Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. exim>
  3. users
Help with rejecting hosts problems
woodbri at swoodbridge
May 21, 2002, 12:43 PM
Post #1 of 6 (691 views)
Permalink
Hi all,

I have had Exim 3.3 running great for over a year and just started
getting clobbered with spam. So I added a few RBL's (see below) which
worked great but some stuff still gets through so I created an
additional list file that I can add IP or host names to as spam comes in
like:

host_lookup = *
host_reject = /etc/exim/host_deny.exim
...

which seemed to work fine, but reading the documentations it seemed to
imply the for spam it was better to use:

host_reject_recipients = /etc/exim/host_deny.exim

So I changed to this, then I noticed in my logs that some sites where
getting reject that I wanted to receive mail from, so I added:

recipients_reject_except_senders = /etc/exim/host_reject_except.exim

and added the name I did not want rejected to this list. But I noticed
in my logs that I am now reject all hosts that don't resolve a dns name,
so of which I want to receive mail from. reject log messages like:

2002-05-21 15:03:58 recipients from [12.124.4.118] refused (failed to
find host name from IP address)
2002-05-21 14:00:29 recipients from icomm.ca [216.126.72.23] refused
2002-05-21 08:27:58 connection from usw-sf-fw2.sourceforge.net
[216.136.171.252] refused

Here are 3 that were refused, that I wanted. What have I done wrong?

I tried to use:

host_reject = +allow_unknown:/etc/exim/host_reject_except.exim

to override this behavior. But things just aren't working the way I
expect them to, which is the real problem. I have read the documentation
and searched the archives but I haven't been able to figure this out. So
any help would be great appreaciated.

my rbl setup is:

rbl_domains = Relays.OsiruSoft.com/reject : \
bl.spamcop.net/reject : \
relays.ordb.org/reject : \
list.dsbl.org/reject

rbl_hosts = !10.1.1.0/8:0.0.0.0/0

recipients_reject_except = postmaster@swoodbridge.com

What I would ideally like to have is:
1) an additional list of hosts that are rejected
2) an additional list of hosts that are accepted
3) any other advice and comments on a better way to deal with these
issues

Thanks and sorry for being so verbose.
Best regards,
-Steve
Re: Help with rejecting hosts problems [ In reply to ]
ph10 at cus
May 22, 2002, 2:55 AM
Post #2 of 6 (691 views)
Permalink
On Tue, 21 May 2002, Stephen Woodbridge wrote:

> host_reject = /etc/exim/host_deny.exim
> ...
>
> which seemed to work fine, but reading the documentations it seemed to
> imply the for spam it was better to use:
>
> host_reject_recipients = /etc/exim/host_deny.exim
>
> So I changed to this, then I noticed in my logs that some sites where
> getting reject that I wanted to receive mail from, so I added:
>
> recipients_reject_except_senders = /etc/exim/host_reject_except.exim

You have confused hosts with senders, I think. "Senders" refers to the
envelope senders of messages, not to hosts.

But I don't understand your logic here. If you've put sites in
host_reject_recipients, and then find you want to receive mail from
them, why don't you just take them out of the file?

> and added the name I did not want rejected to this list. But I noticed
> in my logs that I am now reject all hosts that don't resolve a dns name,
> so of which I want to receive mail from. reject log messages like:
>
> 2002-05-21 15:03:58 recipients from [12.124.4.118] refused (failed to
> find host name from IP address)

This is a common misunderstanding. The comment in parentheses is not the
reason; it is just a "by the way". (It *might* be the reason.) You can
use "exim -bh 12.124.4.118" as a way of testing why Exim is refusing.

> 2002-05-21 14:00:29 recipients from icomm.ca [216.126.72.23] refused
> 2002-05-21 08:27:58 connection from usw-sf-fw2.sourceforge.net
> [216.136.171.252] refused

A "connection refused" won't be the result of host_reject_recipients.

> What I would ideally like to have is:
> 1) an additional list of hosts that are rejected
> 2) an additional list of hosts that are accepted

Why two lists? It's not logical. What happens to hosts that are on
neither list?

Note that you can have negative items in lists. That's the usual way to
deal with exceptions.

