I have a lot of incoming emails that are blocked. I've seen several posts regarding the same issue, so I removed zen.spamhaus.org in System > Server config > Email > Real-time Blackhole List. But that doesn't solve the problem. Can you help me ?
That is strange. Are you sure you really removed spamhaus rbl from the blackhole list? Verify that, see the setting now and make sure spamhaus is removed.
Don't use zen.spamhaus.org, it blocks residential IP. Use sbl.spamhaus.org and xbl.spamhaus.org instead
sorry to revive an old thread.. some of our clients just started getting a lot of ndr messages yesterday with "zen.spamhaus.org error: 'open resolver'" being given as the cause.. the dns settings on the mail server haven't changed since it was created.. seems a bit arbitrary of spamhaus to suddenly behave like this. anyway.. i've removed zen.spamhaus.org from the blackhole list in the gui.. seems to have fixed things for now.. our systems (using hetzner) have their nameservers set to 8.8.8.8,8.8.4.4 in the ispconfig system -> server config -> server -> nameservers field. anyone using hetzner using their own recursive nameservers? https://docs.hetzner.com/dns-console/dns/general/recursive-name-servers is zen.spamhaus.org going to work nicely with their nameservers?
Same problem here, starting yesterday around 15:00 UTC+1 with sbl.spamhaus.org. Solved removing it from Ispconfig. I have 2 VPS on hetzner with Ubuntu 22.04 (not multiserver), but only one with this problem. Here are the DNS config: Server with problems: Code: $resolvectl status Global Protocols: -LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported resolv.conf mode: stub Link 2 (eth0) Current Scopes: DNS Protocols: +DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported Current DNS Server: 185.12.64.1 DNS Servers: 185.12.64.1 185.12.64.2 Server with no problems: Code: resolvectl status Global Protocols: -LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported resolv.conf mode: foreign Current DNS Server: 127.0.0.1 DNS Servers: 127.0.0.1 Link 2 (eth0) Current Scopes: DNS Protocols: +DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported Current DNS Server: 185.12.64.1 DNS Servers: 2a01:4ff:ff00::add:1 2a01:4ff:ff00::add:2 185.12.64.1 185.12.64.2 I don't understand the difference
hm.. me neither.. although i just blindly went with what shows for the dns in ispconfig gui. guess that's just informational only.. mailserver host is using unbound, and actually checking the resolvectl status, like yours, the interface is set to use hetzners dns servers: Code: Global Protocols: -LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported resolv.conf mode: stub Link 2 (eth0) Current Scopes: DNS Protocols: +DefaultRoute -LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported Current DNS Server: 2a01:4ff:ff00::add:2 DNS Servers: 2a01:4ff:ff00::add:1 2a01:4ff:ff00::add:2 185.12.64.1 185.12.64.2 Link 3 (enp7s0) Current Scopes: none Protocols: -DefaultRoute -LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported
looking at some of the other posts/threads about this problem.. seems like just removing zen.spamhaus.org from the blackhole list and relying on rspamd is the recommended option anyway.. i've already done that.. and it all seems ok now, so i'll stick with that. i do wonder just how many mailservers spamhaus have caught out with this sudden change of behaviour though..
There's currently a note to Hetzner users on check.spamhaus.org/, linking to www,spamhaus,com/product/help-for-spamhaus-public-mirror-users/. I guess they flipped the switch there. (I'm not allowed to post links.)
