Hello, I would like to use SURBL (multi.surbl.org) in my email server. How can I get this? Debian GNU/Linux 8 ISPConfig 3.1.6 Thanks, Manuel
After adding multi.surbl.org all inbound email is rejected with this log: 554 5.7.1 Service unavailable; Client host [1.2.3.4] blocked using multi.surbl.org Any idea? Thanks, Manuel
This means that the IP address that the server receives these emails from are on multi.surbl.org blacklist. Is your server connected directly to the internet? or does it receive emails from a smart host or similar?
My environment: Dedicated Server (Debian 8 and Proxmox 4.4). IP not blacklisted. Virtual Machine (LXC with Debian 8 and ISPConfig 3.1.6). IP not blacklisted. No intermediate mailserver. When I add multi.surbl.org, all external inbound emails are rejected. The senders IP are not blacklisted. Any idea? Thanks, Manuel
And the server is directly connected to the internet, so the incoming emails do not come from any kind of smarthost? Please post a few lines from your log that show the rejects.
Yes (this is a normal installation following your tutorial). Feb 15 15:49:30 myserver postfix/smtpd[4073]: connect from mail-wr0-f180.google.com[209.85.128.180] Feb 15 15:49:30 myserver postfix/smtpd[4073]: NOQUEUE: filter: RCPT from mail-wr0-f180.google.com[209.85.128.180]: <[email protected]>: Sender address triggers FILTER amavis:[127.0.0.1]:10026; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<mail-wr0-f180.google.com> Feb 15 15:49:30 myserver postfix/smtpd[4073]: NOQUEUE: filter: RCPT from mail-wr0-f180.google.com[209.85.128.180]: <[email protected]>: Sender address triggers FILTER amavis:[127.0.0.1]:10024; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<mail-wr0-f180.google.com> Feb 15 15:49:30 myserver postgrey[16576]: action=pass, reason=client whitelist, client_name=mail-wr0-f180.google.com, client_address=209.85.128.180, sender=[email protected], recipient=[email protected] Feb 15 15:49:30 myserver postgrey[16576]: action=pass, reason=client whitelist, client_name=mail-wr0-f180.google.com, client_address=209.85.128.180, sender=[email protected], recipient=[email protected] Feb 15 15:49:30 myserver postfix/smtpd[4073]: NOQUEUE: reject: RCPT from mail-wr0-f180.google.com[209.85.128.180]: 554 5.7.1 Service unavailable; Client host [209.85.128.180] blocked using multi.surbl.org; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<mail-wr0-f180.google.com> Feb 15 15:49:30 myserver postfix/smtpd[4073]: disconnect from mail-wr0-f180.google.com[209.85.128.180] Notes: 209.85.128.180 is not blacklisted according to http://www.surbl.org/surbl-analysis I see 2 logs duplicated: is this normal? Thanks, Manuel
May it be that your server uses a local dns relay that is misconfigured? Have you try doing a check from command line manually, e.g. Code: dig 180.128.85.209.multi.surbl.org
Thanks: # dig 180.128.85.209.multi.surbl.org ; <<>> DiG 9.9.5-9+deb8u15-Debian <<>> 180.128.85.209.multi.surbl.org ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 31858 ;; flags: qr rd ad; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0 ;; WARNING: recursion requested but not available ;; QUESTION SECTION: ;180.128.85.209.multi.surbl.org. IN A ;; Query time: 0 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Thu Feb 15 16:37:27 CET 2018 ;; MSG SIZE rcvd: 48
Ok, so it seems to be a dnsconfig problem. Check the /etc/resolv.conf file and ensure that you have dns servers in there that allow external resolving. e.g. the free google namervers 8.8.8.8 and 8.8.4.4
I added 8.8.8.8 and 8.8.4.4 nameservers to resolv.conf, but nothing has changed: # touch /etc/.pve-ignore.resolv.conf # vi /etc/resolv.conf Code: # --- BEGIN PVE --- search ip-1-2-3.eu nameserver 127.0.0.1 nameserver 213.186.33.99 nameserver 8.8.8.8 nameserver 8.8.4.4 # --- END PVE --- Notes: search ip-1-2-3.eu = OVH domain of the dedicated server. nameserver 213.186.33.99 = OVH cache DNS infrastructure. # reboot # dig 180.128.85.209.multi.surbl.org Code: ; <<>> DiG 9.9.5-9+deb8u15-Debian <<>> 180.128.85.209.multi.surbl.org ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 12814 ;; flags: qr rd ad; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0 ;; WARNING: recursion requested but not available ;; QUESTION SECTION: ;180.128.85.209.multi.surbl.org. IN A ;; Query time: 0 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Fri Feb 16 01:31:11 CET 2018 ;; MSG SIZE rcvd: 48 And the same multi.surbl.org false positives and logs. Any idea? Thanks! Manuel
Removed (commented out) localhost and rebooted virtual machine and dedicated server. Now, dig has an answer: Code: # dig 180.128.85.209.multi.surbl.org ; <<>> DiG 9.9.5-9+deb8u15-Debian <<>> 180.128.85.209.multi.surbl.org ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 48647 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;180.128.85.209.multi.surbl.org. IN A ;; ANSWER SECTION: 180.128.85.209.multi.surbl.org. 86400 IN A 127.0.0.1 ;; Query time: 66 msec ;; SERVER: 213.186.33.99#53(213.186.33.99) ;; WHEN: Mon Feb 19 01:00:09 CET 2018 ;; MSG SIZE rcvd: 75 But I still have the same problem: when I add multi.surbl.org, all incoming mail is blocked. :-( Any idea? (sorry) Thanks, Manuel
Finally, I have started using dnsbl.spfbl.net (this list is working perfectly, without errors). Thank you very much for your help! Manuel