Page 2 of 3 FirstFirst 123 LastLast
Results 11 to 20 of 28

Thread: zen.spamhaus.org RBL

  1. #11
    Join Date
    Jan 2007
    Location
    Slovenia
    Posts
    29
    Rep Power
    8

    Default

    Thats what i get when sending from gmail account and it doesn't get delivered, I get a 'Undelivered' reply on gmail, i tested with 10 sent emails, and everytime the same.

    Code:
    Nov  8 12:13:11 mail postfix/smtpd[9215]: connect from wa-out-1112.google.com[209.85.146.176]
    Nov  8 12:13:12 mail postfix/smtpd[9215]: NOQUEUE: reject: RCPT from wa-out-1112.google.com[209.85.146.176]: 554 Service unavailable; Client host [209.85.146.176] blocked using zen.spamhouse.org; This is not the DNSBL you're looking for.; from=<my_email> to=<my_other_email> proto=ESMTP helo=<wa-out-1112.google.com>
    "This is not the DNSBL you're looking for"

    What would that mean? It looks like its misconfigured somehow, but i have no idea how.

    edit: 20090602: changed email address, i smell spambots around.
    Last edited by preem; 06-02-2009 at 12:41 AM.

  2. #12
    phoenix is offline Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,587
    Rep Power
    58

    Default

    Quote Originally Posted by preem View Post
    "This is not the DNSBL you're looking for"

    What would that mean? It looks like its misconfigured somehow, but i have no idea how.
    That means you've mis-spelled the name of the RBL.
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  3. #13
    Join Date
    Mar 2007
    Location
    Plymouth, uk
    Posts
    93
    Rep Power
    8

    Default

    hint:
    zen.spamhaus.org

    spamHAUS, not spamhouse

  4. #14
    Join Date
    Jan 2007
    Location
    Slovenia
    Posts
    29
    Rep Power
    8

    Default

    Ah yes, thank you very much, i think i got it this time, here's the config output

    from postfix conf
    Code:
    #su - zimbra -c 'postconf | grep smtpd_recipient_restrictions'
    smtpd_recipient_restrictions = reject_non_fqdn_recipient, permit_sasl_authenticated, permit_mynetworks, reject_unlisted_recipient, reject_rbl_client zen.spamhaus.org, reject_invalid_hostname, reject_non_fqdn_hostname, reject_non_fqdn_sender, reject_unauth_destination, permit
    and zimbraMtaRestrictions:
    Code:
    # su - zimbra -c 'zmprov gacf | grep zimbraMtaRestriction'
    zimbraMtaRestriction: reject_invalid_hostname
    zimbraMtaRestriction: reject_non_fqdn_hostname
    zimbraMtaRestriction: reject_non_fqdn_sender
    Saw some mails being "blocked using zen.spamhaus.org;" instantly and am receiving testing mails from gmail, so it appears its working. Time will tell, will keep an eye on the logs for a while.

    Thanks for support, guys.

  5. #15
    Join Date
    May 2006
    Location
    USA
    Posts
    6,242
    Rep Power
    21

    Default

    Quote Originally Posted by captainmish View Post
    Ive had no problems with it since it went on, amazed at the amount its blocking.
    BTW-If you want to get some hard numbers theres dnsblcount. Monitoring_Logs_for_DNSBL_bounces : Configuring and Monitoring Postfix DNSBL - Zimbra :: Wiki

  6. #16
    Join Date
    Sep 2009
    Location
    Portland, Oregon USA
    Posts
    30
    Rep Power
    6

    Default

    This is a spamhaus related issue so I thought I would tack it on to this thread. I did look at a few other threads on this topic and saw no relevant issues. Zimbra is nailing 100% of incoming spam with no loss of legit mail that I can see so no worries. I migrated over to Zimbra after a decade or two running my e-mail off of two sendmail servers. So far so good.

    My problem is that zen.spamhaus does not seem to be working. When I run the e-mail test from spamhaus it says that blocking is not working. I noticed that zen.spamhaus.org is not resolving and was chided by their support about not reading their FAQ on the subject. Spamhaus has always worked flawlessly on sendmail so I'm wondering what gives. Sorbs and so on seem to be working fine.

