ABHIONLINUX
Site useful for linux administration and web hosting

2009/08/11

Prevent Spamming in Exim/cPanel

(You will have to do this through WHM if you want to make the changes permanent, otherwise any changes will be overwritten during the next WHM/Cpanel update Main >> Service Configuration >> Exim Configuration Editor >> Advanced Editor. You may want to make a copy from the command line first just in case you mess things up ‘cp /etc/exim.conf /etc/exim.conf.bak’)

RBL, or Real-time Blackhole Lists, are lists of IP addresses from known spammers. You can use these lists in Exim to reject email from said spammers using the steps below;

Scroll down to the three text input boxes just below “begin acl”
In the *middle* box find the line ” accept hosts = :” and just after that line insert the following

#**# RBL List Begin
#**#
#
# Always accept mail to postmaster & abuse
#
accept domains = +local_domains
local_parts = postmaster:abuse
#
# Check sending hosts against DNS black lists.
# Reject message if address listed in blacklist.
deny message = ${sender_host_address} is listed at ${dnslist_domain}; See ${dnslist_text}
!hosts = +relay_hosts
!authenticated = *
dnslists = zen.spamhaus.org : bl.spamcop.net
!domains = +local_domains
#**#
#**# RBL List End

Spamassasin
————————

# vi /etc/mail/spamassassin/local.cf ‘ you will see the line;

# trusted_networks 212.17.35.

You can uncomment that line and add the IP address of your mailserver and localhost (and whatever other IPs you want to trust);

trusted_networks 127.0.0.1
trusted_networks 66.249.0.28

The other setting I found was whitelist_auth. You can add this anywhere in the /etc/mail/spamassassin/local.cf. ‘whitelist_auth’ will only work if you are using SPF, DKIM, or DomainKeys to verify senders.

whitelist_auth dave@example.com
whitelist_auth *@spry.com

For more info type ‘perldoc Mail::SpamAssassin::Conf’ from the command line.

These settings will help lower the amount of mail that Spamassassin has to process by ignoring all mail coming from your server and any other trusted IP.

——————————————————————————————–

Change all default/catchall addresses from :blackhole: to :fail:

Then to change all default addresses to :fail: we’ll need to run two commands, one to change any :blackhole: settings and the other to change any default addresses that forward to another email address. First run this command in SSH …

Quote:
replace ‘:blackhole:’ ‘:fail:’ — /etc/valiases/*

… this will change any :blackhole: setting to the desired :fail: setting.

Change all default/catchall addresses to :fail:

Then the second command …

Quote:
sed -i ’s/^\*: [^ ]*$/*: :fail: ADDRESS DOES NOT EXIST/g’ /etc/valiases/*

… this will change any setting which sends the unrouted mail to another email address to the desired :fail: setting.

Now, running this command again should reveal no results because we have just changed all settings to :fail: …

Quote:
grep ‘*:’ /etc/valiases/* | egrep -v ‘:fail:’

No comments:

Post a Comment