Unified list of Blacklisted SMTP IP addresses

albatroz

• November 08, 2013 15:15

I use this WHM/exim option to block lots of IP addresses that RBL lists don"t block, so I was wondering if there is a way to have a merged list that could be shared among all my WHM/CPanel servers. I am currently using WHM/CPanel version 11.38.2 (build 6)

• 

  MikeDVB

  • November 08, 2013 23:06

  The IPs blocked in Exim are just stored in a configuration file - nothing super special about that. In essence it sounds like you want to start your own RBL - there are already quite a few purpose-built solutions out there for that already. Just as you're adding IPs to your block list - so are all of the RBLs on a 24/7/365 basis.

  0
• 

  cPanelMichael

  • November 11, 2013 12:17

  Hello :) The IP addresses you block with this option are stored in the following file: /etc/spammeripblocks
  You could add entries from all servers to this file and add to it on each server every time you block a new IP address. Thank you.

  0
• 

  albatroz

  • November 24, 2013 13:25

  Yes, it seems that I will start my own RBL for local spammers (peruvian spam written in spanish). I am looking for a solution like this one.... [url=http://www.simpledns.com/dnsbl-editor.aspx]DNS Blacklist Editor

  0
• 

  MikeDVB

  • November 25, 2013 16:54

  One thing you can do - if you have the time and want to make the effort - is to report the messages that are spam to a service like SpamCop. I can't say how well it will handle languages other than English - but you can ask them :).

  0
• 

  albatroz

  • March 28, 2014 15:37

  What I am doing right now is configuring Simple DNS with this Blacklist Plugin [url=http://support.simpledns.com/kb/a147/dns-blacklist-dnsbl-rbl-plug-in.aspx]DNS Blacklist (DNSBL / RBL) Plug-In - Simple DNS Plus

  0
• 

  albatroz

  • April 14, 2014 18:16

  I finally managed to have my RBL/DNS blacklist working, but have the impression that Exim is not reading the information from my DNS server. Could that be possible? [quote="cPanelMichael, post: 1504322">Hello :) The IP addresses you block with this option are stored in the following file: /etc/spammeripblocks
  You could add entries from all servers to this file and add to it on each server every time you block a new IP address. Thank you.
  

  0
• 

  cPanelMichael

  • April 15, 2014 18:55

  [quote="albatroz, post: 1621002">I finally managed to have my RBL/DNS blacklist working, but have the impression that Exim is not reading the information from my DNS server. Could that be possible?
  What method/steps have you used to enable it? Thank you.

  0
• 

  albatroz

  • April 15, 2014 19:14

  The hostname of the RBL server is rbl.enlanube.pe, so I added it on this screen /https://www.dropbox.com/s/b0g032ucazssc99/Screenshot%202014-04-15%2014.05.19.png and then enabled it on this other one /https://www.dropbox.com/s/etu3kevp1rhpj9p/Screenshot%202014-04-15%2014.05.37.png [COLOR="silver">- - - Updated - - - BTW, You can use the following command to make test queries to the RBL host 214.124.58.198.rbl.enlanube.pe Host 214.124.58.198.rbl.enlanube.pe not found: 3(NXDOMAIN) Mac-mini-de-Ale:~ ale$ host 214.124.58.198.rbl.enlanube.pe rbl.enlanube.pe Using domain server: Name: rbl.enlanube.pe Address: 162.243.209.40#53 Aliases: 214.124.58.198.rbl.enlanube.pe has address 127.0.0.2

  0
• 

  cPanelMichael

  • April 16, 2014 17:26

  [quote="albatroz, post: 1622031">but have the impression that Exim is not reading the information from my DNS server.
  Is there a reason you feel that Exim is not utilizing this custom RBL? Thank you.

  0
• 

  albatroz

  • April 17, 2014 14:36

  I added the IP 95.215.224.12 to my custom blacklist to make some tests as you can see in the following lines root@s3 [~]# host 12.224.215.95.rbl.enlanube.pe rbl.enlanube.pe Using domain server: Name: rbl.enlanube.pe Address: 162.243.209.40#53 Aliases: 12.224.215.95.rbl.enlanube.pe has address 127.0.0.2
  however when I send an email from that IP to my CPanel/Exim server it is blocked root@s3 [~]# grep 95.215.224.12 /var/log/exim_mainlog 2014-04-17 08:22:18 1WalKb-0008ph-Vb <= prueba@roxfarmaperu.com H=enkompassmail1.ukdns.biz [95.215.224.12]:50997 P=esmtps X=TLSv1:AES128-SHA:128 S=2607 id=3826587a$616e23c8$38beaba4$@roxfarmaperu.com T="fw: Re: Prueba 6.49am" for prueba@avances.vo.pe 2014-04-17 08:22:18 SMTP connection from enkompassmail1.ukdns.biz [95.215.224.12]:50997 closed by QUIT
  

  0
• 

  cPanelMichael

  • April 17, 2014 15:15

  To clarify, it's not that the RBL is failing, but you mean the IP addressed used for your RBL can not send emails to your server? Thank you.

  0
• 

  albatroz

  • April 17, 2014 15:34

  The problem is that I CAN send mails to my server from an IP that is included in blacklist of RBL, without being blocked.

  0
• 

  cPanelMichael

  • April 17, 2014 15:47

  Please open a support ticket using the link in my signature so we can take a closer look. You can post the ticket number here so we can update this thread with the outcome. Thank you.

  0
• 

  albatroz

  • April 17, 2014 23:19

  Please check this support ticket: 4821187 [quote="cPanelMichael, post: 1624052">Please open a support ticket using the link in my signature so we can take a closer look. You can post the ticket number here so we can update this thread with the outcome. Thank you.
  

  0
• 

  cPanelMichael

  • April 18, 2014 13:19

  To update, it was advised that a zone forwarder should be setup within /etc/named.conf in the "localhost_resolver" view forwarding all requests for the RBL to the appropriate server. Thank you.

  0
• 

  albatroz

  • May 02, 2014 12:07

  I finally have my RBL working as expected and I am updating it using the ban list from one of my whm/cpanel servers :) Now I am thinking on a way to make it public :) and make some cash with it (why not)

  0

Please sign in to leave a comment.