    Here's the error in the log:

    Unrecognized warning:
    137.193.99.216.zen.spamhaus.org: RBL lookup error: Host or domain name not found. Name service error for name=137.193.99.216.zen.spamhaus.org type=A: Host not found, try again : 1 Time(s)
    46.193.99.216.zen.spamhaus.org: RBL lookup error: Host or domain name not found. Name service error for name=46.193.99.216.zen.spamhaus.org type=A: Host not found, try again : 1 Time(s)

    Spamhaus says: <http://www.spamhaus.org/faq/answers.lasso?section=DNSBL%20Usage#122>

    Spamhaus' test confirmed that Zimbra can receive e-mail and is not blocking their test messages. Then it tested zen and said:

    Uh-oh, your SBL block is not working!

    My config:

    [root@security backup-rsync]# su - zimbra
    [zimbra@security ~]$ zmprov gacf | grep zimbraMtaRestriction
    zimbraMtaRestriction: reject_non_fqdn_sender
    zimbraMtaRestriction: reject_non_fqdn_hostname
    zimbraMtaRestriction: reject_invalid_hostname
    zimbraMtaRestriction: reject_rbl_client spam.dnsbl.sorbs.net
    zimbraMtaRestriction: reject_rbl_client dnsbl.sorbs.net
    zimbraMtaRestriction: reject_rbl_client zen.spamhaus.org
    zimbraMtaRestriction: reject_rbl_client bl.spamcop.net

    [zimbra@security ~]$ postconf | grep smtpd_recipient_restrictions
    smtpd_recipient_restrictions = reject_non_fqdn_recipient, permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination, reject_unlisted_recipient, reject_invalid_hostname, reject_non_fqdn_hostname, reject_non_fqdn_sender, reject_rbl_client spam.dnsbl.sorbs.net, reject_rbl_client dnsbl.sorbs.net, reject_rbl_client zen.spamhaus.org, reject_rbl_client bl.spamcop.net, reject_rbl_client zen.spamhaus.org, reject_rbl_client dnsbl.sorbs.net, reject_rbl_client spam.dnsbl.sorbs.net, reject_rbl_client bl.spamcop.net, permit
    [zimbra@security ~]$

    Not a huge problem at this time but I'd like to get it resolved for future reference and for my own education. I do understand that SA apparently includes zen in it's e-mail filtering.

    Many thanks in advance!
    The Hon. Rev. Dr. Frank W. Saxton
    Knight in shining armor (2nd class)

    http://security.NOCdesigns.com

  7. #17
    Join Date
    Feb 2007
    Location
    Portland, OR
    Posts
    1,147
    Rep Power
    10

    Default

    What do you get from running this on the zimbra server:
    Code:
    dig 40.56.209.64.zen.spamhaus.org
    This IP address recently tried to send me spam and was blocked using zen so at least as of 11:05 Oct 27, 2009 PDT it was listed.

    And no answer from spamhaus for an IP address simply means it isn't listed... not sure why you would be getting an error telling you that.

  8. #18
    Join Date
    Sep 2009
    Location
    Portland, Oregon USA
    Posts
    30
    Rep Power
    6

    Default

    I'm scratching my head too as spamhaus does seem to be working just fine. I know zip about Postfix and even less about Zimbra so it's certrainly possible and even likely that I'm just doing something dumb here.

    [root@security backup-rsync]# dig 40.56.209.64.zen.spamhaus.org

    ; <<>> DiG 9.2.4 <<>> 40.56.209.64.zen.spamhaus.org
    ;; global options: printcmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 47341
    ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 23, ADDITIONAL: 2

    ;; QUESTION SECTION:
    ;40.56.209.64.zen.spamhaus.org. IN A

    ;; ANSWER SECTION:
    40.56.209.64.zen.spamhaus.org. 900 IN A 127.0.0.3

    ;; AUTHORITY SECTION:
    zen.spamhaus.org. 69885 IN NS 5.ns.spamhaus.org.
    zen.spamhaus.org. 69885 IN NS 8.ns.spamhaus.org.
    zen.spamhaus.org. 69885 IN NS a.ns.spamhaus.org.
    zen.spamhaus.org. 69885 IN NS b.ns.spamhaus.org.
    zen.spamhaus.org. 69885 IN NS c.ns.spamhaus.org.
    zen.spamhaus.org. 69885 IN NS d.ns.spamhaus.org.
    zen.spamhaus.org. 69885 IN NS f.ns.spamhaus.org.
    zen.spamhaus.org. 69885 IN NS g.ns.spamhaus.org.
    zen.spamhaus.org. 69885 IN NS h.ns.spamhaus.org.
    zen.spamhaus.org. 69885 IN NS i.ns.spamhaus.org.
    zen.spamhaus.org. 69885 IN NS k.ns.spamhaus.org.
    zen.spamhaus.org. 69885 IN NS l.ns.spamhaus.org.
    zen.spamhaus.org. 69885 IN NS m.ns.spamhaus.org.
    zen.spamhaus.org. 69885 IN NS o.ns.spamhaus.org.
    zen.spamhaus.org. 69885 IN NS q.ns.spamhaus.org.
    zen.spamhaus.org. 69885 IN NS r.ns.spamhaus.org.
    zen.spamhaus.org. 69885 IN NS s.ns.spamhaus.org.
    zen.spamhaus.org. 69885 IN NS t.ns.spamhaus.org.
    zen.spamhaus.org. 69885 IN NS x.ns.spamhaus.org.
    zen.spamhaus.org. 69885 IN NS y.ns.spamhaus.org.
    zen.spamhaus.org. 69885 IN NS 0.ns.spamhaus.org.
    zen.spamhaus.org. 69885 IN NS 1.ns.spamhaus.org.
    zen.spamhaus.org. 69885 IN NS 3.ns.spamhaus.org.

    ;; ADDITIONAL SECTION:
    0.ns.spamhaus.org. 12287 IN A 204.16.254.40
    0.ns.spamhaus.org. 12285 IN AAAA 2001:7b8:3:1f:0:2:53:2

    ;; Query time: 149 msec
    ;; SERVER: 69.30.0.200#53(69.30.0.200)
    ;; WHEN: Tue Oct 27 10:51:00 2009
    ;; MSG SIZE rcvd: 478

    [root@security backup-rsync]#
    The Hon. Rev. Dr. Frank W. Saxton
    Knight in shining armor (2nd class)

    http://security.NOCdesigns.com

  9. #19
    Join Date
    Feb 2007
    Location
    Portland, OR
    Posts
    1,147
    Rep Power
    10

    Default

    Looks like it was working fine for that query... the only thing that I can think of is maybe your DNS server that you were querying is having issues.
    You might want to check out using something like OpenDNS | Internet Navigation And Security for your DNS server rather then your ISP's DNS server. I have had many issues with cache poisoning or just plain dead servers in the past before I gave up on ISP DNS servers...

  10. #20
    Join Date
    Sep 2009
    Location
    Portland, Oregon USA
    Posts
    30
    Rep Power
    6

    Default

    That's a good idea and I've just done that. Around the time I started having problems I built a forwarding only DNS server for exactly the reasons you mentioned. I thought the spamhaus problem was related but based on a lot of testing apparently not. We'll see how this works out and if the Zimbra error messages go away I will update this thread.

    Thanks again!
    The Hon. Rev. Dr. Frank W. Saxton
    Knight in shining armor (2nd class)

    http://security.NOCdesigns.com

Similar Threads

  1. rbl config question
    By scottnelson in forum Administrators
    Replies: 4
    Last Post: 02-27-2008, 03:18 PM
  2. Trend Micro RBL doesn't work
    By crowley in forum Administrators
    Replies: 2
    Last Post: 07-25-2007, 06:41 AM
  3. SpamAssassin rbl and uribl checks not working
    By stuheiss in forum Administrators
    Replies: 0
    Last Post: 04-10-2007, 05:41 PM
  4. Postfix RBL lists debug ?
    By RaNd in forum Administrators
    Replies: 1
    Last Post: 03-30-2007, 11:44 PM
  5. RBL effectiveness
    By moniker in forum Administrators
    Replies: 2
    Last Post: 11-05-2006, 05:49 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •