About a week ago, my inbox suddenly dried-up - no incoming mail whatsoever. I have a google account that i rarely use, so i went there and mailed my regular mailbox. Nothing received. A short while later, google's delivery subsystem flags the mail undelivered, detailing: Code: 554 5.7.1 Service unavailable; Client host [209.85.167.41] blocked using zen.spamhaus.org; Error: open resolver; https://check.spamhaus.org/returnc/pub/2001:41d0:2:8929::/ I rent a dedicated linux/debian12 server from OVH, who (alas) operate an open resolver policy on their kit. Apparently spamhaus.org no longer allow blocklist requests from hosts using an open resolver and instead i must register with spamhaus to access their new DQS service. After registering, they'll supply me with a unique DQS service key that i can use with either of their SpamAssasin or Rspamd server patches. However, to register i need to use the very email address that's currently being blocked... Spamhaus suggest users remove all spam filtering that utilizes spamhaus in order to receive the registration mail from them that'll supply the appropriate key links. I have disabled spam filtering on the domain level & have set my email account filter user setting to "inherit domain". I also removed "zen.spamhaus.org" from the Real-time Blackhole List part on ISPConfig's System->Server Config->Mail page. I also,removed "reject_rbl_client zen.spamhaus.org" in '/etc/postfix/main.conf'. I reloaded postfix and tried mailing my inbox from my google account again... and still the /var/log/rspamd/rspamd.log displays this: Code: rspamd_monitored_dns_cb: DNS reply returned 'no error' for zen.spamhaus.org while 'no records with this name' was expected when querying for '1.0.0.127.zen.spamhaus.org'(likely DNS spoofing or BL internal issues) 1. What am i missing? How on earth do i get access to my inbox if i can't stop spamhaus from hijacking my inbox?! 2. Would i use spamhaus's Rspamd or SpamAssasin patch on ISPConfig (3.2.11p1)? All practical help gratefully received!
You should not make manual changes to the main.cf of Postfix, especially when you are also editting it through ISPConfig... I'd indeed just remove it from the config through ISPConfig. If it's still blocked, I'd be interested in seeing all relevant lines from the mail.log and rspamd.log.
Hey Th0m, thank you for the reply. Alas, it's still blocked... As requested, below a recent excerpt from /var/log/rspamd/rspamd.log: Code: 2024-02-08 09:17:26 #617927(controller) <1jqufq>; monitored; rspamd_monitored_dns_cb: DNS reply returned 'no error' for dbl.spamhaus.org while 'no records with this name' was expected when querying for 'jay1YT2i.dbl.spamhaus.org'(likely DNS spoofing or BL internal issues) 2024-02-08 09:17:26 #617927(controller) <1jqufq>; monitored; rspamd_monitored_propagate_error: invalid return on resolving dbl.spamhaus.org, disable object 2024-02-08 09:17:26 #617927(controller) <3zqkf1>; cfg; rspamd_worker_monitored_on_change: broadcast monitored update for 1jqufqqgiuzucy7rfzfco8ji4aw6bph: dead 2024-02-08 09:17:26 #617928(normal) <3zqkf1>; cfg; rspamd_worker_monitored_handler: updated monitored status for 1jqufqqgiuzucy7rfzfco8ji4aw6bph: dead 2024-02-08 09:17:26 #617929(normal) <3zqkf1>; cfg; rspamd_worker_monitored_handler: updated monitored status for 1jqufqqgiuzucy7rfzfco8ji4aw6bph: dead 2024-02-08 09:17:26 #617931(normal) <3zqkf1>; cfg; rspamd_worker_monitored_handler: updated monitored status for 1jqufqqgiuzucy7rfzfco8ji4aw6bph: dead 2024-02-08 09:17:26 #617930(normal) <3zqkf1>; cfg; rspamd_worker_monitored_handler: updated monitored status for 1jqufqqgiuzucy7rfzfco8ji4aw6bph: dead 2024-02-08 09:18:25 #617927(controller) <c9hxbz>; monitored; rspamd_monitored_dns_cb: DNS reply returned 'no error' for zen.spamhaus.org while 'no records with this name' was expected when querying for '1.0.0.127.zen.spamhaus.org'(likely DNS spoofing or BL internal issues) 2024-02-08 09:20:02 #617927(controller) <1jqufq>; monitored; rspamd_monitored_dns_cb: DNS reply returned 'no error' for dbl.spamhaus.org while 'no records with this name' was expected when querying for 'g6t2WHIp9O_EhgvBl1DfyCDJ.dbl.spamhaus.org'(likely