Author Topic: zen.spamhaus.org or postfix or control web panel  (Read 3412 times)

0 Members and 1 Guest are viewing this topic.

Offline
*
zen.spamhaus.org or postfix or control web panel
« on: August 19, 2022, 01:16:32 PM »
Few days ago I noticed a plenty of email messages denied by system in /var/log/maillog, system gone wild.
Zen spamhaus  org in combination with postfix configuration marked some incoming email servers as blacklisted servers, some of them weren't on spamhaus list at all.

I tested some IP addresses there:
https://check.spamhaus.org/

Configuration of postfix main.cf wasn't changed for months.
Maybe anyone have more info about that problem? Is it spamhaus error/bug with false positive reporting or is there anything with the current system?


Example:
Code: [Select]
Aug 18 14:47:46 srv postfix/smtpd[32701]: NOQUEUE: reject: RCPT from example.mailserver.com[xxx.xxx.xxx.xxx]: 554 5.7.1 Service unavailable; Client host [xxx.xxx.xxx.xxx] blocked using zen.spamhaus.org; from=<some.user@exampleserver.com> to=<someuser@exampleserver.com> proto=ESMTP helo=<example.mailserver.com>

Thank you,
BR.
« Last Edit: August 19, 2022, 01:30:23 PM by idovecer »

Offline
*
Re: zen.spamhaus.org or postfix or control web panel
« Reply #1 on: October 12, 2022, 11:36:57 AM »
Recently I installed a new server with CWP and have the same problem.

The problem only occurs when I build the mail server with the option: AntiSpam/AntiVirus (recommended).

When I do not check the box for this option and rebuild de mailserver, email is running fine.

I also have another server running with CWP, I don't have that problem there.

The only difference between the two servers is the OS:
Server 1 (no problems): CentOS Linux release 7.9.2009 (Core)
Server 2 (with problems): CentOS Stream release 8

Did you find a solution for this problem?

Offline
*
Re: zen.spamhaus.org or postfix or control web panel
« Reply #2 on: November 14, 2022, 05:10:06 PM »
After experiencing the same issue, I was able to rebuild the server with the AntiSpam/AntiVirus option checked so long as I manually disabled zen.spamhaus.org in the postfix main.cf

smtpd_sender_restrictions = ... remove reject_rbl_client zen.spamhaus.org

This is due to a change in how Spamhaus provides this service. They now use Spamhaus DQS. See this for reference: https://www.spamhaus.org/returnc/pub/3.101.145.207. You have to sign up for the free service and change your postfix configuration to use a custom endpoint for reject_rbl_client. There are some additional lookup services that they provide as well that can be added to the postfix configuration. Everything works as expected after updating using their instructions and the use of the Spamhaus service is restored.

I reached out to CWP tech support about it and they are aware of the issue

Offline
**
Re: zen.spamhaus.org or postfix or control web panel
« Reply #3 on: August 21, 2024, 10:10:39 PM »
Sorry for the bump in this thread, but I think this bump is better than opening another thread.

I migrated my server to another VPS a month and a half ago, today I just realized that I was not receiving emails outside of the domain itself... investigating I have seen that the problem lies in the blocking by zen.spamhaus.org.
On their own website there is an IP check, both ipv4 and ipv6 indicate that they are ok, but until I have removed reject_rbl_client zen.spamhaus.org I have not received emails from outside the domain.

And it is exactly the same as described in this thread:
The problem only occurs when I build the mail server with the option: AntiSpam/AntiVirus (recommended).

Tomorrow I will contact zen.spamhaus.org to see what solution they indicate according to what my colleague ccsinteractive says.

Greetings.

Offline
*****
Re: zen.spamhaus.org or postfix or control web panel
« Reply #4 on: August 24, 2024, 08:28:17 PM »
Have you tried configuring it using their DQS service (with an API key)? I would test that scenario, too.

Offline
**
Re: zen.spamhaus.org or postfix or control web panel
« Reply #5 on: August 25, 2024, 11:30:05 AM »
Have you tried configuring it using their DQS service (with an API key)? I would test that scenario, too.
No, not at the moment, I don't know how to do it.
I have contacted them but I haven't received a response yet.
At the moment, the solution has been to remove their entry in the main.cf file, but this is temporary, I hope they answer me and see what they say.

Thanks for your reply.

Offline
**
Re: zen.spamhaus.org or postfix or control web panel
« Reply #6 on: September 21, 2024, 07:16:44 PM »
Have you tried configuring it using their DQS service (with an API key)? I would test that scenario, too.

I waited a long time for a reply from spamhaus, which never came, so I proceed to indicate what I did (and some doubts).

When creating the free account, if you access your Customer Portal, in Products DQS, there seems to be the data for postfix, the "Query Key" and we have this sentence:

Please review documentation and getting started guides to help you set up and access the service.

With a link to the documentation and getting started guides.

When accessing there, a series of instructions appear, and it is here where I see or think the instructions are to modify the main.cf of postfix with spamhaus.

By default, in main.cf, referring to spamhaus, we only have "reject_rbl_client" which in full is: "reject_rbl_client zen.spamhaus.org"

According to your instructions, we must replace it with:
Quote
reject_rhsbl_sender
reject_rhsbl_helo
reject_rhsbl_reverse_client
reject_rhsbl_sender
reject_rhsbl_helo
reject_rhsbl_reverse_client
reject_rbl_client
All of them, with their corresponding chain after each entry corresponding to our query key (or API key, as we want to call it, but there they call it Query Key).

Besides, there are 2 more things to do, but they don't require any major importance/relevance, create a file in postfix, put a content that refers to our query key, make a hash and insert a line in the main.cf of the hash we made.

Well, I did it, and now I receive mail from any domain (I had time to try two, just in case, I made a snapshot of my vps...).

But my question, if by default we only have the spamhaus entry for reject_rbl_client, should the others also be there? I mean the ones I put in "quote".

In case it helps someone, because thanks to this post, I saw the light, I was a while not knowing why I wasn't receiving emails...