Spam Filter Exim + Cpanel

Spam Filter Exim + Cpanel

Bagi anda yang pernah mengelola shared hosting pasti pernah atau sering dijengkelkan dengan ulah spammer yang terus menerus menguras bandwidth dan resource server kita dengan mail-mail sampah.

Cpanel sebetulnya sudah memberikan kebebasan untuk user nya melakukan editing config exim (mail server) tapi buat jadiin supaya sedikit lebih tahan spam itu perlu trik tertentu yang mungkin gak semua orang tahu :D (termasuk saya). Setelah beberapa lama keliling akhirnya nemu salah satu trik untuk memasang spam Filter di mail server Exim + Cpanel.



Trik ini sudah di test pada CPanel Versi terbaru saat ini (WHM 10.8.0 cPanel 10.9.0-C117 pada FreeBSD 4.11 Stable i386 dan FreeBSD 6.1 Stable dan menurut sumber asli nya Trik ini juga sukses di test pada RH Enterprise dan RH 7.3)

Pertama yang harus kita lakukan adalam membuat 3 file berikut ini

/etc/rblblacklist
/etc/rblbypass
/etc/rblwhitelist

untuk membuat file itu perintah nya adalah

1. touch /etc/rblblacklist; touch /etc/rblbypass; touch /etc/rblwhitelist

touch /etc/rblblacklist; touch /etc/rblbypass; touch /etc/rblwhitelist

sementara untuk isi dari file-file tersebut sepertinya sudah cukup bisa dimengerti dimana rblblacklist adalah daftar domain yang harus di block, rblbypass adalah untuk membypass test yang dilakukan oleh rbl terhadap domain-domain tertentu (biasanya local) dan rblwhitelist tentu sudah jelas yaitu daftar domain yang tidak akan pernah di blacklist.

Selanjutnya buka WHM, kemudian pilih Exim configuration editor lalu klik advanced editor button untuk masuk ke Configuration Editor.

Kemudian silahkan masukan code berikut ini dengan urutan dan lokasi yang benar.

Pada kotak pertama (paling atas) dibawah tulisan berikut masukan:

#!!# cPanel Exim 4 Config

1. domainlist rbl_blacklist = lsearch;/etc/rblblacklist
2. domainlist rbl_bypass = lsearch;/etc/rblbypass
3. hostlist rbl_whitelist = lsearch;/etc/relayhosts : partial-lsearch;/etc/rblwhitelist

domainlist rbl_blacklist = lsearch;/etc/rblblacklist domainlist rbl_bypass = lsearch;/etc/rblbypass hostlist rbl_whitelist = lsearch;/etc/relayhosts : partial-lsearch;/etc/rblwhitelist

Selanjutnya pada kolom nomor 3 dari atas (3 kolom berderet kolom yang di isi adalah yang tengah) tepat dibawah tulisan berikut ini silahkan masukan:

accept hosts = :
·········10········20········30········40········50········60········70········80········90········100·······110·······120·······130·······140·······150

1. #**#
2. #**# RBL List #**#
3. #
4. # Selalu terima mail untuk postmaster & abuse untuk semua domain local
5. #
6. accept domains = +local_domains
7. local_parts = postmaster:abuse
8. #
9. # Check sending hosts apakah termasuk dalam DNS black lists.
10. # Terima semua mssages yang dari local
11. # Reject mail apabila ada dalam daftar blacklist. (pesan dibawah bisa diganti sesuaikan saja dengan keinginan anda)
12. deny message = Message rejected because $sender_fullhost is blacklisted at $dnslist_domain see $dnslist_text :
13. !hosts = +relay_hosts
14. !authenticated = *
15.
16. #List dari domain filter kayaknya segini juga cukup bikin spam kapok
17. dnslists = dnsbl.njabl.org : bl.spamcop.net : sbl.spamhaus.org : list.dsbl.org : cbl.abuseat.org : relays.ordb.org :
18. # RBL Bypass Local Domain List
19. !domains = +rbl_bypass
20. # RBL Whitelist incoming hosts
21. !hosts = +rbl_whitelist
22. #**#
23. #**# RBL List End
24. #**#

#**# #**# RBL List #**# # # Selalu terima mail untuk postmaster & abuse untuk semua domain local # accept domains = +local_domains local_parts = postmaster:abuse # # Check sending hosts apakah termasuk dalam DNS black lists. # Terima semua mssages yang dari local # Reject mail apabila ada dalam daftar blacklist. (pesan dibawah bisa diganti sesuaikan saja dengan keinginan anda) deny message = Message rejected because $sender_fullhost is blacklisted at $dnslist_domain see $dnslist_text : !hosts = +relay_hosts !authenticated = * #List dari domain filter kayaknya segini juga cukup bikin spam kapok dnslists = dnsbl.njabl.org : bl.spamcop.net : sbl.spamhaus.org : list.dsbl.org : cbl.abuseat.org : relays.ordb.org : # RBL Bypass Local Domain List !domains = +rbl_bypass # RBL Whitelist incoming hosts !hosts = +rbl_whitelist #**# #**# RBL List End #**#

Selanjutnya adalah memasukan entry berikut pada kolom ke Tujuh (ROUTERS CONFIGURATION)
·········10········20········30········40········50········60········70········80········90········100·······110·······120·······130·······140·······150

1. # Deny and send notice to list of rejected domains.
2. reject_domains:
3. driver = redirect
4. # RBL Blacklist incoming hosts
5. domains = +rbl_blacklist
6. allow_fail
7. data = :fail: Connection rejected: SPAM source $domain is manually blacklisted.

