surblspamcheck

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

surblspamcheck

Terry-2
Do I need to activate this check any where ?
I can see it is configured  but when I send an email with a black listed
url  to test it seems to gets through. No errors show in the logs.

in exim.conf
# exim4u: Setup Perl Startup for SURBL/URIBL Scan Checks
perl_startup = do '/etc/exim/exim.pl/exim_surbl.pl'
perl_at_start = true
message_body_visible = 5000
message_body_newlines = true


and
ls -al /etc/exim/exim.pl/exim_surbl.pl
-rw-r--r--  1 root  wheel  26230 Feb 15 23:35
/etc/exim/exim.pl/exim_surbl.pl

It has the Enable embedded Perl interpreter enabled and I don't think it
would start up with out it.

Not too sure of exim cmd line options to test it further

Thanks



_______________________________________________
users mailing list
[hidden email]
https://exim4u.org/mailman/listinfo/users
Reply | Threaded
Open this post in threaded view
|

Re: surblspamcheck

gldickens3
Administrator
On 02/27/2011 12:40 PM, Terry wrote:

> Do I need to activate this check any where ?
> I can see it is configured  but when I send an email with a black listed
> url  to test it seems to gets through. No errors show in the logs.
>
> in exim.conf
> # exim4u: Setup Perl Startup for SURBL/URIBL Scan Checks
> perl_startup = do '/etc/exim/exim.pl/exim_surbl.pl'
> perl_at_start = true
> message_body_visible = 5000
> message_body_newlines = true
>
> and
> ls -al /etc/exim/exim.pl/exim_surbl.pl
> -rw-r--r--  1 root  wheel  26230 Feb 15 23:35
> /etc/exim/exim.pl/exim_surbl.pl
>
> It has the Enable embedded Perl interpreter enabled and I don't think it
> would start up with out it.

Hi Terry,

You should not have to do anything to activate the surbl checks.

I assume that you have not modified the stock Exim4U /etc/exim/exim.conf
and /etc/exim/exim.pl/exim_surbl.pl files.  Nevertheless, you may want
to verify the following values in etc/exim/exim.pl/exim_surbl.pl since
this is where the lookups could be disabled:

my $surbl_enable = 1;
my $uribl_enable = 1;
my $dbl_enable = 1;

The surbl/uribl/dbl services sometimes refuse lookups from name servers
that perform a large number of lookups such as hosting providers and
large ISP name servers. I therefore recommend that all mail servers have
their own caching name server.  You can easily setup your own caching
name server with bind/named whereby all of the lookups originate from
your IP address instead of a hosting providers' name server IP address
that may be blocked. If you have not setup your own caching name server
and you are instead relying on your hosting provider or ISP for name
services then that could make some or all of the surbl/uribl/dbl lookups
fail.

In any event, you should verify that the surbl/uribl/dbl lookups are
working properly from your mail server's IP address using one of the
testing techniques outlined in section 4 in:

http://exim4u.org/svn/exim4u_src/trunk/NOTES

As an example, test a known blacklisted url in the uribl database with:

nslookup domain.tld.black.uribl.com

If the url is listed  then nslookup will generate an output IP address
of 127.0.0.2 and the output will look like:

Non-authoritative answer:
Name:    domain.tld.black.uribl.com
Address: 127.0.0.2

Be sure and do the nslookup test from your mail server's IP address. If
your test spam's url returns 127.0.0.2 then the url is on the blacklist
and everything is working properly.  Now, send a test spam email to your
mail server that contains the known spammer's link and see if it is
rejected.  Make sure that you send the test spam from an IP address that
is not whitelisted by Exim4U (such as in
etc/exim/exim4u_backup_mx_host_names or
etc/exim/exim4u_backup_mx_rl_host_names).  If the test spam is not then
rejected by Exim4U then exim_surbl is indeed not working properly.

If the nslookup is working properly but the spammer url is not rejected
then please send me a copy of your test spam email so that I can test
and verify it on one of my servers.  Be sure and include the entire test
email including headers.

Also, as an FYI and for further help, Exim4U's surbl/uribl/dbl blocking
simply uses Erik Mugele's perl script which you can read about here:

http://www.teuton.org/~ejm/exim_surbl/#exim

FYI,

Gordon







_______________________________________________
users mailing list
[hidden email]
https://exim4u.org/mailman/listinfo/users
Reply | Threaded
Open this post in threaded view
|

Re: surblspamcheck

Terry-2

> Hi Terry,
>
> You should not have to do anything to activate the surbl checks.
>
> I assume that you have not modified the stock Exim4U
> /etc/exim/exim.conf and /etc/exim/exim.pl/exim_surbl.pl files.  
> Nevertheless, you may want to verify the following values in
> etc/exim/exim.pl/exim_surbl.pl since this is where the lookups could
> be disabled:
>
> my $surbl_enable = 1;
> my $uribl_enable = 1;
> my $dbl_enable = 1;
>
> The surbl/uribl/dbl services sometimes refuse lookups from name
> servers that perform a large number of lookups such as hosting
> providers and large ISP name servers. I therefore recommend that all
> mail servers have their own caching name server.  You can easily setup
> your own caching name server with bind/named whereby all of the
> lookups originate from your IP address instead of a hosting providers'
> name server IP address that may be blocked. If you have not setup your
> own caching name server and you are instead relying on your hosting
> provider or ISP for name services then that could make some or all of
> the surbl/uribl/dbl lookups fail.
>
> In any event, you should verify that the surbl/uribl/dbl lookups are
> working properly from your mail server's IP address using one of the
> testing techniques outlined in section 4 in:
>
> http://exim4u.org/svn/exim4u_src/trunk/NOTES
>
> As an example, test a known blacklisted url in the uribl database with:
>
> nslookup domain.tld.black.uribl.com
>
> If the url is listed  then nslookup will generate an output IP address
> of 127.0.0.2 and the output will look like:
>
> Non-authoritative answer:
> Name:    domain.tld.black.uribl.com
> Address: 127.0.0.2
>
> Be sure and do the nslookup test from your mail server's IP address.
> If your test spam's url returns 127.0.0.2 then the url is on the
> blacklist and everything is working properly.  Now, send a test spam
> email to your mail server that contains the known spammer's link and
> see if it is rejected.  Make sure that you send the test spam from an
> IP address that is not whitelisted by Exim4U (such as in
> etc/exim/exim4u_backup_mx_host_names or
> etc/exim/exim4u_backup_mx_rl_host_names).  If the test spam is not
> then rejected by Exim4U then exim_surbl is indeed not working properly.
>
> If the nslookup is working properly but the spammer url is not
> rejected then please send me a copy of your test spam email so that I
> can test and verify it on one of my servers.  Be sure and include the
> entire test email including headers.
>
> Also, as an FYI and for further help, Exim4U's surbl/uribl/dbl
> blocking simply uses Erik Mugele's perl script which you can read
> about here:
>
> http://www.teuton.org/~ejm/exim_surbl/#exim
>
> FYI,
>
> Gordon
>
>
>
>
>
Thank you Gordon  for the very clear and informative reply you were
right for some reason my look ups were blocked but setting up a caching
name server
fixed it straight away.


_______________________________________________
users mailing list
[hidden email]
https://exim4u.org/mailman/listinfo/users