signature deleted ]
--