# Deny and send notice to list of rejected domains. reject_domains: driver = redirect # RBL Blacklist incoming hosts domains = +rbl_blacklist allow_fail data = :fail: Connection rejected: SPAM source $domain is manually blacklisted.

ok kalo udah sampe sana berarti kira-kira udah beres yaa silahkan di save configurasi nya dan restart exim mau lewat whm atau lewat shell terserah sama saja :).

Selanjutnya silahkan buka panic log dari mail server anda dengan mengetikan perintah berikut ini:

FreeBSD

1. tail -50 /var/log/exim/paniclog

tail -50 /var/log/exim/paniclog

Linux

1. tail -50 /var/log/exim_paniclog

tail -50 /var/log/exim_paniclog

dan analisa apakah ada error yang terjadi disana apabila kelihatan ada error anda bisa balikin lagi config nya atau perbaiki kesalahan yang ditampilkan tersebut.

Kemudian lihat apakah Filter kita sudah aktif atau belum dengan melihat rejectlog dengan perintah berikut ini:

FreeBSD

1. tail -50 /var/log/exim/rejectlog

tail -50 /var/log/exim/rejectlog

Linux

1. tail -50 /var/log/exim_rejectlog

tail -50 /var/log/exim_rejectlog

Apabila semuanya ok sekarang kita test dengan mengirimkan mail kosong ke nelson-sbl-test@crynwr.com (hanya berlaku apabila anda mempergunakan rbl filter dari sbl.spamhaus.org) yang kemudian akan dijawab dengan mail hasil cek mail server kita yang kira-kira isinya seperti ini.
·········10········20········30········40········50········60········70········80········90········100·······110·······120·······130·······140·······150

1. Testing your SBL block. See http://www.crynwr.com/spam/ for more info.
2. Please note that this test will not tell you if your server is open for
3. relaying. Instead, it tests to see if your server blocks email from IP
4. addresses listed in various blocking lists; in this case, the SBL list.
5.
6. Here's how the conversation looked from sbl.crynwr.com.
7. Note that some sites don't apply the SBL block to postmaster, so
8. I use your envelope sender as the To: address.
9.
10. I connected to 202.149.86.114 and here's the conversation I had:
11.
12. 220-server2.nusantaraonline.info ESMTP Exim 4.64 #0 Fri, 05 Jan 2007 08:46:12 +0700
13. 220-We do not authorize the use of this system to transport unsolicited,
14. 220 and/or bulk e-mail.
15. helo sbl.crynwr.com
16. 250 mail.giest.or.id Hello nelson at sbl.crynwr.com [192.203.178.107]
17. mail from:<>
18. 250 OK
19. rcpt to:
20. 550-Message rejected because sbl.crynwr.com [192.203.178.107] is blacklisted at
21. 550 sbl.spamhaus.org see http://www.spamhaus.org/SBL/sbl.lasso?query=SBL230 :
22. Terminating conversation

Testing your SBL block. See http://www.crynwr.com/spam/ for more info. Please note that this test will not tell you if your server is open for relaying. Instead, it tests to see if your server blocks email from IP addresses listed in various blocking lists; in this case, the SBL list. Here's how the conversation looked from sbl.crynwr.com. Note that some sites don't apply the SBL block to postmaster, so I use your envelope sender as the To: address. I connected to 202.149.86.114 and here's the conversation I had: 220-server2.nusantaraonline.info ESMTP Exim 4.64 #0 Fri, 05 Jan 2007 08:46:12 +0700 220-We do not authorize the use of this system to transport unsolicited, 220 and/or bulk e-mail. helo sbl.crynwr.com 250 mail.giest.or.id Hello nelson at sbl.crynwr.com [192.203.178.107] mail from:<> 250 OK rcpt to: 550-Message rejected because sbl.crynwr.com [192.203.178.107] is blacklisted at 550 sbl.spamhaus.org see http://www.spamhaus.org/SBL/sbl.lasso?query=SBL230 : Terminating conversation

Apabila anda mendapat mail seperti itu berarti anda sudah sukses dan mail server anda sekarang sudah lumayan terproteksi oleh sbl.spamhaus.org beserta beberapa rbl yang lainnya.

