Cart

    Sorry, we could not find any results for your search querry.

    Exim blacklist checking in CentOS 7 & 8

    There are extensions, IPs, and domains from which a considerable amount of temporary or permanent spam is sent. In this article, we show you how to block a lot of spam by adjusting the configuration of Exim in CentOS 7 to make use of blacklists. You can choose from public blacklists, or manually create your own blacklist.

    During the public blacklist check, the IP address of the sender is checked against the blacklist. With the manual blacklist, the blacklist can be set based on IP address or domain.

    If a sender is blacklisted, with the steps in this article, those emails will be blocked and a message will be sent to the sender that the message has been blocked as spam.

    • The steps in this article require a CentOS 7 or 8 VPS with Exim and Dovecot. In this tutorial, we explain how to set up Exim and Dovecot.
       
    • Execute the commands in this article using sudo, or as a root user

    Public blacklists

     

    Step 1

    Connect to your VPS via SSH or the VPS console in the TransIP control panel.


     

    Step 2

    Open the Exim configuration:

    nano /etc/exim/exim.conf

     

    Step 3

    Search for 'blacklists' (with ctrl shift _ followed by v). You then arrive at the following code:

      #############################################################################
      # There are no default checks on DNS black lists because the domains that
      # contain these lists are changing all the time. However, here are two
      # examples of how you can get Exim to perform a DNS black list lookup at this
      # point. The first one denies, whereas the second just warns. The third
      # triggers greylisting for any host in the blacklist.
      #
      # deny    message       = rejected because $sender_host_address is in a black list at $dnslist_domain\n$dnslist_text
      #         dnslists      = black.list.example
      #
      # warn    dnslists      = black.list.example
      #         add_header    = X-Warning: $sender_host_address is in a black list at $dnslist_domain
      #         log_message   = found in $dnslist_domain
      #
      # warn    dnslists      = black.list.example
      #         set acl_m_greylistreasons = Host found in $dnslist_domain\n$acl_m_greylistreasons
      #
      #############################################################################

    The example explains how it works. Add the following code below the piece above:

    deny  message  = Sender is blacklisted at $dnslist_domain
          dnslists = 
                     dnsbl.sorbs.net : \
                     cbl.abuseat.org : \
                     bl.spamcop.net : \
                     b.barracudacentral.org : \
                     zen.spamhaus.org : \
                     dsn.rfc-ignorant.org/$sender_address_domain

    Not every spam list works the same. Ignorant.org checks the domain of the sender, the other lists the IP address. For this reason, Ignorant has the addition $sender_address_domain.

    A detailed explanation of the use of blacklists / access control lists can be found here in Exim's documentation.

    Then, save your changes and close the file (ctrl + x > y > enter).


     

    Step 4

    Finally, restart Exim to process the changes:

    systemctl restart exim

    Incoming mail is now automatically scanned to check whether the sender is in a blacklist.


    Manual blacklist

     

    Step 1

    Connect to your VPS via SSH or the VPS console in the TransIP control panel.


     

    Step 2

    Open the Exim configuration:

    nano /etc/exim/exim.conf

     

    Step 3

    Search for 'domainlist' (with ctrl shift _ followed by v). You can already see two options here: a domain list for local_domains and a domain list for relay_to_domains. Add the following below:

    domainlist exim_blacklist = lsearch;/etc/exim_blacklist

    This indicates that the exim_blacklist consists of the data in the /etc/exim_blacklist file.


     

    Step 4

    Scroll to the 'ROUTERS CONFIGURATION' section and add the router below for the other routers (for example, directly under 'start routers').

    # Exim manual blacklist
    manual_blacklist:
    driver = redirect
    domains = +exim_blacklist
    allow_fail
    data = :fail:Connection rejected: SPAM source $domain is manually blacklisted

    Routers are checked one by one to see if the pre-set condition matches the pre-set conditions. For this reason, you place the blacklist router at the top, so that the blacklist check is performed before Exim can do something else with the mail.

    Then save your changes and close the file (ctrl + x > y > enter).


     

    Step 5

    Open the file containing the blacklist (which you set in step 3):

    nano /etc/exim_blacklist

     

    Step 6

    Add the domains you want to blacklist, where you place each domain on a separate line. You blacklist an entire extension with a wildcard as in the example below.

    example.com
    example.nl
    *.xxx
    *.xyz

    Save your changes again and close the file (ctrl + x > y > enter).


     

    Step 7

    Finally, restart Exim to process the changes:

    systemctl restart exim

    Incoming mail is now automatically scanned to check whether the sender is in your own blacklist. If it is, the mail is blocked and the sender will be sent a notification.


     

    This brings us to the end of this tutorial about blacklist check in Exim. Should you have any questions left regarding this guide, do not hesitate to contact our support department. You can reach them via the ‘Contact Us’ button at the bottom of this page.

    Need help?

    Receive personal support from our supporters

    Contact us