Do I need to activate this check any where ? I can see it is configured but when I send an email with a black listed url to test it seems to gets through. No errors show in the logs. in exim.conf # exim4u: Setup Perl Startup for SURBL/URIBL Scan Checks perl_startup = do '/etc/exim/exim.pl/exim_surbl.pl' perl_at_start = true message_body_visible = 5000 message_body_newlines = true and ls -al /etc/exim/exim.pl/exim_surbl.pl -rw-r--r-- 1 root wheel 26230 Feb 15 23:35 /etc/exim/exim.pl/exim_surbl.pl It has the Enable embedded Perl interpreter enabled and I don't think it would start up with out it. Not too sure of exim cmd line options to test it further Thanks
On 02/27/2011 12:40 PM, Terry wrote:
Do I need to activate this check any where ? I can see it is configured but when I send an email with a black listed url to test it seems to gets through. No errors show in the logs.
in exim.conf # exim4u: Setup Perl Startup for SURBL/URIBL Scan Checks perl_startup = do '/etc/exim/exim.pl/exim_surbl.pl' perl_at_start = true message_body_visible = 5000 message_body_newlines = true
and ls -al /etc/exim/exim.pl/exim_surbl.pl -rw-r--r-- 1 root wheel 26230 Feb 15 23:35 /etc/exim/exim.pl/exim_surbl.pl
It has the Enable embedded Perl interpreter enabled and I don't think it would start up with out it.
Hi Terry, You should not have to do anything to activate the surbl checks. I assume that you have not modified the stock Exim4U /etc/exim/exim.conf and /etc/exim/exim.pl/exim_surbl.pl files. Nevertheless, you may want to verify the following values in etc/exim/exim.pl/exim_surbl.pl since this is where the lookups could be disabled: my $surbl_enable = 1; my $uribl_enable = 1; my $dbl_enable = 1; The surbl/uribl/dbl services sometimes refuse lookups from name servers that perform a large number of lookups such as hosting providers and large ISP name servers. I therefore recommend that all mail servers have their own caching name server. You can easily setup your own caching name server with bind/named whereby all of the lookups originate from your IP address instead of a hosting providers' name server IP address that may be blocked. If you have not setup your own caching name server and you are instead relying on your hosting provider or ISP for name services then that could make some or all of the surbl/uribl/dbl lookups fail. In any event, you should verify that the surbl/uribl/dbl lookups are working properly from your mail server's IP address using one of the testing techniques outlined in section 4 in: http://exim4u.org/svn/exim4u_src/trunk/NOTES As an example, test a known blacklisted url in the uribl database with: nslookup domain.tld.black.uribl.com If the url is listed then nslookup will generate an output IP address of 127.0.0.2 and the output will look like: Non-authoritative answer: Name: domain.tld.black.uribl.com Address: 127.0.0.2 Be sure and do the nslookup test from your mail server's IP address. If your test spam's url returns 127.0.0.2 then the url is on the blacklist and everything is working properly. Now, send a test spam email to your mail server that contains the known spammer's link and see if it is rejected. Make sure that you send the test spam from an IP address that is not whitelisted by Exim4U (such as in etc/exim/exim4u_backup_mx_host_names or etc/exim/exim4u_backup_mx_rl_host_names). If the test spam is not then rejected by Exim4U then exim_surbl is indeed not working properly. If the nslookup is working properly but the spammer url is not rejected then please send me a copy of your test spam email so that I can test and verify it on one of my servers. Be sure and include the entire test email including headers. Also, as an FYI and for further help, Exim4U's surbl/uribl/dbl blocking simply uses Erik Mugele's perl script which you can read about here: http://www.teuton.org/~ejm/exim_surbl/#exim FYI, Gordon
Hi Terry,
You should not have to do anything to activate the surbl checks.
I assume that you have not modified the stock Exim4U /etc/exim/exim.conf and /etc/exim/exim.pl/exim_surbl.pl files. Nevertheless, you may want to verify the following values in etc/exim/exim.pl/exim_surbl.pl since this is where the lookups could be disabled:
my $surbl_enable = 1; my $uribl_enable = 1; my $dbl_enable = 1;
The surbl/uribl/dbl services sometimes refuse lookups from name servers that perform a large number of lookups such as hosting providers and large ISP name servers. I therefore recommend that all mail servers have their own caching name server. You can easily setup your own caching name server with bind/named whereby all of the lookups originate from your IP address instead of a hosting providers' name server IP address that may be blocked. If you have not setup your own caching name server and you are instead relying on your hosting provider or ISP for name services then that could make some or all of the surbl/uribl/dbl lookups fail.
In any event, you should verify that the surbl/uribl/dbl lookups are working properly from your mail server's IP address using one of the testing techniques outlined in section 4 in:
http://exim4u.org/svn/exim4u_src/trunk/NOTES
As an example, test a known blacklisted url in the uribl database with:
nslookup domain.tld.black.uribl.com
If the url is listed then nslookup will generate an output IP address of 127.0.0.2 and the output will look like:
Non-authoritative answer: Name: domain.tld.black.uribl.com Address: 127.0.0.2
Be sure and do the nslookup test from your mail server's IP address. If your test spam's url returns 127.0.0.2 then the url is on the blacklist and everything is working properly. Now, send a test spam email to your mail server that contains the known spammer's link and see if it is rejected. Make sure that you send the test spam from an IP address that is not whitelisted by Exim4U (such as in etc/exim/exim4u_backup_mx_host_names or etc/exim/exim4u_backup_mx_rl_host_names). If the test spam is not then rejected by Exim4U then exim_surbl is indeed not working properly.
If the nslookup is working properly but the spammer url is not rejected then please send me a copy of your test spam email so that I can test and verify it on one of my servers. Be sure and include the entire test email including headers.
Also, as an FYI and for further help, Exim4U's surbl/uribl/dbl blocking simply uses Erik Mugele's perl script which you can read about here:
http://www.teuton.org/~ejm/exim_surbl/#exim
FYI,
Gordon
Thank you Gordon for the very clear and informative reply you were right for some reason my look ups were blocked but setting up a caching name server fixed it straight away.
participants (2)
-
Gordon Dickens -
Terry