Ok kalo udah semuanya sekarang ada satu contoh script untuk menghitung berapa banyak spam yang berhasil di blok (cuman tambahan aja) siapa tahu iseng pengen lihat dalam satu bulan berapa ribu spam yang kena.

Script berikut untuk FreeBSD
·········10········20········30········40········50········60········70········80········90········100·······110·······120·······130·······140·······150

1. grep "blacklisted" /var/log/exim/mainlog -i > kilme
2. tail -100 kilme
3. tail /var/log/exim/paniclog
4. printf "n"
5. printf "Spam Count = "
6. grep "blacklisted" kilme -c -i
7. printf "njabl.org = "
8. grep "njabl.org" kilme -c
9. printf "spamcop = "
10. grep "bl.spamcop" kilme -c
11. printf "spamhaus = "
12. grep "sbl.spamhaus" kilme -c
13. printf "dsbl.org = "
14. grep "dsbl" kilme -c
15. printf "abuseat = "
16. grep "abuseat.org" kilme -c
17. printf "ordb.org = "
18. grep "ordb" kilme -c
19. printf "Manual = "
20. grep "manual" kilme -c
21. printf "verify fail= "
22. grep "verify fail" /var/log/exim/mainlog -c
23. printf "No Relay = "
24. grep "not permitted" /var/log/exim/mainlog -c
25. printf "n"
26. printf "All Spam: n"
27. zgrep -ci "blacklisted" /var/log/exim/mainlog*
28. printf "n"

grep "blacklisted" /var/log/exim/mainlog -i > kilme tail -100 kilme tail /var/log/exim/paniclog printf "n" printf "Spam Count = " grep "blacklisted" kilme -c -i printf "njabl.org = " grep "njabl.org" kilme -c printf "spamcop = " grep "bl.spamcop" kilme -c printf "spamhaus = " grep "sbl.spamhaus" kilme -c printf "dsbl.org = " grep "dsbl" kilme -c printf "abuseat = " grep "abuseat.org" kilme -c printf "ordb.org = " grep "ordb" kilme -c printf "Manual = " grep "manual" kilme -c printf "verify fail= " grep "verify fail" /var/log/exim/mainlog -c printf "No Relay = " grep "not permitted" /var/log/exim/mainlog -c printf "n" printf "All Spam: n" zgrep -ci "blacklisted" /var/log/exim/mainlog* printf "n"

Dan yang berikut ini buat Linux
·········10········20········30········40········50········60········70········80········90········100·······110·······120·······130·······140·······150

1. grep "blacklisted" /var/log/exim_mainlog -i > kilme
2. tail -100 kilme
3. tail /var/log/exim_paniclog
4. printf "n"
5. printf "Spam Count = "
6. grep "blacklisted" kilme -c -i
7. printf "njabl.org = "
8. grep "njabl.org" kilme -c
9. printf "spamcop = "
10. grep "bl.spamcop" kilme -c
11. printf "spamhaus = "
12. grep "sbl.spamhaus" kilme -c
13. printf "dsbl.org = "
14. grep "dsbl" kilme -c
15. printf "abuseat = "
16. grep "abuseat.org" kilme -c
17. printf "ordb.org = "
18. grep "ordb" kilme -c
19. printf "Manual = "
20. grep "manual" kilme -c
21. printf "verify fail= "
22. grep "verify fail" /var/log/exim_mainlog -c
23. printf "No Relay = "
24. grep "not permitted" /var/log/exim_mainlog -c
25. printf "n"
26. printf "All Spam: n"
27. zgrep -ci "blacklisted" /var/log/exim_mainlog*
28. printf "n"

grep "blacklisted" /var/log/exim_mainlog -i > kilme tail -100 kilme tail /var/log/exim_paniclog printf "n" printf "Spam Count = " grep "blacklisted" kilme -c -i printf "njabl.org = " grep "njabl.org" kilme -c printf "spamcop = " grep "bl.spamcop" kilme -c printf "spamhaus = " grep "sbl.spamhaus" kilme -c printf "dsbl.org = " grep "dsbl" kilme -c printf "abuseat = " grep "abuseat.org" kilme -c printf "ordb.org = " grep "ordb" kilme -c printf "Manual = " grep "manual" kilme -c printf "verify fail= " grep "verify fail" /var/log/exim_mainlog -c printf "No Relay = " grep "not permitted" /var/log/exim_mainlog -c printf "n" printf "All Spam: n" zgrep -ci "blacklisted" /var/log/exim_mainlog* printf "n"

Ok deh lengkap sudah semuanya semoga tidak membuat server anda jadi error :P.

Oh iya Artikel ini asli nya orang lain yang bikin maaf bukan gak mau ngasih kredit dan link ke URL asli nya cuman udah lupa yang asli nya dari mana tapi bener koq saya cuman nerjemahin, nambahin kanan kiri, edit kanan kiri tapi walaupun udah gak terlalu mirip sama yang asli nya tetep aja kredit buat pembuat yang pertama
artikel lengkap disini

Related Posts by Categories