Hello. Following this issue (Spamhaus wont work with Cloudflare DNS) I found the only way to start receiving emails once again under Cloudflare DNS was to remove spamhaus list from my setup (check here for more info -> https://forum.howtoforge.com/threads/cannot-receive-emails-all-external-domains-blocked.89380/) The spamhaus policy seems to me very intrusive as well. I really don't want to be in any similar situation ever again (most the emails didn't even bounce back to the original sender and got lost) I'm looking for a RBL that work well with Cloudflare's DNS. Right now my Realtime Blackhole List in IPSConfig is empty. So any suggestions that works with Cloudflare DNS will be really appreciated. Best regards
Spamhaus works with Cloudflafe DNS if DQS key is configured. What would also work as far as I understand is to use some other name server, not Clouldflare. Also, just stop using Spamhaus, there are many other RBL lists to choose from. I use Spamhaus on my ISPConfig servers, and see no problem since my servers do not use Cloudflare.
Using Spamhaus is indeed no problem, normally each ISPConfig server has a local DNS server or local DNS resolver installed, use this local resolver or DNS server instead of Cloudflare DNS server and Spamhaus will work.
I may be misunderstanding your recommendation, but do you mean configure DNS records on the ISPConfig server for the mail domain? I had the default settings when recreating my server, and for some reason I couldn't receive any messages from external email accounts that ISPConfig with those defaults, or even the recommended settings from this link. No error message froma gmail account. Yahoo presented the following message: Code: 554: 5.7.1 Service unavailable and zoho had more details: Code: ERROR CODE :554 - 5.7.1 Service unavailable; Client host [136.143.188.98] blocked using zen.spamhaus.org; Error: open resolver; https://www.spamhaus.org/returnc/pub/2620:171:ea:f0::4 I had this same error message previously, and spamhaus recommended I disable the DNS service and block the port on my server, and it worked for awhile, but it didn't work this time on a fresh install.
No. What I mean is that the server should use its own DNS system to resolve DNS queries. This means that the DNS server that is configured in /etc/resolv.conf (or in your network config file) uses localhost and not Cloudflare public DNS servers for resolving.
I tried that method with a DQS key and didn't work. The same message returned. My resolv.conf shows indeed google and cloudflare DNS in use. Code: nameserver 8.8.8.8 nameserver 1.1.1.1 Not sure if it was that way by default. I have not installed BIND. Actually in new server setups I opt out DNS using the automatic configuration of ISPConfig (--no-dns). In any case this was a very aggressive move by Spamhaus organization by HARD rejecting all of our incoming emails. I'm sure there was another way of handling this (maybe just stop updating the service to users with open DNS resolvers) than blinding blocking EVERY IP or domain name of incoming emails. Not sure if they pull something similar to any other DNS service or single IP/configuration/firewall. I know I cant trust them anymore and will recommend other professionals to avoid them at all cost. That's why I created this thread. To find any good alternatives that they don't pull staff like that off. If anyone knows a good alternative that works with open DNS resolvers please let me know. Best regards