There are extensions, IPs, and domains from which a considerable amount of temporary or permanent spam is sent. In this article, we show you how to block a lot of spam by adjusting the configuration of Exim in Ubuntu or Debian to make use of blacklists. You can choose from public blacklists, or manually create your own blacklist.

During the public blacklist check, the IP address of the sender is checked against the blacklist. With the manual blacklist, the blacklist can be set based on IP address or domain.

If a sender is blacklisted, with the steps in this article, those emails will be blocked and a message will be sent to the sender that the message has been blocked as spam. Additionally, we also show how you can use whitelists to make sure senders or domains are not stopped by your blacklist checks.

Public blacklists

Step 1

Connect to your VPS via SSH or the VPS console in the TransIP control panel.

Step 2

Open the Exim configuration:

nano /etc/exim4/exim4.conf.template

Step 3

Search for 'CHECK_RCPT_IP_DNSBLS' (with ctrl shift_ followed by v). You then arrive at the following code:

  # Check against classic DNS "black" lists (DNSBLs) which list
  # sender IP addresses
  .ifdef CHECK_RCPT_IP_DNSBLS
  warn
    dnslists = CHECK_RCPT_IP_DNSBLS
    add_header = X-Warning: $sender_host_address is listed at $dnslist_domain ($dnslist_value: $dnslist_text)
    log_message = $sender_host_address is listed at $dnslist_domain ($dnslist_value: $dnslist_text)
  .endif

'warn' means that your mail is not blocked but merely a warning is added to the mail headers. Change 'warn' to 'deny' to prevent blacklisted mail from being delivered.

The variable CHECK_RCPT_IP_DNSBLS is not yet defined, so the blacklist check doesn't do anything just yet. In the 'MAIN CONFIGURATION SETTINGS' section of the configuration file, add the following code to define CHECK_RCPT_IP_DNSBLS:

# Defines a list of blacklists to check incoming mail against
CHECK_RCPT_IP_DNSBLS = zen.spamhaus.org, sbl.spamhaus.org, cbl.abuseat.org, bl.spamcop.net, b.barracudacentral.org, dsn.rfc-ignorant.org/$sender_address_domain

• You're free to choose wich blaklist you'd like to use, we recommend using at least zen.spamhaus.org.
• Not every spamlist works the same. Ignorant.org checks the sender's domain, the other blacklists in this example use the sender's IP address. For this reason, ignorant.org has the addition $sender_address_domain.

A detailed explanation of the use of blacklists / access control lists can be found here in Exim's documentation.

Then, save your changes and close the file (ctrl + x > y > enter).

Step 4

Finally, update Exim's configuration and restart it to process the changes:

update-exim4.conf
systemctl restart exim4

Incoming mail is now automatically scanned to check whether the sender is in a blacklist.

Manual blacklist

Exim in Ubuntu & Debian is preconfigured with manual blacklist support. In order to use it, all you need to do is add a domain to the blacklist.

Step 1

Connect to your VPS via SSH or the VPS console in the TransIP control panel.

Step 2

Open the blacklist file:

nano /etc/exim4/local_sender_blacklist

Step 3

Add the domains you want to blacklist, where you place each domain on a separate line. You blacklist an entire extension with a wildcard as in the example below.

example.com
example.nl
*.xxx
*.xyz

Save your changes again and close the file (ctrl + x > y > enter).

Optional: custom block message

In /etc/exim4/exim4.conf.template you'll find the message = variable when you search for local_sender_blacklist. This variable determines what message is sent to mail senders which are in your blacklist. You are free to change this message, but don't forget to updat ethe configuration and restart exim4 with update-exim4.conf and systemctl restart exim4 respectively.

Manual whitelisting

In addition to manual blacklisting, Exim also comes with manual whitelisting out-of-the-box. This works relatively similar to manual blacklisting.

Step 1

There are two options available; whitelisting of a sender (email address) and whitelisting of a host (i.e. a domein or extension). The first option is usually preferred: whitelisting ignores all spam checks and it's a given that especially with large domains (e.g. hotmail or gmail) you'll probably don't want to have all its adresses skip your spam checks.

Open the desired whitelist file with:

sender whitelisting

nano /etc/exim4/sender_local_deny_exceptions

host whitelisting

nano /etc/exim4/host_local_deny_exceptions

Step 2

In the opened file add the following content, depending on your choice this will be:

sender_local_deny_exceptions:

Add a list of email addresses which you want to whitelist, for example:

demo@transip.nl
someone@example.com
etc

host_local_deny_exceptions:

A list of domains you'd like to whitelist, for example:

transip.nl
example.com
*.nl
etc

Save your changes and close the file (ctrl + x > y > enter). A restart of Exim should not be required as (at least at the time of writing) Exim is already preconfigured to support and check for this form of whitelisting.

This brings us to the end of this tutorial about blacklist and whitelist checking in Exim. Should you have any questions left regarding this guide, do not hesitate to contact our support department. You can reach them via the ‘ContactUs’ button at the bottom of this page.

If you want to discuss this article with other users, please leave a message under 'Comments'.