Below is a perfect method to setup exim to use several common spam blacklists such as spamhaus. Why can this be beneficial to you as a system admin? It can cut down incoming spam on your server by a great deal. This has saved me a lot of troubles and am bringing it here to help others.

All credits for this goto Pat from talkroot.com.

----------------------
Creating lsearch files
*****************

Create three text files in the /etc directory:
/etc/rblblacklist
/etc/rblbypass
/etc/rblwhitelist

SAMPLE DATA
/etc/rblblacklist is a manual blacklist, it rejects specific spammer hosts BEFORE they can send more email to your server:
domain1.com
domain2.com
domain3.com

/etc/rblbypass bypasses RBL email testing for specific destination (local) domains that don't want RBL filtering or prefer SpamAssassin tagging:
domain1.com
domain2.com
domain3.com

/etc/rblwhitelist blocks RBL email testing for listed incoming hosts, (wildcards allowed), in case an important client's mailserver is listed on an RBL you use, also automatically excludes relayhosts:
mail.domain1.com
*.domain2.com
*.domain3.com


-------------------------------
EXIM CONFIGURATION EDITOR
-------------------------------

If you use the WHM-based Exim Configuration Editor, all of your modifications will be reproduced after each update. If you edit exim.conf directly, cPanel updates MAY overwrite your changes! Because of this, the following changes should be entered using the Exim Configuration Editor.

------------------------
Setting up lsearch files
*******************

At the top of the editor, in the window below:
#!!# cPanel Exim 4 Config

Enter these lines:
domainlist rbl_blacklist = lsearch;/etc/rblblacklist
domainlist rbl_bypass = lsearch;/etc/rblbypass
hostlist rbl_whitelist = lsearch;/etc/relayhosts : partial-lsearch;/etc/rblwhitelist

----------------------------
RBL entries in ACL Section
*********************

RBL selection depends on many factors, be sure to edit the list below to reflect your priorities... Postmaster and abuse bypass allows blocked users to contact admin.

In the center window of the ACL section, directly below the line:
accept hosts = :

Enter these lines:
#**#
#**# RBL List Begin
#**#
#
# Always accept mail to postmaster & abuse for any local domain
#
accept domains = +local_domains
local_parts = postmaster:abuse
#
# Check sending hosts against DNS black lists.
# Reject message if address listed in blacklist.
deny message = Message rejected because $sender_fullhost \
is blacklisted at $dnslist_domain see $dnslist_text
dnslists = dnsbl.njabl.org : \
bl.spamcop.net : \
blackholes.easynet.nl : \
dynablock.easynet.nl : \
proxies.blackholes.easynet.nl : \
sbl.spamhaus.org : \
list.dsbl.org : \
cbl.abuseat.org : \
relays.ordb.org
# RBL Bypass Local Domain List
!domains = +rbl_bypass
# RBL Whitelist incoming hosts
!hosts = +rbl_whitelist
#**#
#**# RBL List End
#**#


--------------------------------
RBL entries in ROUTERS Section
**************************

In the ROUTERS section window, directly below the line:
# in the "local_domains" setting above.

Enter these lines:
# Deny and send notice to list of rejected domains.
reject_domains:
driver = redirect
# RBL Blacklist incoming hosts
domains = +rbl_blacklist
allow_fail
data = :fail: Connection rejected: SPAM source $domain is manually blacklisted.


-----------------------------
RBL Testing and Verification
***********************

Once your file changes are in place, be sure to keep an eye out for errors... missing files and other errors will be listed here:
tail -50 /var/log/exim_paniclog

You can view your spam filtering by reviewing the reject log:
tail -50 /var/log/exim_rejectlog

If your RBL tests include sbl.spamhaus.org, you can test the blacklist and whitelist functions by sending an email, USING THE MAILSERVER YOU WISH TESTED, to:
nelson-sbl-test@crynwr.com

It will attempt to send an email from mailserver sbl.crynwr.com, which is blacklisted in sbl.spamhaus.org

If the blacklist works, you'll get an email that looks something like this:

Subj: Your SBL test report
Testing your SBL block. See http://www.crynwr.com/spam/ for more info.
Please note that this test will not tell you if your server is open for
relaying. Instead, it tests to see if your server blocks email from IP
addresses listed in various blocking lists; in this case, the SBL list.

