Using a Realtime Blackhole List (RBL) is a high effective tool to fight spam. An RBL works by maintaining a list of IP addresses and domains that are known or suspected of being used for malicious purposes such as sending spam email.
The main purpose of using an RBL with Exim is to preventing spam from reaching your email account. At the time of writing there are nearly 100 actively managed RBLs that you can use. Each RBL has different criteria for listing an IP address or domain and is managed by different companies or organisations. There are two types of RBLs: Public and Private. Public RBLs such as those maintained by SpamHaus can be used by anyone but Private RBLs such as those maintained by Google or Microsoft are closed and cannot be used by anyone other than that provider.
DirectAdmin comes with an array of email spam fighting tools such as SpamBlocker, EasySpamFilter Blockcracker, Rspamd, SpamAssassin which when combined with Exim offers extensive facilities for checking incoming and outgoing email for any malicious intent. Once Exim receives an email it will compare it against the list of RBLs provided by SpamBlocker and reject those that appear on any of the RBLs. If the email doesn’t appear on an RBL it will then be passed to Rspamd or SpamAssassin for further checks before reaching your email account.
In this guide, we will show you how to enable RBL Blocking via both the DirectAdmin dashboard or using the command line (SSH) and add custom RBLs or remove the existing default RBLs (abuseat.org, spamhaus.org and barracudacentral.org) or custom RBLs with SpamBlocker, Exim and DirectAdmin to protect your server and email accounts.
How to Enable RBL Blocking and Add Custom RBLs to SpamBlocker and Exim with DirectAdmin
Perquisites
In order to use this guide you will need to have already installed SpamBlocker to your DirectAdmin server. If you haven’t you can install SpamBlocker along with the required extra modules using the following commands.
cd /usr/local/directadmin/custombuild ./build update ./build set eximconf yes ./build set eximconf_release 4.5 ./build set blockcracking yes ./build set easy_spam_fighter yes ./build set spamd rspamd ./build set exim yes ./build exim ./build set dovecot_conf yes ./build dovecot_conf ./build rspamd ./build update ./build exim_conf
Note
The above commands will install Rspamd but if you wanted to install SpamAssassin instead you can change the ./build set and ./build options from ./build set spamd rspamd
and ./build rspamd
to ./build set spamd spamassassin
and ./build spamassassin
.
Enable RBL Blocking
In order to add our own custom RBLs to the DirectAdmin Exim configuration, we will need to ensure that RBL blocking is enabled. The default setting for RBL Blocking in DirectAdmin is NO as some people consider using an RBL system with Exim to be aggressive and will often rely on using the native RBL blocking system in SpamAssassin or Rspamd. In order to enable RBL Blocking in DirectAdmin, you can enable this from within the DirectAdmin Dashboard or through Command Line (SSH).
DirectAdmin Dashboard
In order to enable RBL blocking in DirectAdmin you will need to enable the option in the Administrator E-mail Settings dashboard. Log into your DirectAdmin server and select Administrator Settings under the Account Manager section in the DirectAdmin dashboard.
From the Admin Settings select E-mail Settings from the tabbed menu. In the E-mail Settings section select the checkbox next to Use RBL Blocking. Once complete click the Save button to update Exim and restart DirectAdmin.
DirectAdmin will setup the list of active domains that need to be filtered and checked against the RBLs. When a new domain is added to the server this will automatically be included in the active domain list for RBL Blocking.
That’s it. You have successfully enabled RBL Blocking using the DirectAdmin dashboard to SpamBlocker and Exim. Now we will need to add the custom RBLs into the Exim configuration file.
Command Line (SSH)
In order to enable RBL blocking in DirectAdmin via the command line you will need to create a symbolic link (also known as “soft links” or “symlinks”) to create a symbolic path to a location of another file.
Firstly, we will need to check to see if RBL Blocking has been enabled or not by checking if a symbolic link exists between the use_rbl_domains
and domains
files in the /etc/virtual/
folder. In order to check if the symbolic link exists we will be using the ls
command which is used to list files or directories followed by la
command which will list the files or directories in a long listing format and display any hidden files or directories. You can check if the symbolic link exist using the following command.
ls -la /etc/virtual/use_rbl_domains
If the symbolic link exists you will see an output similar to below.
[demo@vpsbasics.com ~]# ls -la /etc/virtual/use_rbl_domains lrwxrwxrwx 1 mail mail 7 Dec 11 17:23 /etc/virtual/use_rbl_domains -> domains
If the symbolic link doesn’t exist you will see an output similar to below.
