DNS Blacklist with Exim

By setting the anti-spam DNS Blacklist feature in Exim you can eliminate a majority of your daily spam in a few simple steps.

This How-To is written for Debian Linux, with Exim using split configuration files. If your installation of Exim isn't utilizing split configuration, simply make all additions to your /etc/exim4/exim4.conf.template file.


Before getting started, we suggest you Learn Linux Basics and follow these precautions.

Steps to follow

Step 1

Edit the file /etc/exim4/conf.d/main/02_exim4-config_options and insert the following after the very last line.

# Added TODAYS-DATE by YOURNAME
# Spamhaus RBL zen.spamhaus.org
CHECK_RCPT_IP_DNSBLS = zen.spamhaus.org

Note: By itself Spamhaus provides dependable real-time anti-spam protection, but alternatively you may choose to add more than one DNS Blacklist from another source. Just be sure to separate each entry with a colon.
Step 2

Edit the file /etc/exim4/conf.d/acl/30_exim4-config_check_rcpt. Search for CHECK_RCPT_IP_DNSBLS acl and change the word "warn" to "deny" as shown below:

# Check against classic DNS "black" lists (DNSBLs) which list
# sender IP addresses
.ifdef CHECK_RCPT_IP_DNSBLS
deny
message = X-Warning: $sender_host_address is listed at $dnslist_domain ($dnslist_value: $dnslist_text)
log_message = $sender_host_address is listed at $dnslist_domain ($dnslist_value: $dnslist_text)
dnslists = CHECK_RCPT_IP_DNSBLS
.endif

Step 3

Restart Exim so that our configuration changes take effect:

/etc/init.d/exim4 restart

Step 4

Once you have set up your mail server to use zen.spamhaus.org, you can test to see if the PBL blocking is working by sending an email (any email) to: nelson-pbl-test@crynwr.com (you must send the email from the mail server which you wish to test). The Crynwr system robot will answer you to tell you if your server is correctly blocking PBL-listed IP addresses or not.

The email will look something like this.

220 mail.linuxlookup.com ESMTP Exim 4.69 Sat, 26 Sep 2009 12:11:10 -0400
helo pbl.crynwr.com
250 mail.linuxlookup.com Hello nelson at pbl.crynwr.com [192.203.178.178]
mail from:<>
250 OK
rcpt to:
550-X-Warning: 192.203.178.178 is listed at zen.spamhaus.org (127.0.0.10:
550 http://www.spamhaus.org/query/bl?ip=192.203.178.178)
Terminating conversation

If everything is set-up correctly, you should see "Terminating conversation".

Resources

  • Spamhaus.org
  • Exim.org
  • Debian.org