Results 1 to 8 of 8

Thread: My server has stopped querying DNSBL. Help!

  1. #1
    slacri is offline Active Member
    Join Date
    Mar 2010
    Posts
    33
    Rep Power
    5

    Default My server has stopped querying DNSBL. Help!

    Hello, my server (ZCS 6.0.6 on Ubuntu 8.04) has suddenly stopped querying DNSBL after working correctly for 10days.
    Before yesterday I could see lines in the zimbra.log like the following ones:

    Client host [201.42.134.189] blocked using zen.spamhaus.org;
    Client host [189.61.161.153] blocked using cbl.abuseat.org;

    I could also see that everything was fine using 'dnsblcount' ( dnsblcount - Count RBL Rejections in Postix Log ) with counters increasing in number

    Here are the mta settings ( I changed zen.spamhaus.org to sbl.spamhaus.org):

    zimbraMtaRestriction: reject_invalid_hostname
    zimbraMtaRestriction: reject_rbl_client sbl.spamhaus.org
    zimbraMtaRestriction: reject_rbl_client dnsbl.njabl.org
    zimbraMtaRestriction: reject_rbl_client cbl.abuseat.org
    zimbraMtaRestriction: reject_rbl_client bl.spamcop.net
    zimbraMtaRestriction: reject_rbl_client dnsbl.sorbs.net

    To troubleshoot I configured zen.spamhaus.org on the firewall and it works there. Another weird thing about this DNSBL is that i can't ping it from the server while I can from a Windows client.
    I can ping the other DNSBL both from the server and the windows clients. The server has bind9 installed

    What could be causing the problem? Do you have an idea?
    Thanks
    Simone

  2. #2
    phoenix is offline Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,201
    Rep Power
    56

    Default

    Quote Originally Posted by slacri View Post
    Another weird thing about this DNSBL is that i can't ping it from the server while I can from a Windows client.
    I can ping the other DNSBL both from the server and the windows clients.
    Wouldn't that indicate a likely firewall, apparmor or DNS resolution problem?
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  3. #3
    slacri is offline Active Member
    Join Date
    Mar 2010
    Posts
    33
    Rep Power
    5

    Default

    Maybe but I can ping everything except zen.spamhaus.org, pbl.spamhaus.org, xbl.spamhaus.org etc., there's no firewall configured, outbound traffic is enabled, and it has worked for 10 days....
    I have removed apparmor, restarted bind9....
    Here's the reply to dig zen.spamhaus.org

    ; <<>> DiG 9.4.2-P2.1 <<>> zen.spamhaus.org
    ;; global options: printcmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1993
    ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

    ;; QUESTION SECTION:
    ;zen.spamhaus.org. IN A

    ;; AUTHORITY SECTION:
    zen.spamhaus.org. 150 IN SOA need.to.know.only. hostmaster.spamhaus.org. 1005181930 3600 600 432000 150

    ;; Query time: 415 msec
    ;; SERVER: 127.0.0.1#53(127.0.0.1)
    ;; WHEN: Tue May 18 21:58:02 2010
    ;; MSG SIZE rcvd: 98

    I can' t see the IP address. From a Windows client, nslookup
    replies 'Address 67.215.65.132'

    If I 'dig dnsbl.njabl.org' from the server I can see the IP addresses it resolves to

    And apart from zen.spamhaus, I can't get the other DNSBL to work
    Help appreciated
    Simone from Italy

  4. #4
    slacri is offline Active Member
    Join Date
    Mar 2010
    Posts
    33
    Rep Power
    5

    Default

    I changed the DNS server in resolv.conf to use opendns (instead of localhost)
    Now resolution for zen.spamhaus.org is correct but DNSBL still don't work! No DNSBL query at all!