--
Philip Hazel University of Cambridge Computing Service,
ph10@cus.cam.ac.uk Cambridge, England. Phone: +44 1223 334714.
Re: Help with rejecting hosts problems [ In reply to ]
woodbri at swoodbridge
Jun 7, 2002, 10:12 AM
Post #3 of 6 (691 views)
Permalink
Yes, I think I am confused. So let me back up and describe the problem
and hopefully someone can point me in the direction of a solution,
because mine obviously didn't work.

Spam is the problem :)
I started using RBL lists, this works great, but some hosts that I want
to get mail from are listed.

How do I make a white list of hosts I want to get mail from?
If I need to how do I make a white list of senders on hosts I want to
get mail from?

I still get spam from hosts that are not on RBL lists.

How do I make my own black list of hosts to block?
How do I over ride a black listed host for a specific sender?

This is what I was trying (un-successfully) to do below.

You guys are great and I appreciate the help everyone has provided.

-Steve

Philip Hazel wrote:
>
> On Tue, 21 May 2002, Stephen Woodbridge wrote:
>
> > host_reject = /etc/exim/host_deny.exim
> > ...
> >
> > which seemed to work fine, but reading the documentations it seemed to
> > imply the for spam it was better to use:
> >
> > host_reject_recipients = /etc/exim/host_deny.exim
> >
> > So I changed to this, then I noticed in my logs that some sites where
> > getting reject that I wanted to receive mail from, so I added:
> >
> > recipients_reject_except_senders = /etc/exim/host_reject_except.exim
>
> You have confused hosts with senders, I think. "Senders" refers to the
> envelope senders of messages, not to hosts.
>
> But I don't understand your logic here. If you've put sites in
> host_reject_recipients, and then find you want to receive mail from
> them, why don't you just take them out of the file?
>
> > and added the name I did not want rejected to this list. But I noticed
> > in my logs that I am now reject all hosts that don't resolve a dns name,
> > so of which I want to receive mail from. reject log messages like:
> >
> > 2002-05-21 15:03:58 recipients from [12.124.4.118] refused (failed to
> > find host name from IP address)
>
> This is a common misunderstanding. The comment in parentheses is not the
> reason; it is just a "by the way". (It *might* be the reason.) You can
> use "exim -bh 12.124.4.118" as a way of testing why Exim is refusing.
>
> > 2002-05-21 14:00:29 recipients from icomm.ca [216.126.72.23] refused
> > 2002-05-21 08:27:58 connection from usw-sf-fw2.sourceforge.net
> > [216.136.171.252] refused
>
> A "connection refused" won't be the result of host_reject_recipients.
>
> > What I would ideally like to have is:
> > 1) an additional list of hosts that are rejected
> > 2) an additional list of hosts that are accepted
>
> Why two lists? It's not logical. What happens to hosts that are on
> neither list?
>
> Note that you can have negative items in lists. That's the usual way to
> deal with exceptions.
>
> --
> Philip Hazel University of Cambridge Computing Service,
> ph10@cus.cam.ac.uk Cambridge, England. Phone: +44 1223 334714.
Re: Help with rejecting hosts problems [ In reply to ]
dsh8290 at rit
Jun 7, 2002, 12:30 PM
Post #4 of 6 (691 views)
Permalink
--
On Fri, Jun 07, 2002 at 01:12:23PM -0400, Stephen Woodbridge wrote:
| Yes, I think I am confused. So let me back up and describe the problem
| and hopefully someone can point me in the direction of a solution,
| because mine obviously didn't work.
|
| Spam is the problem :)
| I started using RBL lists, this works great, but some hosts that I want
| to get mail from are listed.
|
| How do I make a white list of hosts I want to get mail from?

First, use exim 4!

Make a file, eg /etc/exim/reverse-rbl
# List the IPs you want to whitelist. It's even more flexible
# than that if you do the lookup right.
192.168.0.100:

In your ACL, use something like this (untested) :

# first check the whitelist
accept hosts = net-lsearch;/etc/exim/reverse-rbl

# reject other connections from RBLed hosts
deny hosts = !+skip_rbl_hosts
dnslists = \
list.dsbl.org=127.0.0.1,127.0.0.2 : \
unconfirmed.dsbl.org : \
multihop.dsbl.org
message = X-RBL-Warning: $sender_host_address , $dnslist_domain , $dnslist_value , $dnslist_text
log_message = RBL : $sender_host_address , $dnslist_domain , $dnslist_value , $dnslist_text


| If I need to how do I make a white list of senders on hosts I want to
| get mail from?

Like above, but adjust what you do the lookup on.

| I still get spam from hosts that are not on RBL lists.

http://marc.merlins.org/linux/exim/sa.html

| How do I make my own black list of hosts to block?
| How do I over ride a black listed host for a specific sender?

Same as above. One way is to configure a zone on your local
nameserver and use it like any other RBL.


HTH,
-D

--

No harm befalls the righteous,
but the wicked have their fill of trouble.
Proverbs 12:21

GnuPG key : http://dman.ddts.net/~dman/public_key.gpg

--
[ Content of type application/pgp-signature deleted ]
--
Re: Help with rejecting hosts problems [ In reply to ]
woodbri at swoodbridge
Jun 7, 2002, 1:37 PM
Post #5 of 6 (678 views)
Permalink
Derrick 'dman' Hudson wrote:

Thank you for your response.

> --
> On Fri, Jun 07, 2002 at 01:12:23PM -0400, Stephen Woodbridge wrote:
> | Yes, I think I am confused. So let me back up and describe the problem
> | and hopefully someone can point me in the direction of a solution,
> | because mine obviously didn't work.
> |
> | Spam is the problem :)
> | I started using RBL lists, this works great, but some hosts that I want
> | to get mail from are listed.
> |
> | How do I make a white list of hosts I want to get mail from?
>
> First, use exim 4!

Arrgh, I would like to be able to do this on exim 3.33 otherwise I will
have to go through reconfiguring exim and get everything working again.
If it can't be done with 3.33, then I'll have to bite the bullet and
spend the extra few days to figure out how to upgrade.

-Steve

> | If I need to how do I make a white list of senders on hosts I want to
> | get mail from?
>
> Like above, but adjust what you do the lookup on.
>
> | I still get spam from hosts that are not on RBL lists.
>
> http://marc.merlins.org/linux/exim/sa.html
>
> | How do I make my own black list of hosts to block?
> | How do I over ride a black listed host for a specific sender?
>
> Same as above. One way is to configure a zone on your local
> nameserver and use it like any other RBL.
>
Re: Help with rejecting hosts problems [ In reply to ]
dsh8290 at rit
Jun 8, 2002, 8:21 AM
Post #6 of 6 (677 views)
Permalink
--
On Fri, Jun 07, 2002 at 04:37:55PM -0400, Stephen Woodbridge wrote:
| Derrick 'dman' Hudson wrote:
|
| Thank you for your response.
|
| > --
| > On Fri, Jun 07, 2002 at 01:12:23PM -0400, Stephen Woodbridge wrote:
| > | Yes, I think I am confused. So let me back up and describe the problem
| > | and hopefully someone can point me in the direction of a solution,
| > | because mine obviously didn't work.
| > |
| > | Spam is the problem :)
| > | I started using RBL lists, this works great, but some hosts that I want
| > | to get mail from are listed.
| > |
| > | How do I make a white list of hosts I want to get mail from?
| >
| > First, use exim 4!
|
| Arrgh, I would like to be able to do this on exim 3.33 otherwise I will
| have to go through reconfiguring exim and get everything working again.
| If it can't be done with 3.33, then I'll have to bite the bullet and
| spend the extra few days to figure out how to upgrade.

I don't know if you can manage that with exim 3 or not. The problem
with exim 3 is that the relay controls are "global" parameters, and as
such you can't control the order in which they're checked. With the
introduction of the acls in exim 4, you can specify the order and
scope of each relay control in order to achieve exactly what you want.
You're welcome to dig through the details of exim3's semantics if you
want to, but I think moving to exim 4 would be much easier.

-D

--

Commit to the Lord whatever you do,
and your plans will succeed.
Proverbs 16:3

GnuPG key : http://dman.ddts.net/~dman/public_key.gpg

--
[ Content of type application/pgp-signature deleted ]
--

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal