zen.spamhaus.org RBL

[preem]

Thats what i get when sending from gmail account and it doesn't get delivered, I get a 'Undelivered' reply on gmail, i tested with 10 sent emails, and everytime the same.

Code:

Nov  8 12:13:11 mail postfix/smtpd[9215]: connect from wa-out-1112.google.com[209.85.146.176]
Nov  8 12:13:12 mail postfix/smtpd[9215]: NOQUEUE: reject: RCPT from wa-out-1112.google.com[209.85.146.176]: 554 Service unavailable; Client host [209.85.146.176] blocked using zen.spamhouse.org; This is not the DNSBL you're looking for.; from=<my_email> to=<my_other_email> proto=ESMTP helo=<wa-out-1112.google.com>

"This is not the DNSBL you're looking for"

What would that mean? It looks like its misconfigured somehow, but i have no idea how.

edit: 20090602: changed email address, i smell spambots around.

[phoenix]

Quote:

Originally Posted by preem

"This is not the DNSBL you're looking for"

What would that mean? It looks like its misconfigured somehow, but i have no idea how.

That means you've mis-spelled the name of the RBL.

[captainmish]

hint:
zen.spamhaus.org

spamHAUS, not spamhouse

[preem]

Ah yes, thank you very much, i think i got it this time, here's the config output

from postfix conf

Code:

#su - zimbra -c 'postconf | grep smtpd_recipient_restrictions'
smtpd_recipient_restrictions = reject_non_fqdn_recipient, permit_sasl_authenticated, permit_mynetworks, reject_unlisted_recipient, reject_rbl_client zen.spamhaus.org, reject_invalid_hostname, reject_non_fqdn_hostname, reject_non_fqdn_sender, reject_unauth_destination, permit

and zimbraMtaRestrictions:

Code:

# su - zimbra -c 'zmprov gacf | grep zimbraMtaRestriction'
zimbraMtaRestriction: reject_invalid_hostname
zimbraMtaRestriction: reject_non_fqdn_hostname
zimbraMtaRestriction: reject_non_fqdn_sender

Saw some mails being "blocked using zen.spamhaus.org;" instantly and am receiving testing mails from gmail, so it appears its working. Time will tell, will keep an eye on the logs for a while.

Thanks for support, guys.

[mmorse]

Quote:

Originally Posted by captainmish

Ive had no problems with it since it went on, amazed at the amount its blocking.

BTW-If you want to get some hard numbers theres dnsblcount. Monitoring_Logs_for_DNSBL_bounces : Configuring and Monitoring Postfix DNSBL - Zimbra :: Wiki

[jones0610]

This is a spamhaus related issue so I thought I would tack it on to this thread. I did look at a few other threads on this topic and saw no relevant issues. Zimbra is nailing 100% of incoming spam with no loss of legit mail that I can see so no worries. I migrated over to Zimbra after a decade or two running my e-mail off of two sendmail servers. So far so good.

My problem is that zen.spamhaus does not seem to be working. When I run the e-mail test from spamhaus it says that blocking is not working. I noticed that zen.spamhaus.org is not resolving and was chided by their support about not reading their FAQ on the subject. Spamhaus has always worked flawlessly on sendmail so I'm wondering what gives. Sorbs and so on seem to be working fine.

Here's the error in the log:

Unrecognized warning:
137.193.99.216.zen.spamhaus.org: RBL lookup error: Host or domain name not found. Name service error for name=137.193.99.216.zen.spamhaus.org type=A: Host not found, try again : 1 Time(s)
46.193.99.216.zen.spamhaus.org: RBL lookup error: Host or domain name not found. Name service error for name=46.193.99.216.zen.spamhaus.org type=A: Host not found, try again : 1 Time(s)

Spamhaus says: <http://www.spamhaus.org/faq/answers.lasso?section=DNSBL%20Usage#122>

Spamhaus' test confirmed that Zimbra can receive e-mail and is not blocking their test messages. Then it tested zen and said:

Uh-oh, your SBL block is not working!

My config:

[root@security backup-rsync]# su - zimbra
[zimbra@security ~]$ zmprov gacf | grep zimbraMtaRestriction
zimbraMtaRestriction: reject_non_fqdn_sender
zimbraMtaRestriction: reject_non_fqdn_hostname
zimbraMtaRestriction: reject_invalid_hostname
zimbraMtaRestriction: reject_rbl_client spam.dnsbl.sorbs.net
zimbraMtaRestriction: reject_rbl_client dnsbl.sorbs.net
zimbraMtaRestriction: reject_rbl_client zen.spamhaus.org
zimbraMtaRestriction: reject_rbl_client bl.spamcop.net

[zimbra@security ~]$ postconf | grep smtpd_recipient_restrictions
smtpd_recipient_restrictions = reject_non_fqdn_recipient, permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination, reject_unlisted_recipient, reject_invalid_hostname, reject_non_fqdn_hostname, reject_non_fqdn_sender, reject_rbl_client spam.dnsbl.sorbs.net, reject_rbl_client dnsbl.sorbs.net, reject_rbl_client zen.spamhaus.org, reject_rbl_client bl.spamcop.net, reject_rbl_client zen.spamhaus.org, reject_rbl_client dnsbl.sorbs.net, reject_rbl_client spam.dnsbl.sorbs.net, reject_rbl_client bl.spamcop.net, permit
[zimbra@security ~]$

Not a huge problem at this time but I'd like to get it resolved for future reference and for my own education. I do understand that SA apparently includes zen in it's e-mail filtering.

Many thanks in advance!

[ArcaneMagus]

What do you get from running this on the zimbra server:

Code:

dig 40.56.209.64.zen.spamhaus.org

This IP address recently tried to send me spam and was blocked using zen so at least as of 11:05 Oct 27, 2009 PDT it was listed.

And no answer from spamhaus for an IP address simply means it isn't listed... not sure why you would be getting an error telling you that.

[jones0610]

I'm scratching my head too as spamhaus does seem to be working just fine. I know zip about Postfix and even less about Zimbra so it's certrainly possible and even likely that I'm just doing something dumb here.

[root@security backup-rsync]# dig 40.56.209.64.zen.spamhaus.org

; <<>> DiG 9.2.4 <<>> 40.56.209.64.zen.spamhaus.org
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 47341
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 23, ADDITIONAL: 2

;; QUESTION SECTION:
;40.56.209.64.zen.spamhaus.org. IN A

;; ANSWER SECTION:
40.56.209.64.zen.spamhaus.org. 900 IN A 127.0.0.3

;; AUTHORITY SECTION:
zen.spamhaus.org. 69885 IN NS 5.ns.spamhaus.org.
zen.spamhaus.org. 69885 IN NS 8.ns.spamhaus.org.
zen.spamhaus.org. 69885 IN NS a.ns.spamhaus.org.
zen.spamhaus.org. 69885 IN NS b.ns.spamhaus.org.
zen.spamhaus.org. 69885 IN NS c.ns.spamhaus.org.
zen.spamhaus.org. 69885 IN NS d.ns.spamhaus.org.
zen.spamhaus.org. 69885 IN NS f.ns.spamhaus.org.
zen.spamhaus.org. 69885 IN NS g.ns.spamhaus.org.
zen.spamhaus.org. 69885 IN NS h.ns.spamhaus.org.
zen.spamhaus.org. 69885 IN NS i.ns.spamhaus.org.
zen.spamhaus.org. 69885 IN NS k.ns.spamhaus.org.
zen.spamhaus.org. 69885 IN NS l.ns.spamhaus.org.
zen.spamhaus.org. 69885 IN NS m.ns.spamhaus.org.
zen.spamhaus.org. 69885 IN NS o.ns.spamhaus.org.
zen.spamhaus.org. 69885 IN NS q.ns.spamhaus.org.
zen.spamhaus.org. 69885 IN NS r.ns.spamhaus.org.
zen.spamhaus.org. 69885 IN NS s.ns.spamhaus.org.
zen.spamhaus.org. 69885 IN NS t.ns.spamhaus.org.
zen.spamhaus.org. 69885 IN NS x.ns.spamhaus.org.
zen.spamhaus.org. 69885 IN NS y.ns.spamhaus.org.
zen.spamhaus.org. 69885 IN NS 0.ns.spamhaus.org.
zen.spamhaus.org. 69885 IN NS 1.ns.spamhaus.org.
zen.spamhaus.org. 69885 IN NS 3.ns.spamhaus.org.

;; ADDITIONAL SECTION:
0.ns.spamhaus.org. 12287 IN A 204.16.254.40
0.ns.spamhaus.org. 12285 IN AAAA 2001:7b8:3:1f:0:2:53:2

;; Query time: 149 msec
;; SERVER: 69.30.0.200#53(69.30.0.200)
;; WHEN: Tue Oct 27 10:51:00 2009
;; MSG SIZE rcvd: 478

[root@security backup-rsync]#

[ArcaneMagus]

Looks like it was working fine for that query... the only thing that I can think of is maybe your DNS server that you were querying is having issues.
You might want to check out using something like OpenDNS | Internet Navigation And Security for your DNS server rather then your ISP's DNS server. I have had many issues with cache poisoning or just plain dead servers in the past before I gave up on ISP DNS servers...

[jones0610]

That's a good idea and I've just done that. Around the time I started having problems I built a forwarding only DNS server for exactly the reasons you mentioned. I thought the spamhaus problem was related but based on a lot of testing apparently not. We'll see how this works out and if the Zimbra error messages go away I will update this thread.

Thanks again!