Here's how the conversation looked from sbl.crynwr.com.
Note that some sites don't apply the SBL block to postmaster, so
I use your envelope sender as the To: address.

I connected to 64.246.24.14 and here's the conversation I had:

220-whm.yourserver.com ESMTP Exim 4.24 #1 Thu, 16 Oct 2003 08:23:23 -0700
220-We do not authorize the use of this system to transport unsolicited,
220 and/or bulk e-mail.
helo sbl.crynwr.com
250 whm.yourserver.com Hello sbl.crynwr.com [192.203.178.107]
mail from:<>
250 OK
rcpt to:<eMtnMan@yourdomain.com>
550-Message rejected because sbl.crynwr.com [192.203.178.107] is blacklisted at
550 sbl.spamhaus.org see http://www.spamhaus.org/SBL/sbl.lasso?query=SBLTEST
Terminating conversation

If the RBL block fails, you'll receive TWO emails:

Subj: Your SBL test report
Testing your SBL block. See http://www.crynwr.com/spam/ for more info.
Please note that this test will not tell you if your server is open for
relaying. Instead, it tests to see if your server blocks email from IP
addresses listed in various blocking lists; in this case, the SBL list.

Here's how the conversation looked from sbl.crynwr.com.
Note that some sites don't apply the SBL block to postmaster, so
I use your envelope sender as the To: address.

I connected to 64.246.24.14 and here's the conversation I had:

220-whm.yourserver.com ESMTP Exim 4.24 #1 Thu, 16 Oct 2003 08:19:44 -0700
220-We do not authorize the use of this system to transport unsolicited,
220 and/or bulk e-mail.
helo sbl.crynwr.com
250 whm.yourserver.com Hello sbl.crynwr.com [192.203.178.107]
mail from:<>
250 OK
rcpt to:<eMtnMan@yourdomain.com>
250 Accepted
data
354 Enter message, ending with "." on a line by itself
From: nelson-SBL-test@crynwr.com
To: eMtnMan@yourdomain.com
Date: Thu, 16 Oct 2003 15:19:46 -0000
Message-Id: <1066317586@sbl.crynwr.com>

Test message
.
250 OK id=1AA9uj-0005xq-2l
quit
Successful termination. As far as I can tell, the email was delivered.
That might not be what you want.

Subj: (BLANK)
Uh-oh, your SBL block is not working!

Nice :cool:

I was just about to try a similar setup myself, and while trudging through the Exim docs I decided to search here.

Works well so far. Thank you!!

I was in the same situation, glad to hear it helped you out.

nice. I have implemented this how-to and it is working well.

Can we use IPs in rblblacklist? like 000.000.000 or 000.000.000.000/19?

Apparently not. I just tested by placing the IP of another of my servers in rblblacklist, and the mail was delivered.

However there may be another way to do this (aside from your firewall). A look through the Exim docs would be required.

It would be nice if /etc/rblbypass accepted email addresses, like jim@domain.com, and not just domain.com!

But it's still useful to bypass a domain for spam checks so you can see how much spam you would get without the blocklists.

Is there a way to put IP's in the whitelist?

I believe that you could add the IP's as you would a hostname in /etc/rblwhitelist.

Are you sure about that?

No, not sure. You could always just add IP's and test it. Unfortunately I no longer have my server and having nothing to test it on. Perhaps an Exim expert will be able to answer this one.

The question I have is how to use Exim with cgi programs that require sendmail setup in their config? Our server does not have sendmail it has Exim instead.

So how to setup exim with the cgi prog configuration ?

Thanks for your reply in advance. linuxlinux.

Originally posted by venomx
Can we use IPs in rblblacklist? like 000.000.000 or 000.000.000.000/19?

yeah, that's possible, change the following :

hostlist rbl_whitelist = lsearch;/etc/relayhosts : partial-lsearch;/etc/rblwhitelist

to

hostlist rbl_whitelist = lsearch;/etc/relayhosts : net-iplsearch;/etc/rblwhitelist

and you will be able to whitelist the whole range of IPs using CIDR

Isnt that the whitelist? I want to do it with the black list....

Originally posted by linuxlinux
The question I have is how to use Exim with cgi programs that require sendmail setup in their config? Our server does not have sendmail it has Exim instead.

So how to setup exim with the cgi prog configuration ?

Thanks for your reply in advance. linuxlinux.

Even if you have exim a symlink to Exim with the name sendmail should exist on your system. If not you should create it.
Just locate the exim binary and create a link to it. Should be something like this

ln -s /path/to/exim /usr/bin/sendmail

Originally posted by stftk
Below is a perfect method to setup exim... <snip> All credits for this goto Pat from talkroot.com... I don't know who "Pat" is, but this HowTo Setup was written by me, you'll still find my handle (eMtnMan) in one of the fake email addresses. I originally posted this thread in the forums.ev1servers.net forums, but since I just joined here, I can't post the URL. To see my original post, search the ev1 forum for "HowTo: RBL or DNSBL with Exim"

-----

Since I wrote this How-To over eighteen months ago, the anti-spam landscape has changed significantly. Spammers have gotten more creative and aggressive, and cPanel now has added Spamassassin and Clam Anti-Virus, plus the excellent exim switch: "Verify the existance of email senders", in addition, other tools like Vipul's Razor, DCC and SARE have made Spam filtering even better. The APF (advanced policy firewall) with brute force detection add yet another layer in your anti-spam arsenal.

Pairote Manunphol of RvSkin has recently written an excellent How-To on installing all of the above products in one integrated whole for cPanel/RvSkin Exim users. It includes domain-level control for each feature so you can tailor the features to each customer's needs.

The How-To and ordering info is located on the rvskin.com website, for the link search ev1 for my "Anti-Spam How-To Update"

I had a problem with my install, so I used Pairote's services and he had everything humming within a couple of days. I elected to do a double Spamassassin check so I could also take advantage of Cpanel's built-in spam quarantine folders. If your server is heavily loaded, you may want to stick with Pairote's default one-pass method and give your server a break.

Over the last month, my spam rejection rate has doubled (over 14,000 killed per week on one web server alone) and the spam that gets through is quite rare, perhaps one or two a day for a long-existing account that serves as the abuse, webmaster and postmaster mailbox for over 50 domains and used to get about 40 a day using the old system (above).

Clam takes care of the viruses (and allows you to scan entire domain directories) and APF w/BFD not only stops brute force attacks, it terminates spammers who send more than ten emails to unknown accounts! Best of all, we've had zero problems with false positives and the good email is still getting through. Life is good... and I'm as happy as a Clam! :)

Have fun,

Paul <eMtnMan>
----------------

Here's how I explained the new system to my customers:

ANTI-SPAM TESTS...

The following is a summary of SPAM tests currently used by our servers:

1) Is it real? Each message is tested for authenticity in numerous ways, we even ask the sending server if the "from" address is from a valid sender. Messages with falsified server info, faked server addresses, unknown senders or forged (spoofed) headers are immediately rejected.

2) Is it safe? Our virus scanner scans the message for viruses and worms. Any message with unsafe or infected attachments is immediately rejected.

3) From a known spammer? Every message source is checked against several spam detecting services to see if it is from a known spam source. We currently check each message's source with: spamcop.net, spamhaus.org, abuseat.org, njabl.org, Razor and the Distributed Checksum Clearinghouse anti-spam databases. Any message coming from a server that is listed on one of these databases is immediately rejected.

4) High Spamassassin score? Spamassassin checks all the internal links for known spammers and scores the message. If it scores higher than 15 it is almost certainly SPAM, so we automatically reject it.

5) Final Spamassassin check... messages that have made it through the above gauntlet get one final run through Spamassassin. Those that score higher than 5 are marked as SPAM with the score (i.e. *SPAM*12.5:) in the subject and the original message is included as an attachment that you can safely preview. You can also use an Outlook filter to move these messages to a special folder for later review.

We also have a number of options available to make your SPAM blocking even stronger and more transparent, including a SPAM box on the server that quarantines SPAM for your later review and a "box trapper" that automatically requires that all people not on your white-list to reply to a verification email before they can send email to you.

Just let us know and we will be happy to implement a customized anti-SPAM solution for your domain that best suits your needs.

HOPE THIS HELPS!

Paul <eMtnMan>

Here's a tweak of my original script, it will produce a SPAM tracking report like this for all your active log files:

From: 2005-03-27
Thru: 2005-04-03
------------------
Deleted SPAM:
------------------
dsbl.org = 3510
spamcop = 1486
abuseat = 741
spamhaus = 389
njabl.org = 71
SPAM Assn. = 234
------
SPAM Kills = 6431

------------------
Fake or Unsafe:
------------------
Virus/Atch = 6
Forged HELO= 1492
No Host = 3022
No IP = 379
No Relay = 31
Bad Sender = 1004
Bad Recpt = 1650
------
Fake Kills = 7584

------------------
TOTAL DELETE 14015
------------------

If your server is under a heavy load, you'll probably want to run this offline or late at night... It's crude, but it helps you select which tests should be placed in your SPAM filter structure first. By placing the most effective ones first, you minimize your server's load for SPAM filtering.

As you can see, about 55% of my SPAM get rejected as fake before it's accepted by the server, so the majority never even sees a DNSRBL. My first two DNSRBL's (dsbl.org & spamcop) whack another 35%... and the vast majority (over 98%) of my spam is history before SpamAssassin ever gets a whack at them. Killing fakes early and using strong DNSRBL's will save you major CPU...

Hope this helps!

Paul (eMtnMan)
---------------

Here's the script:

echo .......
echo
echo REJECTS:
tail -20 /var/log/exim_rejectlog
echo .......
echo
echo PANIC:
tail /var/log/exim_paniclog
printf "\n"
echo ------------------
echo ANTI-SPAM MONITOR
echo ------------------
grep -i "reject\|sender\|attachm\|virus\|no host\|no ip" /var/log/exim_mainlog > kilme
echo
printf " From: "
grep -m1 "" kilme | cut -d' ' -f1
printf " Thru: "
tail -1 kilme | cut -d' ' -f1
echo
echo ------------------
echo Deleted SPAM:
echo ------------------
printf "dsbl.org = "
grep -ci "dsbl.org" kilme
printf "spamcop = "
grep -ci "spamcop.net" kilme
printf "abuseat = "
grep -ci "abuseat.org" kilme
printf "spamhaus = "
grep -ci "spamhaus.org" kilme
printf "njabl.org = "
grep -ci "njabl.org" kilme
printf "SPAM Assn. = "
grep -ci "spam score" kilme
echo " ------"
printf "SPAM Kills = "
grep -ci "blackl\|spam score" kilme
echo
echo ------------------
echo Fake or Unsafe:
echo ------------------
printf "Virus/Atch = "
grep -ci "virus\|attachm" kilme
printf "Forged HELO= "
grep -ci "Forged HELO" kilme
printf "No Host = "
grep -ci "no host" kilme
printf "No IP = "
grep -ci "no ip" kilme
printf "No Relay = "
grep -ci "not permitted" kilme
printf "Bad Sender = "
grep -ci "sender" kilme
printf "Bad Recpt = "
grep -icv "Forged HELO\|no host\|no ip\|not permitted\|sender\|spam score\|blackl\|virus\|attachm" kilme
echo " ------"
printf "Fake Kills = "
grep -civ "spam score\|blackl" kilme
printf "\n"
echo ------------------
printf "TOTAL DELETE "
grep -c "" kilme
echo ------------------
echo
echo
echo
zgrep -i "reject\|sender\|attachm\|virus\|no host\|no ip" /var/log/exim_mainlog.1.gz > kilme
printf " From: "
grep -m1 "" kilme | cut -d' ' -f1
printf " Thru: "
tail -1 kilme | cut -d' ' -f1
echo
echo ------------------
echo Deleted SPAM:
echo ------------------
printf "dsbl.org = "
grep -ci "dsbl.org" kilme
printf "spamcop = "
grep -ci "spamcop.net" kilme
printf "abuseat = "
grep -ci "abuseat.org" kilme
printf "spamhaus = "
grep -ci "spamhaus.org" kilme
printf "njabl.org = "
grep -ci "njabl.org" kilme
printf "SPAM Assn. = "
grep -ci "spam score" kilme
echo " ------"
printf "SPAM Kills = "
grep -ci "blackl\|spam score" kilme
echo
echo ------------------
echo Fake or Unsafe:
echo ------------------
printf "Virus/Atch = "
grep -ci "virus\|attachm" kilme
printf "Forged HELO= "
grep -ci "Forged HELO" kilme
printf "No Host = "
grep -ci "no host" kilme
printf "No IP = "
grep -ci "no ip" kilme
printf "No Relay = "
grep -ci "not permitted" kilme
printf "Bad Sender = "
grep -ci "sender" kilme
printf "Bad Recpt = "
grep -icv "Forged HELO\|no host\|no ip\|not permitted\|sender\|spam score\|blackl\|virus\|attachm" kilme
echo " ------"
printf "Fake Kills = "
grep -civ "spam score\|blackl" kilme
printf "\n"
echo ------------------
printf "TOTAL DELETE "
grep -c "" kilme
echo ------------------
echo
echo
echo
echo
echo
zgrep -i "reject\|sender\|attachm\|virus\|no host\|no ip" /var/log/exim_mainlog.2.gz > kilme
printf " From: "
grep -m1 "" kilme | cut -d' ' -f1
printf " Thru: "
tail -1 kilme | cut -d' ' -f1
echo
echo ------------------
echo Deleted SPAM:
echo ------------------
printf "dsbl.org = "
grep -ci "dsbl.org" kilme
printf "spamcop = "
grep -ci "spamcop.net" kilme
printf "abuseat = "
grep -ci "abuseat.org" kilme
printf "spamhaus = "
grep -ci "spamhaus.org" kilme
printf "njabl.org = "
grep -ci "njabl.org" kilme
printf "SPAM Assn. = "
grep -ci "spam score" kilme
echo " ------"
printf "SPAM Kills = "
grep -ci "blackl\|spam score" kilme
echo
echo ------------------
echo Fake or Unsafe:
echo ------------------
printf "Virus/Atch = "
grep -ci "virus\|attachm" kilme
printf "Forged HELO= "
grep -ci "Forged HELO" kilme
printf "No Host = "
grep -ci "no host" kilme
printf "No IP = "
grep -ci "no ip" kilme
printf "No Relay = "
grep -ci "not permitted" kilme
printf "Bad Sender = "
grep -ci "sender" kilme
printf "Bad Recpt = "
grep -icv "Forged HELO\|no host\|no ip\|not permitted\|sender\|spam score\|blackl\|virus\|attachm" kilme
echo " ------"
printf "Fake Kills = "
grep -civ "spam score\|blackl" kilme
printf "\n"
echo ------------------
printf "TOTAL DELETE "
grep -c "" kilme
echo ------------------
echo
echo
echo
echo
zgrep -i "reject\|sender\|attachm\|virus\|no host\|no ip" /var/log/exim_mainlog.3.gz > kilme
printf " From: "
grep -m1 "" kilme | cut -d' ' -f1
printf " Thru: "
tail -1 kilme | cut -d' ' -f1
echo
echo ------------------
echo Deleted SPAM:
echo ------------------
printf "dsbl.org = "
grep -ci "dsbl.org" kilme
printf "spamcop = "
grep -ci "spamcop.net" kilme
printf "abuseat = "
grep -ci "abuseat.org" kilme
printf "spamhaus = "
grep -ci "spamhaus.org" kilme
printf "njabl.org = "
grep -ci "njabl.org" kilme
printf "SPAM Assn. = "
grep -ci "spam score" kilme
echo " ------"
printf "SPAM Kills = "
grep -ci "blackl\|spam score" kilme
echo
echo ------------------
echo Fake or Unsafe:
echo ------------------
printf "Virus/Atch = "
grep -ci "virus\|attachm" kilme
printf "Forged HELO= "
grep -ci "Forged HELO" kilme
printf "No Host = "
grep -ci "no host" kilme
printf "No IP = "
grep -ci "no ip" kilme
printf "No Relay = "
grep -ci "not permitted" kilme
printf "Bad Sender = "
grep -ci "sender" kilme
printf "Bad Recpt = "
grep -icv "Forged HELO\|no host\|no ip\|not permitted\|sender\|spam score\|blackl\|virus\|attachm" kilme
echo " ------"
printf "Fake Kills = "
grep -civ "spam score\|blackl" kilme
printf "\n"
echo ------------------
printf "TOTAL DELETE "
grep -c "" kilme
echo ------------------
echo
echo
echo
echo
echo
zgrep -i "reject\|sender\|attachm\|virus\|no host\|no ip" /var/log/exim_mainlog.4.gz > kilme
printf " From: "
grep -m1 "" kilme | cut -d' ' -f1
printf " Thru: "
tail -1 kilme | cut -d' ' -f1
echo
echo ------------------
echo Deleted SPAM:
echo ------------------
printf "dsbl.org = "
grep -ci "dsbl.org" kilme
printf "spamcop = "
grep -ci "spamcop.net" kilme
printf "abuseat = "
grep -ci "abuseat.org" kilme
printf "spamhaus = "
grep -ci "spamhaus.org" kilme
printf "njabl.org = "
grep -ci "njabl.org" kilme
printf "SPAM Assn. = "
grep -ci "spam score" kilme
echo " ------"
printf "SPAM Kills = "
grep -ci "blackl\|spam score" kilme
echo
echo ------------------
echo Fake or Unsafe:
echo ------------------
printf "Virus/Atch = "
grep -ci "virus\|attachm" kilme
printf "Forged HELO= "
grep -ci "Forged HELO" kilme
printf "No Host = "
grep -ci "no host" kilme
printf "No IP = "
grep -ci "no ip" kilme
printf "No Relay = "
grep -ci "not permitted" kilme
printf "Bad Sender = "
grep -ci "sender" kilme
printf "Bad Recpt = "
grep -icv "Forged HELO\|no host\|no ip\|not permitted\|sender\|spam score\|blackl\|virus\|attachm" kilme
echo " ------"
printf "Fake Kills = "
grep -civ "spam score\|blackl" kilme
printf "\n"
echo ------------------
printf "TOTAL DELETE "
grep -c "" kilme
echo ------------


SOME NOTES:

1) The script creates a temporary file called "kilme" to process the exim mainlog and all four old .gz logs.

2) You may have to customize it if your DNSRBL's / error messages / file locations are different from mine.

3) This command will show you what isn't selected by my filters so you can create your own filters (I disregard the "unexpected disconnection" errors since they are a result of us dropping them):
grep -iv "reject\|sender\|attachm\|virus\|no host\|no ip" /var/log/exim_mainlog | more

4) The first two items (before the report) take a peek at the latest entries in the panic and rejects logs, just in case we're having a problem. They are optional.

Pairote also recommended the following:

For the software update:

DCC: /var/dcc/libexec/updatedcc

SARE signature: /etc/mail/rulesdujour/my_rules_du_jour

Spamassassin, and Clam: updated by cPanel if you check the checkbox to keep clamavconnector module up-to-date.

Razor: this need to manual update, but it is very rare to update.

You can also boost up the SPAM rate by add this following lines in /etc/mail/spamassassin/local.cf
score BAYES_99 0 3.00 3.00 3.00
score URIBL_AB_SURBL 0 6.50 6.50 6.50
score URIBL_OB_SURBL 0 4.50 4.50 4.50
score URIBL_SBL 0 2.50 2.50 2.50
score URIBL_SC_SURBL 0 6.00 6.00 6.00
score URIBL_WS_SURBL 0 4.50 4.50 4.50

Hope this helps!

Paul <eMtnMan>

Hello:

Thanks for this great tutorial. I've tried to set this up a few times now, and every time i do it, I cannot use my SMTP server to send mail afterwords!

Basically the smtp server does not accept connections afterwords- and i am very unsure why. I remove all the new configs in this tutorial and everything works fine again. (This is not a pop before smpt issue etc)

Obvioulsy this isn't idea! Please let me know if you have any ideas why.

Thanks!
-Donald

wow.. nice..

Hello:

Thanks for this great tutorial. I've tried to set this up a few times now, and every time i do it, I cannot use my SMTP server to send mail afterwords!

Basically the smtp server does not accept connections afterwords- and i am very unsure why. I remove all the new configs in this tutorial and everything works fine again. (This is not a pop before smpt issue etc)

Obvioulsy this isn't idea! Please let me know if you have any ideas why.

Thanks!
-Donald


What's the error message you receive afterwards?

All made configurations as it was requested however now I don't get more to send e-mails through outlook for external e-mails (out of my server). Outlook returns this message:

An unknown error has occurred. Subject 'Teste', Account: 'Contato - Softhost (Server 1)', Server: 'mail.softhost.com.br', Protocol: SMTP, Port: 25, Secure(SSL): No, Error Number: 0x800CCC0B

If I remove the configurations that they were mentioned in this thread, works. What is wrong?

Hi,

I've configured Exim to work with RBLs and whitelists like this tutorial says.
RBLs checks work fine, a lot of spammers are rejected but if I want
to "whitelist" an IP I've problems...

When I've to whitelist a host, I add to /etc/rblwhitelist the hostname and the IP of the remote machine and this is what happens...

2005-12-21 18:53:23 1Ep89T-0007qB-GQ <= userfrom@domain.com
H=XXX.red-XXX-XXX-64.user.auna.net (alvaro) [64.XXX.XXX.XXX] P=esmtp S=10171 id=00a401c60657$57fbd0c0$a900a8c0@alvaro

2005-12-21 19:07:08 H=(PORTATIL) [64.XXX.XXX.XXX]
F=<userfrom@domain.com> rejected RCPT <userto@domain.com>: Message rejected because (PORTATIL) [64.XXX.XXX.XXX] is blacklisted at list.dsbl.org see ....

2005-12-21 19:07:24 1Ep8N2-0003MW-Jr <= userfrom@domain.com
H=XXX.red-XX-XX-64.user.auna.net (PORTATIL) [64.XXX.XXX.XXX] P=esmtp S=296 c60659$4c863e40$6a00a8c0@PORTATIL
It seems like when HELO command doesn't include the hostname
(second case), exim doesn't watch the whitelist file. In the first and
third cases, the HELO command has the correct hostname and the whitelist
file seems that is read.

Any reason for this? Any idea to whitelist by IP without check HELO?

Thx a lot in advance.

eMtnMan is there a way to have these stats emailed to me weekly?

Hi,

I am considering implementing RBL's on my server, however I would like to know how much spam I am receiving at the moment (currently running SpamAssasin), as well as how many e-mails my box receive's. How do I find this information out?

Thanks :)