How to Add Custom Real-time Blackhole Lists (RBLs) in WHM

One of the first things a cPanel user should learn is how to block spam in cPanel with DNS records and prevent your emails from being marked as junk. That guide covers a lot of automated technical controls that can stop more obvious spam. But it’s not enough. Phishing has been a top three most reported breach method for the last five years, according to Verizon’s 2020 Data Breach Investigation Report (DBIR). That means more needs to be done to mitigate phishing and other Business Email Compromise (BEC) attacks. And there undoubtedly are cyber attackers who know how to spam with cPanel or bypass these controls.

Blocking IP addresses from emailing your web server is another technical control to improve email security. WebHost Manager (WHM) allows multiple methods for this. The easiest is by country and domain. But with virtual private networks (VPNs) and proxy services (some free) being commonly used to bypass region restrictions, there’s still a lot of room for improvement.

A Real-time Blackhole List (RBL), or DNSBL, can help.

Ask how to secure cPanel with our Managed VPS Hosting plans.

What is a Real-time Blackhole List (RBL)?

Sometimes used interchangeably with blacklist, a RBL is a list of IP addresses and domains that are known or suspected to be used for malicious purposes. That includes multiple factors:

  • Newly registered domains
  • IPs with a bad DNS reputation
  • IPs sending emails with faulty headers

Your specific needs determine what types of RBLs and how many you should use. Remember, the biggest advantages to implementing RBLs are:

  • You don’t have to manually maintain the list
  • The work is done before it reaches the end user

Where are RBLs?

There are multiple 3rd party RBLs available online. WHM includes Spamhaus.org and SpamCop.net by default. For additional RBLs, check out Talos Intelligence IP blacklist and SpamEatingMonkey. Consider only enabling one RBL at a time to help you spot and troubleshoot any legit emails being blocked. Exim logs can help you troubleshoot false positives as well.

Remember, these are third party vendors. Research what these vendors do with the information they receive and requirements to use their blacklists.

How to Add a Custom RBL in WHM

Below we’ll cover how to add a custom RBL in WHM. We’ll use the SpamEatingMonkey Black RBL in our example but the steps in WHM are the same for others.

  1. Log into WHM
  2. On the left, select Exim Configuration Manager
  3. Select the RBLs tab
  4. Select Manage Custom RBLs
  5. Under Add a new RBL, for Rbl Name, create a name that will remind you what it is
    Add SEM Black RBL in WHM
  6. (Optional) Add a Rbl Info URL that provides information about the blacklist
  7. Add the actual RBL link for Dns List
  8. Select Add to be taken to a notification page directing you to enable it in your Configuration Editor, then rebuild your Exim config
  9. Select Configuration Editor to return to Manage Custom RBLs
  10. Select RBLs
  11. To right of Custom RBL: [YourNewRBL], select On
  12. Select Save to rebuild Exim

Again, adding Real-time Blackhole Lists is just one of many ways to mitigate, not prevent, phishing attacks. other ways to harden your managed VPS or dedicated server. Security awareness training is required to fight more clever phishing and social engineering attacks such the “On this day I hacked your OS” email. Let us know your thoughts in our Community Support Center.

Was this article helpful? Let us know!