1

Topic: Trouble with spam (dsnbl spamhaus)

==== REQUIRED BASIC INFO OF YOUR IREDMAIL SERVER ====
- iRedMail version (check /etc/iredmail-release):
Latest version
- Deployed with iRedMail Easy or the downloadable installer?
iRedMail Easy
- Linux/BSD distribution name and version:
Debian 12
- Store mail accounts in which backend (LDAP/MySQL/PGSQL):
MariaDB
- Web server (Apache or Nginx):
Nginx
- Manage mail accounts with iRedAdmin-Pro?
iRedAdmin-Pro-SQL

- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====


Hello,

I am currently testing the server before its deployment into production. I visited the website https://blt.spamhaus.com to verify if the server is correctly configured to utilize the Spamhaus blocklist. After testing, I received emails with messages like this:

"This is a Spamhaus BLT public SMTP-test email which has been crafted to be blocked by properly configured mail systems. If you're reading this then your MX is not properly configured for the dbl-pub-from test; please see the BLT documentation at https://blt.spamhaus.com/docs for tips on configuring your MX."

It appears that I did not pass any of the 7 tests, as the server allowed through all emails that should have been blocked.

As mentioned earlier, the server was installed using iRedMail Easy. I edited the file /opt/iredmail/custom/postfix/custom.sh with the following line:

postconf -e postscreen_dnsbl_sites='zen.spamhaus.org=127.0.0.[2..11]*3 b.barracudacentral.org=127.0.0.2*2 bl.spamcop.net'

I then ran sudo /bin/bash custom.sh and checked /etc/postfix/main.cf to ensure everything was correct.

Despite configuring the DNSBL sites, I am still unable to pass any of the tests, and all spam emails are being accepted. What am I doing wrong?
Thank you in advance

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2

Re: Trouble with spam (dsnbl spamhaus)

TiTo wrote:

postconf -e postscreen_dnsbl_sites='zen.spamhaus.org=127.0.0.[2..11]*3 b.barracudacentral.org=127.0.0.2*2 bl.spamcop.net'

According to spamhaus official doc, your config is correct.
FYI https://docs.spamhaus.com/datasets/docs … en-instead

I suggest contact spamhaus to make it clear.

3

Re: Trouble with spam (dsnbl spamhaus)

After unsuccessful attempts to contact Spamhaus by email, I analyzed the logs and found that DNS queries were being forwarded to 8.8.8.8 and 8.8.4.4. In the configuration of BIND, which is installed as a cache-only DNS server via iRedMailEasy, I discovered that the forwarders are set to 8.8.8.8 and 8.8.4.4.

When querying zen.spamhaus.org through public resolvers (Google DNS), I received the response 127.255.255.254.

According to Spamhaus documentation (URL: https://www.spamhaus.org/resource-hub/d … sbl-name), this response indicates that the DNSBL query is being made via a public/open resolver or an IP address with generic, unattributable reverse DNS. Consequently, the query is blocked, and no reputation data is returned.

To resolve this, I commented out the following lines in /etc/bind/named.conf:

//    forward only;
//    forwarders {
//        8.8.8.8;
//        8.8.4.4;
//    };

After restarting BIND, I received the correct response upon querying:

root@mail:/etc/bind# dig +short 2.0.0.127.zen.spamhaus.org
127.0.0.10
127.0.0.2
127.0.0.4

Therefore, I recommend creating a new BIND installation package where the above-mentioned lines are commented out. This will ensure that, as now, we will not have issues querying zen.spamhaus.org with the installation of the ISC BIND component via iRedMailEasy, and consequently, no issues with the anti-spam module.

All the best

4

Re: Trouble with spam (dsnbl spamhaus)

Hi Tito,

This has been fixed and will be available in next iRedMail Easy update (and iRedMail Enterprise Edition). smile
You can see the comment lines in upstream input field like below, hope it's clear enough. And there's no default upstream servers anymore, we don't use Google public DNS servers by default.

Either use the DNS servers in your local network as upstream, or leave it empty to perform DNS queries from localhost directly. Do NOT use public/open DNS servers if you use Spamhaus DNSBL service. Spamhaus blocks queries from public DNS servers due to cannot determine the volume of queries. For example, Google (8.8.8.8, 8.8.4.4), Cloudflare (1.1.1.1), and the DNS servers ran by VPS vendors like DigitalOcean, Linode, Vultr, etc.

5 (edited by TiTo 2024-05-29 18:26:09)

Re: Trouble with spam (dsnbl spamhaus)

For me crystal clear smile

Thank you!
Keep up the good work on