CartControl panel
Article overview

Help article

Exim blacklist checking in CentOS 7 & 8

VPSAdvancedCentOSVPS

There are extensions, IPs, and domains from which a considerable amount of temporary or permanent spam is sent. In this article, we show you how to block a lot of spam by adjusting the configuration of Exim in CentOS 7 to make use of blacklists. You can choose from public blacklists, or manually create your own blacklist.

During the public blacklist check, the IP address of the sender is checked against the blacklist. With the manual blacklist, the blacklist can be set based on IP address or domain.

If a sender is blacklisted, with the steps in this article, those emails will be blocked and a message will be sent to the sender that the message has been blocked as spam.

  • The steps in this article require a CentOS 7 or 8 VPS with Exim and Dovecot. In this tutorial, we explain how to set up Exim and Dovecot.
     
  • Execute the commands in this article using sudo, or as a root user

Public blacklists

 

Step 1

Connect to your VPS via SSH or the VPS console in the TransIP control panel.

 

Step 2

Open the Exim configuration:

nano /etc/exim/exim.conf

 

Step 3

Search for 'blacklists' (with ctrl shift_ followed by v). You then arrive at the following code:

  #############################################################################
  # There are no default checks on DNS black lists because the domains that
  # contain these lists are changing all the time. However, here are two
  # examples of how you can get Exim to perform a DNS black list lookup at this
  # point. The first one denies, whereas the second just warns. The third
  # triggers greylisting for any host in the blacklist.
  #
  # deny    message       = rejected because $sender_host_address is in a black list at $dnslist_domain\n$dnslist_text
  #         dnslists      = black.list.example
  #
  # warn    dnslists      = black.list.example
  #         add_header    = X-Warning: $sender_host_address is in a black list at $dnslist_domain
  #         log_message   = found in $dnslist_domain
  #
  # warn    dnslists      = black.list.example
  #         set acl_m_greylistreasons = Host found in $dnslist_domain\n$acl_m_greylistreasons
  #
  #############################################################################

The example explains how it works. Add the following code below the piece above:

deny  message  = Sender is blacklisted at $dnslist_domain
      dnslists = sbl.spamhaus.org : \
                 dnsbl.sorbs.net : \
                 cbl.abuseat.org : \
                 bl.spamcop.net : \
                 b.barracudacentral.org : \
                 zen.spamhaus.org : \
                 dsn.rfc-ignorant.org/$sender_address_domain

Not every spam list works the same. Ignorant.org checks the domain of the sender, the other lists the IP address. For this reason, Ignorant has the addition $sender_address_domain.

A detailed explanation of the use of blacklists / access control lists can be found here in Exim's documentation.

Then, save your changes and close the file (ctrl + x > y > enter).

 

Step 4

Finally, restart Exim to process the changes:

systemctl restart exim

Incoming mail is now automatically scanned to check whether the sender is in a blacklist.

Manual blacklist

 

Step 1

Connect to your VPS via SSH or the VPS console in the TransIP control panel.

 

Step 2

Open the Exim configuration:

nano /etc/exim/exim.conf

 

Step 3

Search for 'domainlist' (with ctrl shift _ followed by v). You can already see two options here: a domain list for local_domains and a domain list for relay_to_domains. Add the following below:

domainlist exim_blacklist = lsearch;/etc/exim_blacklist

This indicates that the exim_blacklist consists of the data in the /etc/exim_blacklist file.

 

Step 4

Scroll to the 'ROUTERS CONFIGURATION' section and add the router below for the other routers (for example, directly under 'start routers').

# Exim manual blacklist
manual_blacklist:
driver = redirect
domains = +exim_blacklist
allow_fail
data = :fail:Connection rejected: SPAM source $domain is manually blacklisted

Routers are checked one by one to see if the pre-set condition matches the pre-set conditions. For this reason, you place the blacklist router at the top, so that the blacklist check is performed before Exim can do something else with the mail.

Then save your changes and close the file (ctrl + x > y > enter).

 

Step 5

Open the file containing the blacklist (which you set in step 3):

nano /etc/exim_blacklist

 

Step 6

Add the domains you want to blacklist, where you place each domain on a separate line. You blacklist an entire extension with a wildcard as in the example below.

example.com
example.nl
*.xxx
*.xyz

Save your changes again and close the file (ctrl + x > y > enter).

 

Step 7

Finally, restart Exim to process the changes:

systemctl restart exim

Incoming mail is now automatically scanned to check whether the sender is in your own blacklist. If it is, the mail is blocked and the sender will be sent a notification.

 

This brings us to the end of this tutorial about blacklist check in Exim. Should you have any questions left regarding this guide, do not hesitate to contact our support department. You can reach them via the ‘ContactUs’ button at the bottom of this page.

If you want to discuss this article with other users, please leave a message under 'Comments'.

Has this article been helpful?

Create an account or log in to leave a rating.

Share this article

Comments

Create an account or log in to be able to leave a comment.

VPS

Web Hosting

Need help?

About TransIP