This is a spamhaus related issue so I thought I would tack it on to this thread. I did look at a few other threads on this topic and saw no relevant issues. Zimbra is nailing 100% of incoming spam with no loss of legit mail that I can see so no worries. I migrated over to Zimbra after a decade or two running my e-mail off of two sendmail servers. So far so good.
My problem is that zen.spamhaus does not seem to be working. When I run the e-mail test from spamhaus it says that blocking is not working. I noticed that zen.spamhaus.org is not resolving and was chided by their support about not reading their FAQ on the subject. Spamhaus has always worked flawlessly on sendmail so I'm wondering what gives. Sorbs and so on seem to be working fine.
Here's the error in the log:
Unrecognized warning:
137.193.99.216.zen.spamhaus.org: RBL lookup error: Host or domain name not found. Name service error for name=137.193.99.216.zen.spamhaus.org type=A: Host not found, try again : 1 Time(s)
46.193.99.216.zen.spamhaus.org: RBL lookup error: Host or domain name not found. Name service error for name=46.193.99.216.zen.spamhaus.org type=A: Host not found, try again : 1 Time(s)
Spamhaus says: <http://www.spamhaus.org/faq/answers.lasso?section=DNSBL%20Usage#122>
Spamhaus' test confirmed that Zimbra can receive e-mail and is not blocking their test messages. Then it tested zen and said:
Uh-oh, your SBL block is not working!
My config:
[root@security backup-rsync]# su - zimbra
[zimbra@security ~]$ zmprov gacf | grep zimbraMtaRestriction
zimbraMtaRestriction: reject_non_fqdn_sender
zimbraMtaRestriction: reject_non_fqdn_hostname
zimbraMtaRestriction: reject_invalid_hostname
zimbraMtaRestriction: reject_rbl_client spam.dnsbl.sorbs.net
zimbraMtaRestriction: reject_rbl_client dnsbl.sorbs.net
zimbraMtaRestriction: reject_rbl_client zen.spamhaus.org
zimbraMtaRestriction: reject_rbl_client bl.spamcop.net
[zimbra@security ~]$ postconf | grep smtpd_recipient_restrictions
smtpd_recipient_restrictions = reject_non_fqdn_recipient, permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination, reject_unlisted_recipient, reject_invalid_hostname, reject_non_fqdn_hostname, reject_non_fqdn_sender, reject_rbl_client spam.dnsbl.sorbs.net, reject_rbl_client dnsbl.sorbs.net, reject_rbl_client zen.spamhaus.org, reject_rbl_client bl.spamcop.net, reject_rbl_client zen.spamhaus.org, reject_rbl_client dnsbl.sorbs.net, reject_rbl_client spam.dnsbl.sorbs.net, reject_rbl_client bl.spamcop.net, permit
[zimbra@security ~]$
Not a huge problem at this time but I'd like to get it resolved for future reference and for my own education. I do understand that SA apparently includes zen in it's e-mail filtering.
Many thanks in advance! |