Topic: exclude an IP or domain from being checked in the RBLS

[Blackbox]

Hi everyone,
I recently activated the RBL feature in SME server and I must say that it works like a charm. I managed to reduce spam but 95%.

However, now I am running into a small problem. My ISP just got blocked by SORBS and I am not getting any emails from users connected to my ISP.

Is there a way I can exclude an IP or domain from being checked in the RBLs instead of remove SORBS from my list. SORBS is doing a good job in blocking my spam and this would cause me huge problems if I remove it.

I cannot find any theads that concern this topic. Maybe I am not searching for the right query.  

Any help is appreciated.
Thanks in advance

[egerards]

I've got a little SME howto file, where I have some notes on white / black listing:

Code: [Select]

 # /sbin/e-smith/db spamassassin setprop wbl.global foo@bar.com White foobar@bar.net Black *@*easymoney.net White
  # expand-template /etc/mail/spamassassin/local.cf
  # svc -t /service/spamd


That's it!

[Blackbox]

Thanks for your reply.

Unfortunately, this does not work as I do not have SpamAssasin enabled. I only got RBLs enabled.

I cannot find any docs on RBL commands.

Thanks anyway.

[dmay]

I have an alpha contrib available that will do what you need:

http://mirror.contribs.org/smeserver/contribs/dmay/smeserver/7.x/testing/smeserver-wbl/

Not recommended on a business production server. However if you are just a home user and wish to test a solution, this should work for you.

Remember to place any follow up discussions in the contribs forum.

Darrell

[crazybob]

Am I correct in assuming that email goes to spamassassin before the RBL, and if email is whitelisted it will bypass the RBL?

[dmay]

Am I correct in assuming that email goes to spamassassin before the RBL, and if email is whitelisted it will bypass the RBL?

No on both assumptions. SA wbl is for sa only. E-mail is processed based on the qpsmtpd plugin order. One of the plugins being sa which is near the bottom of the list. Review this dir:

/var/service/qpsmtpd/config/peers

Darrell

[crazybob]

Thanks Darrell. I think I understand a lot better now.

Bob

[Blackbox]

Hi Dmay,
Sorry for the late reply but I was out of the office so quite a while (Easter holidays)  

Is there a way to whitelist a domain or IP address without installing any other contribs?

I would like to keep the production server as clean as possible.

Any help is appreciated.

Thanks

[mmccarn]

It looks to me as though you can white-list an IP address by adding it to the file /var/service/qpsmtpd/config/dnsbl_allow.

The default template for this is constructed to include all local ip addresses, and is located at /etc/e-smith/templates/var/service/qpsmtpd/config/dnsbl_allow/80LocalNetworks

You should be able to white-list an IP using:
mkdir -p /etc/e-smith/templates-custom/var/service/qpsmtpd/config/dnsbl_allow
cd /etc/e-smith/templates-custom/var/service/qpsmtpd/config/dnsbl_allow
pico -w 50dnsbl_whitelist

Add the IPs you want to white-list, one per line.  Add a class "C" network by leaving off the final octet (but include the final ".").  Use "Ctrl-X", "y", <enter> to exit pico saving changes, then:

 expand-template /var/service/qpsmtpd/config/dnsbl_allow
signal-event email-update

Caveat: I have verified that the commands above will successfully modify /var/service/qpsmtpd/config/dnsbl_allow, but I have no idea if this will provide the solution to your situation.

If you try this out, please report back and let us know how it works...

P.S.  You could do the same thing without creating any custom templates by adding the IP address of the server you want to whitelist as a "Local Network" in server-manager, but this also opens lots of other services to that host and is therefore discouraged for security reasons.

[dmay]

It looks to me as though you can white-list an IP address by adding it to the file /var/service/qpsmtpd/config/dnsbl_allow.

IIUC there are two qpsmtpd config settings, /var/service/qpsmtpd/config/peers/0 and local. Neither appears to load the dnsbl_allow plugin any longer as the 'local' config now automatically disables the rhsbl & dnsbl plugins.

Darrell

[mmccarn]

Oops  

[mmccarn]

Neither appears to load the dnsbl_allow plugin

dnsbl_allow isn't a plugin, it's a configuration file referenced by the dnsbl plugin.

dnsbl is still enabled for the "0" peer (if you run config setprop qpsmtpd DNSBL enabled) so I think my notes above would still work.

(I *still* have no idea if my earlier post will work, but at least now I have a 7.1.3 server to play with so I'm not posting stuff based on 7.0...)

[dmay]

dnsbl_allow isn't a plugin, it's a configuration file referenced by the dnsbl plugin.

Tag. Your right.

Darrell

[crazybob]

any further news on this?