Advisory: Sophos Endpoint - "Your connection isn't private." We're aware of a certificate issue and are actively working to resolve it. Please see: KB-000045954 for the latest updates.

How to configure Spamhaus DBL

Has anyone configured EXIM to use a DBL?  I really need to get this working today.

I've found one example that uses a perl script callout, but it's like 15 years old and doesn't really cover what I am trying to do.

What is the easiest way to get Spamhaus Domain Block List (DBL) working using Sophos UTM?

Namecheap.com stepped up their attacks today, and now they are spamming using .com domains.



better title
[edited by: Remuflon at 11:54 PM (GMT -8) on 27 Feb 2021]
Parents
  • This question illustrates the inadequacies of UTM as a spam filter.   Making unsupported changes to the undocumented under-the-covers Exim is not a very suitable solution.

    I would be interested in someone discussing how to build a spam filter using native EXIM.    I read the EXIM documentation once, and was put off because the scripting language never mentioned the message From address as a filtering variable, but later I was told that ACLs could have done what I wanted.

    My spam comes from two primary sources:    Dedicated infrastructure and Email Service Providers (ESPs), particularly sendgrid.net.   You probably have the same two categories

    For dedicated infrastructure, blocking based on DNS name (HELO and Reverse DNS) is pretty effective.  Blocking source IP, DNS, and email addresses is even better.

    For ESPs, you need to be able to filter on the From address to detect the client.    Necessary messages such as password resets from technology vendors and account statements from your utility company need to be allowed.   Messages from clients that fraudulently impersonate a bank need to be blocked.   Messages from unrecognized clients need to be quarantined.   I will be bold enough to say that if you don't know that you have a sendgrid.net problem, you don't understand your email problem.

    To state the obvious, UTM does not know how to filter on DNS name and does not know how to filter on From address.

    The only serious mail product from Sophos is Sophos Mail in the Cloud.    After offering two embedded solutions, three appliance solutions, and 1 other cloud product, we can hope that they got it right.   I have talked to product management and they think they do have it right this time.   I do not know for sure because I have created my own solution, based on a freeware product for source filtering, with UTM and another commercial product following after to perform content filtering. 

Reply
  • This question illustrates the inadequacies of UTM as a spam filter.   Making unsupported changes to the undocumented under-the-covers Exim is not a very suitable solution.

    I would be interested in someone discussing how to build a spam filter using native EXIM.    I read the EXIM documentation once, and was put off because the scripting language never mentioned the message From address as a filtering variable, but later I was told that ACLs could have done what I wanted.

    My spam comes from two primary sources:    Dedicated infrastructure and Email Service Providers (ESPs), particularly sendgrid.net.   You probably have the same two categories

    For dedicated infrastructure, blocking based on DNS name (HELO and Reverse DNS) is pretty effective.  Blocking source IP, DNS, and email addresses is even better.

    For ESPs, you need to be able to filter on the From address to detect the client.    Necessary messages such as password resets from technology vendors and account statements from your utility company need to be allowed.   Messages from clients that fraudulently impersonate a bank need to be blocked.   Messages from unrecognized clients need to be quarantined.   I will be bold enough to say that if you don't know that you have a sendgrid.net problem, you don't understand your email problem.

    To state the obvious, UTM does not know how to filter on DNS name and does not know how to filter on From address.

    The only serious mail product from Sophos is Sophos Mail in the Cloud.    After offering two embedded solutions, three appliance solutions, and 1 other cloud product, we can hope that they got it right.   I have talked to product management and they think they do have it right this time.   I do not know for sure because I have created my own solution, based on a freeware product for source filtering, with UTM and another commercial product following after to perform content filtering. 

Children
No Data