First switch exim4 to use split configuration files.
Edit the file /etc/exim4/conf.d/main/02_exim4-config_options and insert the following after the very last line.
# Added TODAYS-DATE by YOURNAME
CHECK_RCPT_IP_DNSBLS = zen.spamhaus.org/<;$sender_host_address;$sender_address_domain :\
nomail.rhsbl.sorbs.net/$sender_address_domain : cbl.abuseat.org :\
list.dsbl.org : web.dnsbl.sorbs.net : socks.dnsbl.sorbs.net :\
http.dnsbl.sorbs.net
CHECK_RCPT_DOMAIN_DNSBLS = zen.spamhaus.org/<;$sender_host_address;$sender_address_domain :\
nomail.rhsbl.sorbs.net/$sender_address_domain : cbl.abuseat.org :\
list.dsbl.org : web.dnsbl.sorbs.net : socks.dnsbl.sorbs.net :\
http.dnsbl.sorbs.net
Edit the file /etc/exim4/conf.d/acl/30_exim4-config_check_rcpt. Search for CHECK_RCPT_IP_DNSBLS acl and change the word "warn" to "deny" as shown below:
# Check against classic DNS "black" lists (DNSBLs) which list
# Check against classic DNS "black" lists (DNSBLs) which list
# sender IP addresses
.ifdef CHECK_RCPT_IP_DNSBLS
deny
message = X-Warning: $sender_host_address is listed at $dnslist_domain ($dnslist_value: $dnslist_text)
log_message = $sender_host_address is listed at $dnslist_domain ($dnslist_value: $dnslist_text)
dnslists = CHECK_RCPT_IP_DNSBLS
.endif
# Check against DNSBLs which list sender domains, with an option to locally
# whitelist certain domains that might be blacklisted.
#
# Note: If you define CHECK_RCPT_DOMAIN_DNSBLS, you must append
# "/$sender_address_domain" after each domain. For example:
# CHECK_RCPT_DOMAIN_DNSBLS = rhsbl.foo.org/$sender_address_domain \
# : rhsbl.bar.org/$sender_address_domain
.ifdef CHECK_RCPT_DOMAIN_DNSBLS
deny
message = X-Warning: $sender_address_domain is listed at $dnslist_domain ($dnslist_value: $dnslist_text)
log_message = $sender_address_domain is listed at $dnslist_domain ($dnslist_value: $dnslist_text)
!senders = ${if exists{CONFDIR/local_domain_dnsbl_whitelist}\
{CONFDIR/local_domain_dnsbl_whitelist}\
{}}
dnslists = CHECK_RCPT_DOMAIN_DNSBLS
.endif
Restart Exim so that our configuration changes take effect:
/etc/init.d/exim4 restart
Leave a Reply