    Where can I find information about what is going on? DNS log..?
    I also checked mail.err, mail.info, mail.warn
    Simone

  5. #5
    slacri is offline Active Member
    Join Date
    Mar 2010
    Posts
    33
    Rep Power
    5

    Default

    Hello....this is my /opt/zimbra/conf/postfix_recipient_restrictions.cf


    reject_non_fqdn_recipient
    permit_sasl_authenticated
    permit_mynetworks
    reject_unauth_destination
    reject_unlisted_recipient
    %%contains VAR:zimbraMtaRestriction reject_invalid_hostname%%
    %%contains VAR:zimbraMtaRestriction reject_non_fqdn_hostname%%
    %%contains VAR:zimbraMtaRestriction reject_non_fqdn_sender%%
    %%contains VAR:zimbraMtaRestriction reject_unknown_client%%
    %%contains VAR:zimbraMtaRestriction reject_unknown_hostname%%
    %%contains VAR:zimbraMtaRestriction reject_unknown_sender_domain%%
    %%explode reject_rbl_client VAR:zimbraMtaRestrictionRBLs%%
    %%contains VAR:zimbraMtaRestriction check_policy_service unixrivate/policy%%
    permit


    And this is my DNS settings: (zmprov gacf | grep zimbraMtaRestriction)

    zimbraMtaRestriction: reject_invalid_hostname
    zimbraMtaRestriction: reject_rbl_client dnsbl.njabl.org
    zimbraMtaRestriction: reject_rbl_client cbl.abuseat.org
    zimbraMtaRestriction: reject_rbl_client bl.spamcop.net
    zimbraMtaRestriction: reject_rbl_client dnsbl.sorbs.net

    Is it correct? Shouldn't it list all DNSBL??
    for example:

    %%contains VAR:zimbraMtaRestriction reject_rbl_client bl.spamcop.net%%

    Can somebody paste the postfix_recipient_restrictions.cf file?

    By the way, I can correcty resolve each DNSBL

    Thanks, Simone

  6. #6
    uxbod's Avatar
    uxbod is offline Moderator
    Join Date
    Nov 2006
    Location
    UK
    Posts
    8,016
    Rep Power
    24

    Default

    No; the key difference is %%explode which will pull all of those RBLs from LDAP. Have you tried querying one of the RBLs from the command line ?

  7. #7
    slacri is offline Active Member
    Join Date
    Mar 2010
    Posts
    33
    Rep Power
    5

    Default

    Yes (if you mean a ping to them), for example:

    ping bl.spamcop.net
    PING bl.spamcop.net (204.15.82.19) 56(84) bytes of data.
    64 bytes from 204-15-82-19.ironport.com (204.15.82.19): icmp_seq=1 ttl=48 time=195 ms

    ping dnsbl.sorbs.net
    PING dnsbl.sorbs.net (111.125.160.134) 56(84) bytes of data.
    64 bytes from SORBS (Spam and Open-Relay Blocking System) (111.125.160.134): icmp_seq=1 ttl=52 time=375 ms

    Another thing that I don't understans is this: why 'postfix_recipient_restrictions.cf' and the output of 'zmprov gacf | grep zimbraMtaRestriction' differ?
    I didn't add
    reject_non_fqdn_hostname
    reject_non_fqdn_sender
    reject_unknown_client
    reject_unknown_hostname
    reject_unknown_sender_domain

    I only added
    reject_invalid_hostname and the DNSBL (zmprov mcf zimbraMtaRestriction ....)

    Why?

    Simone

  8. #8
    slacri is offline Active Member
    Join Date
    Mar 2010
    Posts
    33
    Rep Power
    5

    Default

    It works again!
    I don't know why it stopped working and I don't know why it works again now.
    Now my settings are:

    zimbraMtaRestriction: reject_non_fqdn_sender
    zimbraMtaRestriction: reject_unknown_sender_domain
    zimbraMtaRestriction: reject_rbl_client dnsbl.njabl.org
    zimbraMtaRestriction: reject_rbl_client cbl.abuseat.org

    dnsblcount now says:
    cbl.abuseat.org 757
    dnsbl.njabl.org 7

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. [SOLVED] Server Statistics stopped working
    By priyadarsanroy in forum Administrators
    Replies: 11
    Last Post: 04-05-2010, 10:18 PM
  2. failed to install zimbra cos of zmmailboxd
    By aljoshab in forum Installation
    Replies: 4
    Last Post: 12-09-2008, 02:33 AM
  3. [SOLVED] my server stopped working???
    By cecil in forum Administrators
    Replies: 4
    Last Post: 04-20-2008, 08:07 AM
  4. [SOLVED] Multi Server - DNS - Imapproxy
    By innercy in forum Installation
    Replies: 1
    Last Post: 12-29-2007, 10:21 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •