DNS RBL error
in [Postfix]
|
From: Steve Linford on 19 Apr 2010 11:14 On 19 Apr 2010, at 14:53, donovan jeffrey j wrote: > On Apr 19, 2010, at 8:41 AM, Ralf Hildebrandt wrote: > >> * donovan jeffrey j <donovan(a)beth.k12.pa.us>: >>> Greetings >>> >>> i have been seeing tons of errors coming from spamhaus, it seems it's not resolving. at least for me. is anyone else having any problems ? >> >> You might have been blocked because you exceeded the limits for free >> usage. > > i did not know there was such a thing. I may be having some type of dns issue with zen. My local dns server does not resolve zen Note that ZEN is an NS zone, not a host. You can not resolve ZEN to a host/IP. http://www.spamhaus.org/faq/answers.lasso?section=DNSBL%20Usage#122 You should however be able to resolve the test address: 2.0.0.127.zen.spamhaus.org If you can't resolve the test address, it may be that the DNS server you are using has exceeded Spamhaus's free usage limit. In that case, running your own NS resolver will normally solve that (unless your actual mail traffic is higher than the free use limits). > but google public dns does. Google public DNS is probably giving you a custom (bad) answer in place of 'host not found'. > ins2:~ root# nslookup zen.spamhaus.com > Non-authoritative answer: > Name: zen.spamhaus.com > Address: 208.87.33.151 spamhaus.com != spamhaus.org. The domain squatter who operates spamhaus.com has a wildcard pointing *.spamhaus.com at his adverts server. (spamhaus.com was registered by a spammer some years ago to joe us, it was then grabbed by a domain squatter) Steve Linford The Spamhaus Project http://www.spamhaus.org
From: /dev/rob0 on 19 Apr 2010 12:36 On Mon, Apr 19, 2010 at 08:31:19AM -0400, donovan jeffrey j wrote: > abuseat.org is working fine. I'm only having trouble with zen. > Apr 19 08:29:12 mail2 postfix/smtpd[21642]: NOQUEUE: reject: RCPT > from unknown[117.201.68.108]: 554 Service unavailable; Client host > [117.201.68.108] blocked using cbl.abuseat.org; Blocked - see > http://cbl.abuseat.org/lookup.cgi?ip=117.201.68.108; > from=<duser(a)beth.k12.pa.us> to=<duser(a)beth.k12.pa.us> proto=ESMTP Whilst it appears that the DNS problem has been sorted, I'm going to suggest a different approach to this one. > helo=<[117.201.69.50]> > > any ideas ? The bracketed IP address is a valid HELO, commonly seen from your authenticating clients. There is no reason why a real MTA should be using such a HELO. I block these with a pcre: map. !/[[:alpha:]]/ 502 5.5.4 We find that all-numeric EHLO/HELO greetings are usually spam. If not, please ask your postmaster to correct the server's EHLO/HELO greeting. !/\./ 502 5.5.4 We find that non-qualified EHLO/HELO greetings are usually spam. If not, please ask your postmaster to correct the server's EHLO/HELO greeting. This would fall under the first condition, "a helo which contains no alpha characters." The second condition is my own reimplementation of Postfix's built-in reject_non_fqdn_helo_hostname restriction. Obviously these MUST NOT be applied to authenticating users, same as with Zen. Precede this lookup with your permit_* restrictions for relaying users (and move submission off of port 25, if applicable.) -- Offlist mail to this address is discarded unless "/dev/rob0" or "not-spam" is in Subject: header
From: donovan jeffrey j on 19 Apr 2010 12:52 On Apr 19, 2010, at 12:36 PM, /dev/rob0 wrote: > On Mon, Apr 19, 2010 at 08:31:19AM -0400, donovan jeffrey j wrote: >> abuseat.org is working fine. I'm only having trouble with zen. >> Apr 19 08:29:12 mail2 postfix/smtpd[21642]: NOQUEUE: reject: RCPT >> from unknown[117.201.68.108]: 554 Service unavailable; Client host >> [117.201.68.108] blocked using cbl.abuseat.org; Blocked - see >> http://cbl.abuseat.org/lookup.cgi?ip=117.201.68.108; >> from=<duser(a)beth.k12.pa.us> to=<duser(a)beth.k12.pa.us> proto=ESMTP > > Whilst it appears that the DNS problem has been sorted, I'm going to > suggest a different approach to this one. > >> helo=<[117.201.69.50]> >> >> any ideas ? > > The bracketed IP address is a valid HELO, commonly seen from your > authenticating clients. There is no reason why a real MTA should be > using such a HELO. I block these with a pcre: map. > > !/[[:alpha:]]/ 502 5.5.4 > We find that all-numeric EHLO/HELO greetings are usually > spam. If not, please ask your postmaster to correct the > server's EHLO/HELO greeting. > !/\./ 502 5.5.4 > We find that non-qualified EHLO/HELO greetings are usually > spam. If not, please ask your postmaster to correct the > server's EHLO/HELO greeting. > > This would fall under the first condition, "a helo which contains no > alpha characters." The second condition is my own reimplementation of > Postfix's built-in reject_non_fqdn_helo_hostname restriction. > > Obviously these MUST NOT be applied to authenticating users, same as > with Zen. Precede this lookup with your permit_* restrictions for > relaying users (and move submission off of port 25, if applicable.) > -- > Offlist mail to this address is discarded unless > "/dev/rob0" or "not-spam" is in Subject: header > thanks rob, I will chew on this for weeks Im sure. right now im trying to figure out why my dns server won't speak to spamhaus. -- oh wait., by the time i typed this email. i got an authoritative answer; dns:~ root# nslookup 2.0.0.127.zen.spamhaus.org Server: 209.96.96.2 Address: 209.96.96.2#53 Non-authoritative answer: Name: 2.0.0.127.zen.spamhaus.org Address: 127.0.0.2 Name: 2.0.0.127.zen.spamhaus.org Address: 127.0.0.4 Name: 2.0.0.127.zen.spamhaus.org Address: 127.0.0.10 i removed the rbl from main.cf and kicked postfix. now dns can at least query????. I don't know what was up with that. do i dare put it back now? some strange foo. -j
From: Wietse Venema on 19 Apr 2010 12:58 donovan jeffrey j: > by the time i typed this email. i got an authoritative answer; > > dns:~ root# nslookup 2.0.0.127.zen.spamhaus.org > Server: 209.96.96.2 > Address: 209.96.96.2#53 You should do such tests as a non-root user. Postfix does not query the DNS as root. Wietse
From: Stan Hoeppner on 19 Apr 2010 17:54 Ralf Hildebrandt put forth on 4/19/2010 8:29 AM: > * John Peach <postfix(a)johnpeach.com>: > >> Your nslookup shows you using 207.172.3.20 as a nameserver: >> >> 20.3.172.207.in-addr.arpa name = auth1.dns.rcn.net >> >> Your ISP's nameserver. You need to run your own, so that you query >> spamhaus directly. They are counting all the hits from RCN. > > apt-get install pdns-recursor A while back I was having issues with my ISP resolvers choking on certain sending domains, so I switched to Google public DNS, which fixed that issue but broke my Spamhaus lookups. I installed pdns-recursor on my Postfix MX (Debian Lenny) and it solved all the problems. -- Stan
First
|
Prev
|
Next
|
Last
Pages: 1 2 3 4 5 Prev: ADV: SMTP clustering solution - Proto Balance Mail Next: postfix loop detection |