Hello. Suddenly a Debian 10 with ispconfig 3.1 installed stopped receiving emails from external domains. We can send normally. We are also receiving emails from domains that are part of the server. (We receive mails that are coming from ourselves. I have restarted postfix dovecot amavis and eventually the whole server. Here is a part of mail log Code: Aug 24 20:57:12 servervps postfix/smtpd[12319]: connect from mail-ed1-f47.google.com[209.85.208.47] Aug 24 20:57:12 servervps postfix/smtpd[12319]: NOQUEUE: filter: RCPT from mail-ed1-f47.google.com[209.85.208.47]: <[email protected]>: Sender address triggers FILTER amavis:[127.0.0.1]:10026; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<mail-ed1-f47.google.com> Aug 24 20:57:12 servervps postfix/smtpd[12319]: NOQUEUE: filter: RCPT from mail-ed1-f47.google.com[209.85.208.47]: <[email protected]>: Sender address triggers FILTER amavis:[127.0.0.1]:10024; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<mail-ed1-f47.google.com> Aug 24 20:57:12 servervps postfix/smtpd[12319]: NOQUEUE: reject: RCPT from mail-ed1-f47.google.com[209.85.208.47]: 554 5.7.1 Service unavailable; Client host [209.85.208.47] blocked using zen.spamhaus.org; Error: open resolver; https://www.spamhaus.org/returnc/pub/162.158.196.45; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<mail-ed1-f47.google.com> Any ideas?
Hello Till. Thank you for responding. The article reads: Code: Are you currently using the Spamhaus Project's DNS Blocklists (DNSBLs)? Not sure how to check. Code: Do you access them via the Public Mirrors, for example, query "sbl.spamhaus.org"? Not sure how to check. Code: Do you use Cloudflare's DNS? Yes.
Hello. I dont really get this or the way to solve this. Can you please help me debug this? Best regards
I switched to rspamd (using this guide https://www.howtoforge.com/replacing-amavisd-with-rspamd-in-ispconfig/) in order to fix this issue but it seems that didnt help either. rspamd statistics not even record the incoming blocks/emails. The error now: Code: Aug 25 06:23:35 server postfix/smtpd[982]: connect from mail-wr1-f41.google.com[209.85.221.41] Aug 25 06:23:35 server postfix/smtpd[982]: NOQUEUE: reject: RCPT from mail-wr1-f41.google.com[209.85.221.41]: 554 5.7.1 Service unavailable; Client host [209.85.221.41] blocked using zen.spamhaus.org; Error: open resolver; https://www.spamhaus.org/returnc/pub/162.158.196.45; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<mail-wr1-f41.google.com> Is there any way to debug/resolve this? How to remove spamhaus to check if this is the cause of the problem? Ive never encountered that kind of situation before. Please help. Best regards.
You can contact ISPConfig Business support and pay to resolve this issue rapidly. https://www.ispconfig.org/support/ I think you should know if that system uses Cloudflare, is it not a service one must pay for? On checking my RSPAMD, it seems to use SPAMHAUS. Maybe check yourself like this: Code: grep -ri SPAMHAUS /etc/rspamd/ There is configuration for the error code mentioned in the spamhaus.com article, so it might do the right thing (at leas my RSPAMD has). Check yours: Code: grep -ri 127.255.255.254 /etc/rspamd/ What version is your RSPAMD, mine is 3.2. The spamhaus.com article seemed to have instructions on how to configure system so this ceases to be an issue, did you try that?
This issue is not about amavis or rspamd, so changing from amavis to rspamd can not have any influence, but using Rspamd is a good idea anyway, independent of your problem. This issue is about using cloudflare DNS resolvers in conjunction with Spamhaus (if this is your issue, I just guessed that it might be the case). Have a look at System > Server config > mail settings in ISPConfig, you might have configured spamhaus there (spamhaus is not used on ISPConfig as a default, but you might have added it yourself there). You can then remove it there. or you alter the resolving DNS servers of your server to use your local DNS server (IP 127.0.0.1) (if you have one installed, but if you followed the perfect server guide, then BIND should be installed).
Thank you for letting me know about the business support service. I didn't know it exists. I will keep it in mind. I tried their way and added their key using their guide (https://github.com/spamhaus/rspamd-dqs) but didn't work. The same error was shown and I couldn't receive any email. Hello. This did the trick and resolved the issue. I removed zen.spamhaus.org from the System > Server config > mail page and the emails started coming again. Is there any alternative to add there? Best regards
There are lots of blacklists that can be used there, but you need to find out which if any are good for your use case. For example, my users are Finnish so I use a finnish blacklist, but that would be pretty much useless for users in other countries. Try Internet Search Engines with Code: email blacklists rbl
For anyone else that might be experiencing this and still wants to use spamhaus for their blacklist, I found that adding "=127.0.0.[2..11]" to the /etc/postfix/main.cf after "reject_rbl_client zen.spamhaus.org" resolved the receiving issue. You have to do it on the command line, as the control panel doesn't allow entering those characters. And if you update ISPConfig, you have to make the same changes again, as they will be overwritten by the update. Edit: reload the service after making said changes.
