My server has stopped querying DNSBL. Help!

[slacri]

Hello, my server (ZCS 6.0.6 on Ubuntu 8.04) has suddenly stopped querying DNSBL after working correctly for 10days.
Before yesterday I could see lines in the zimbra.log like the following ones:

Client host [201.42.134.189] blocked using zen.spamhaus.org;
Client host [189.61.161.153] blocked using cbl.abuseat.org;

I could also see that everything was fine using 'dnsblcount' ( dnsblcount - Count RBL Rejections in Postix Log ) with counters increasing in number

Here are the mta settings ( I changed zen.spamhaus.org to sbl.spamhaus.org):

zimbraMtaRestriction: reject_invalid_hostname
zimbraMtaRestriction: reject_rbl_client sbl.spamhaus.org
zimbraMtaRestriction: reject_rbl_client dnsbl.njabl.org
zimbraMtaRestriction: reject_rbl_client cbl.abuseat.org
zimbraMtaRestriction: reject_rbl_client bl.spamcop.net
zimbraMtaRestriction: reject_rbl_client dnsbl.sorbs.net

To troubleshoot I configured zen.spamhaus.org on the firewall and it works there. Another weird thing about this DNSBL is that i can't ping it from the server while I can from a Windows client.
I can ping the other DNSBL both from the server and the windows clients. The server has bind9 installed

What could be causing the problem? Do you have an idea?
Thanks
Simone

[phoenix]

Quote:

Originally Posted by slacri

Another weird thing about this DNSBL is that i can't ping it from the server while I can from a Windows client.
I can ping the other DNSBL both from the server and the windows clients.

Wouldn't that indicate a likely firewall, apparmor or DNS resolution problem?

[slacri]

Maybe but I can ping everything except zen.spamhaus.org, pbl.spamhaus.org, xbl.spamhaus.org etc., there's no firewall configured, outbound traffic is enabled, and it has worked for 10 days....
I have removed apparmor, restarted bind9....
Here's the reply to dig zen.spamhaus.org

; <<>> DiG 9.4.2-P2.1 <<>> zen.spamhaus.org
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1993
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;zen.spamhaus.org. IN A

;; AUTHORITY SECTION:
zen.spamhaus.org. 150 IN SOA need.to.know.only. hostmaster.spamhaus.org. 1005181930 3600 600 432000 150

;; Query time: 415 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Tue May 18 21:58:02 2010
;; MSG SIZE rcvd: 98

I can' t see the IP address. From a Windows client, nslookup
replies 'Address 67.215.65.132'

If I 'dig dnsbl.njabl.org' from the server I can see the IP addresses it resolves to

And apart from zen.spamhaus, I can't get the other DNSBL to work
Help appreciated
Simone from Italy

[slacri]

I changed the DNS server in resolv.conf to use opendns (instead of localhost)
Now resolution for zen.spamhaus.org is correct but DNSBL still don't work! No DNSBL query at all!

Where can I find information about what is going on? DNS log..?
I also checked mail.err, mail.info, mail.warn
Simone

[slacri]

Hello....this is my /opt/zimbra/conf/postfix_recipient_restrictions.cf


reject_non_fqdn_recipient
permit_sasl_authenticated
permit_mynetworks
reject_unauth_destination
reject_unlisted_recipient
%%contains VAR:zimbraMtaRestriction reject_invalid_hostname%%
%%contains VAR:zimbraMtaRestriction reject_non_fqdn_hostname%%
%%contains VAR:zimbraMtaRestriction reject_non_fqdn_sender%%
%%contains VAR:zimbraMtaRestriction reject_unknown_client%%
%%contains VAR:zimbraMtaRestriction reject_unknown_hostname%%
%%contains VAR:zimbraMtaRestriction reject_unknown_sender_domain%%
%%explode reject_rbl_client VAR:zimbraMtaRestrictionRBLs%%
%%contains VAR:zimbraMtaRestriction check_policy_service unixrivate/policy%%
permit

And this is my DNS settings: (zmprov gacf | grep zimbraMtaRestriction)

zimbraMtaRestriction: reject_invalid_hostname
zimbraMtaRestriction: reject_rbl_client dnsbl.njabl.org
zimbraMtaRestriction: reject_rbl_client cbl.abuseat.org
zimbraMtaRestriction: reject_rbl_client bl.spamcop.net
zimbraMtaRestriction: reject_rbl_client dnsbl.sorbs.net

Is it correct? Shouldn't it list all DNSBL??
for example:

%%contains VAR:zimbraMtaRestriction reject_rbl_client bl.spamcop.net%%

Can somebody paste the postfix_recipient_restrictions.cf file?

By the way, I can correcty resolve each DNSBL

Thanks, Simone

[uxbod]

No; the key difference is %%explode which will pull all of those RBLs from LDAP. Have you tried querying one of the RBLs from the command line ?

[slacri]

Yes (if you mean a ping to them), for example:

ping bl.spamcop.net
PING bl.spamcop.net (204.15.82.19) 56(84) bytes of data.
64 bytes from 204-15-82-19.ironport.com (204.15.82.19): icmp_seq=1 ttl=48 time=195 ms

ping dnsbl.sorbs.net
PING dnsbl.sorbs.net (111.125.160.134) 56(84) bytes of data.
64 bytes from SORBS (Spam and Open-Relay Blocking System) (111.125.160.134): icmp_seq=1 ttl=52 time=375 ms

Another thing that I don't understans is this: why 'postfix_recipient_restrictions.cf' and the output of 'zmprov gacf | grep zimbraMtaRestriction' differ?
I didn't add
reject_non_fqdn_hostname
reject_non_fqdn_sender
reject_unknown_client
reject_unknown_hostname
reject_unknown_sender_domain

I only added
reject_invalid_hostname and the DNSBL (zmprov mcf zimbraMtaRestriction ....)

Why?

Simone

[slacri]

It works again!
I don't know why it stopped working and I don't know why it works again now.
Now my settings are:

zimbraMtaRestriction: reject_non_fqdn_sender
zimbraMtaRestriction: reject_unknown_sender_domain
zimbraMtaRestriction: reject_rbl_client dnsbl.njabl.org
zimbraMtaRestriction: reject_rbl_client cbl.abuseat.org

dnsblcount now says:
cbl.abuseat.org 757
dnsbl.njabl.org 7