[demo@vpsbasics.com ~]# -rw-r--r-- 1 mail mail 0 7 Dec 11 17:23 /etc/virtual/use_rbl_domains
In order to enable RBL Blocking via the command line you can uses the following commands.
cd /etc/virtual rm -f use_rbl_domains ln -s domains use_rbl_domains
DirectAdmin will setup the list of active domains that need to be filtered and checked against the RBLs. When a new domain is added to the server this will automatically be included in the active domain list for RBL Blocking.
That’s it. You have successfully enabled RBL Blocking to SpamBlocker and Exim using the command line (SSH). Now we will need to add the custom RBLs into the Exim configuration file.
Add Custom RBLs
Since v4.3.3 of SpamBlocker was released, the default RBL list has been changed to a variable near the top of the exim.conf
file and also enabled support for custom variables and custom strings in exim.conf
file. The default RBLs used by SpamBlocker, Exim and DirectAdmin are:
RBL_DNS_LIST=\ cbl.abuseat.org : \ b.barracudacentral.org : \ zen.spamhaus.org
We can add our own custom RBLs to this list by editing the /etc/exim.conf
after the RBL_DNS_LIST=
variable. However, if we changed the exim.conf
fileMX RBL provided directly it would get overwritten every time the ./build exim
or the ./build exim_conf
command where issued. Therefore, we will need to use a custom Exim strings template to enable our custom RBLs that will get added into the exim.conf
file when it gets rebuilt by custombuild.
As you can see above the RBL_DNS_LIST is followed by =. The = tells Exim that this is the default RBL lists to use when checking email. In our custom Exim strings template we will use == value as this will tell Exim to override the default RBL list and use the custom one instead.
To create the custom Exim strings template simply follow these commands.
touch /etc/exim.strings.conf.custom nano /etc/exim.strings.conf.custom
Now in the exim.strings.conf.custom
file we can add our own custom RBLs to the list. So for example if we wanted to add the Spamcop RBL provided by Cisco Systems or the MX RBL provided by MXRoute we would add the following commands to the exim.strings.conf.custom
file.
RBL_DNS_LIST==\ cbl.abuseat.org : \ b.barracudacentral.org : \ zen.spamhaus.org : \ bl.spamcop.net : \ bl.mxrbl.com
You will notice that we have added the existing default RBLs to the exim.strings.conf.custom
file. This is because the exim.strings.conf.custom
file will override the existing settings from SpamBlocker in the Exim configuration file. If you didn’t want to use the default RBLs and only wanted to use your own RBL such as MX RBL you would add the following commands to the exim.strings.conf.custom
file.
RBL_DNS_LIST==\ bl.mxrbl.com
Once you have finished you will need to save the file and rebuild the exim.conf
file using the following commands.
cd /usr/local/directadmin/custombuild ./build exim_conf
That’s it. You have successfully edited and enabled your own custom RBL list using a custom strings file to SpamBlocker and Exim. Now we will show you how to remove your custom RBL list and revert back to the default RBL list.
Remove Custom RBLs
If you have decided you didn’t want to use the custom RBLs with SpamBlocker and Exim anymore you can remove them by simply deleting the exim.strings.conf.custom
file and rebuilding the Exim configuration file using the following commands.
rm /etc/exim.strings.conf.custom cd /usr/local/directadmin/custombuild ./build exim_conf
That’s it. You have successfully removed the custom RBL list from SpamBlocker and Exim and rebuilt your Exim configuration file.
Other RBL Lists
If you are wanting to find different RBLs to add to your DirectAdmin server you can check out the list maintained by HetrixTools. They use an extensive list across their platform which cover IPv4 RBLs and Domain/Hostname RBLs. There is also DNSBL, a spam database lookup tool or MXToolbox that also maintain lists RBLs.
Important
However, you do need to remember that as we said above, each RBL has different criteria for listing an IP address or a domain/hostname. The RBLs are managed by different companies or organisations who have different intensions for their RBLs. We would highly recommend you fully research the RBL and its usage before adding it to SpamBlocker and Exim.
That’s it. You have now successfully enabled RBL Blocking via either the DirectAdmin dashboard or using the command line (SSH) and added a new custom RBLs to the existing default RBLs (abuseat.org, spamhaus.org and barracudacentral.org) provided with SpamBlocker and Exim and then rebuilt your Exim configuration file to protect your server and email accounts.