Verifying that Spamhaus is working within Exim

Well, I've reworked my entire system after that last little fiasco with a lost config file after reboot.  I didn't even think to check if two config files were floating around.  Thanks for pointing that out.

New question:  Now that I reconfigured and reinserted support for Spamhaus, I haven't seen Exim block an email even though I've seen plenty of emails coming in from domains listed in zen.spamhaus.org

Under acl_check_rcpt I have:

  deny
    message = X-Warning: $sender_host_address is listed at $dnslist_domain ($dnslist_value: $dnslis
t_text)
    log_message = $sender_host_address is listed at $dnslist_domain ($dnslist_value: $dnslist_text)
    dnslists = zen.spamhaus.org


Nothing shows up in the logs that any email was blocked because it's on the RBL.  Here's a log example of a domain that is on the RBL but exim never blocked:

2009-07-12 13:29:54 H=118-169-198-20.dynamic.hinet.net (www.hello.com) [118.169.198.20] F=<mike87694@...> rejected RCPT <candy59839@...>: relay not permitted
2009-07-12 13:29:55 unexpected disconnection while reading SMTP command from 118-169-198-20.dynamic.hinet.net (www.hello.com) [118.169.198.20]


It only failed because it was an attempt at a relay.

So is there a way to double check that Exim is querying the RBL?

Thanks


     

--
## List details at http://lists.exim.org/mailman/listinfo/exim-users 
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

On 2009-07-12 at 14:31 -0700, Alex Carver wrote:
> New question:  Now that I reconfigured and reinserted support for Spamhaus, I haven't seen Exim block an email even though I've seen plenty of emails coming in from domains listed in zen.spamhaus.org
>
> Under acl_check_rcpt I have:
>
>   deny
>     message = X-Warning: $sender_host_address is listed at $dnslist_domain ($dnslist_value: $dnslis
> t_text)
>     log_message = $sender_host_address is listed at $dnslist_domain ($dnslist_value: $dnslist_text)
>     dnslists = zen.spamhaus.org

Where do you have this within acl_check_rcpt?  Note that the ACL is
worked through in order, so unless you have this stanza before the bit
which goes:
  require message = relay not permitted
          domains = +local_domains : +relay_to_domains
then Exim won't get as far as checking that.

Why do you have "X-Warning: " at the start of message?  It's an SMTP
refusal message, not a header, when you're in deny.

You probably also want to add some exceptions to that, such as a local
whitelist, for the times when someone you care about ends up on an RBL.
Also "!authenticated = *"; eg, my home IP is a residential cable-modem
IP and if I send mail via my colo server, I'll be using authenticated
SMTP -- if you need to support remote workers, you'll want to make sure
that they're not blocked based on source IP.  (Hey, my current home IP
is on zen, [127.0.0.10]).

> Nothing shows up in the logs that any email was blocked because it's on the RBL.  Here's a log example of a domain that is on the RBL but exim never blocked:
>
> 2009-07-12 13:29:54 H=118-169-198-20.dynamic.hinet.net (www.hello.com) [118.169.198.20] F=<mike87694@...> rejected RCPT <candy59839@...>: relay not permitted
> 2009-07-12 13:29:55 unexpected disconnection while reading SMTP command from 118-169-198-20.dynamic.hinet.net (www.hello.com) [118.169.198.20]
>
>
> It only failed because it was an attempt at a relay.
>
> So is there a way to double check that Exim is querying the RBL?

$ exim -d+acl -bh $bad_ip -bs
and type in raw SMTP.  This is debugging with extra debugging for ACLs
turned on.

Myself, to help remote administrators debug mail delivery, I have this
in my connect ACL (amongst other things):
  accept  !dnslists = [ some local whitelist stuff ]
          dnslists = zen.spamhaus.org
          message = ${smtp_active_hostname} ESMTP - NO UCE NO UBE ${tod_log} (UTC)\n\
                    WARNING: You are on RBL $dnslist_domain: $dnslist_text\n\
                    Your mail will not be accepted unauthenticated.

The side-effect of multi-line SMTP responses causing problems for flaky
clients is a side-benefit.

-Phil

--
## List details at http://lists.exim.org/mailman/listinfo/exim-users 
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

--- On Sun, 7/12/09, Phil Pennock <exim-users@...> wrote:

The RBL segment happens to be below the part you quote so that explains that bit.  I just hadn't seen a spamhaus block in so long I wondered if I had misconfigured it.

>
> Why do you have "X-Warning: " at the start of
> message?  It's an SMTP
> refusal message, not a header, when you're in deny.

It used to be a warn statement and I just forgot to remove X-Warning.

This happens to be my personal server but I have a static IP at home so I can send direct (ISP does not block) so I send directly out from here.  I don't anticipate ever having an external user beyond perhaps running as a backup MX for someone but that just means they get added to the relay domain list instead.



>
> $ exim -d+acl -bh $bad_ip -bs
> and type in raw SMTP.  This is debugging with extra
> debugging for ACLs
> turned on.
>

This works very well, thanks.  At least I now know that it's actually responding.
 

     

--
## List details at http://lists.exim.org/mailman/listinfo/exim-users 
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/