DNS spoofing or BL internal issues) 2024-02-08 09:21:07 #617927(controller) <5t8s4f>; map; http_map_finish: data is not modified for server sa-update.surbl.org, next check at Thu, 08 Feb 2024 09:26:07 GMT (timer based) 2024-02-08 09:21:42 #617926(rspamd_proxy) <6eb81b>; proxy; proxy_accept_socket: accepted milter connection from ::1 port 52410 2024-02-08 09:21:45 #617926(rspamd_proxy) <6eb81b>; milter; rspamd_milter_process_command: got connection from 91.215.85.17:43620 2024-02-08 09:21:45 #617926(rspamd_proxy) <6eb81b>; proxy; proxy_milter_finish_handler: finished milter connection 2024-02-08 09:24:38 #617927(controller) <1jqufq>; monitored; rspamd_monitored_propagate_success: restoring dbl.spamhaus.org after 432.7 seconds of downtime, total downtime: 9327.1 2024-02-08 09:24:38 #617927(controller) <3zqkf1>; cfg; rspamd_worker_monitored_on_change: broadcast monitored update for 1jqufqqgiuzucy7rfzfco8ji4aw6bph: alive 2024-02-08 09:24:38 #617928(normal) <3zqkf1>; cfg; rspamd_worker_monitored_handler: updated monitored status for 1jqufqqgiuzucy7rfzfco8ji4aw6bph: alive 2024-02-08 09:24:38 #617929(normal) <3zqkf1>; cfg; rspamd_worker_monitored_handler: updated monitored status for 1jqufqqgiuzucy7rfzfco8ji4aw6bph: alive 2024-02-08 09:24:38 #617931(normal) <3zqkf1>; cfg; rspamd_worker_monitored_handler: updated monitored status for 1jqufqqgiuzucy7rfzfco8ji4aw6bph: alive 2024-02-08 09:24:38 #617930(normal) <3zqkf1>; cfg; rspamd_worker_monitored_handler: updated monitored status for 1jqufqqgiuzucy7rfzfco8ji4aw6bph: alive 2024-02-08 09:26:02 #617927(controller) <1jqufq>; monitored; rspamd_monitored_dns_cb: DNS reply returned 'no error' for dbl.spamhaus.org while 'no records with this name' was expected when querying for '7TEnJSmWy7nDyfVrIN.dbl.spamhaus.org'(likely DNS spoofing or BL internal issues) 2024-02-08 09:26:56 #617927(controller) <1jqufq>; monitored; rspamd_monitored_dns_cb: DNS reply returned 'no error' for dbl.spamhaus.org while 'no records with this name' was expected when querying for '_A0kmbxow3D2Ns8DteYBk6Uvt.dbl.spamhaus.org'(likely DNS spoofing or BL internal issues) 2024-02-08 09:27:57 #617927(controller) <1jqufq>; monitored; rspamd_monitored_dns_cb: DNS reply returned 'no error' for dbl.spamhaus.org while 'no records with this name' was expected when querying for 'ih5NeC9MV8.dbl.spamhaus.org'(likely DNS spoofing or BL internal issues) 2024-02-08 09:27:57 #617927(controller) <1jqufq>; monitored; rspamd_monitored_propagate_error: invalid return on resolving dbl.spamhaus.org, disable object 2024-02-08 09:27:57 #617927(controller) <3zqkf1>; cfg; rspamd_worker_monitored_on_change: broadcast monitored update for 1jqufqqgiuzucy7rfzfco8ji4aw6bph: dead 2024-02-08 09:27:57 #617929(normal) <3zqkf1>; cfg; rspamd_worker_monitored_handler: updated monitored status for 1jqufqqgiuzucy7rfzfco8ji4aw6bph: dead 2024-02-08 09:27:57 #617931(normal) <3zqkf1>; cfg; rspamd_worker_monitored_handler: updated monitored status for 1jqufqqgiuzucy7rfzfco8ji4aw6bph: dead 2024-02-08 09:27:57 #617928(normal) <3zqkf1>; cfg; rspamd_worker_monitored_handler: updated monitored status for 1jqufqqgiuzucy7rfzfco8ji4aw6bph: dead 2024-02-08 09:27:57 #617930(normal) <3zqkf1>; cfg; rspamd_worker_monitored_handler: updated monitored status for 1jqufqqgiuzucy7rfzfco8ji4aw6bph: dead 2024-02-08 09:29:45 #617927(controller) <5t8s4f>; map; http_map_finish: data is not modified for server sa-update.surbl.org, next check at Thu, 08 Feb 2024 09:34:45 GMT (timer based) 2024-02-08 09:30:07 #617926(rspamd_proxy) <2f52f9>; proxy; proxy_accept_socket: accepted milter connection from ::1 port 42778 2024-02-08 09:30:10 #617926(rspamd_proxy) <2f52f9>; milter; rspamd_milter_process_command: got connection from 91.215.85.17:16218 2024-02-08 09:30:10 #617926(rspamd_proxy) <2f52f9>; proxy; proxy_milter_finish_handler: finished milter connection 2024-02-08 09:30:24 #617927(controller) <1jqufq>; monitored; rspamd_monitored_dns_cb: DNS reply returned 'no error' for dbl.spamhaus.org while 'no records with this name' was expected when querying for 'LNIJbqcCyF.dbl.spamhaus.org'(likely DNS spoofing or BL internal issues) 2024-02-08 09:30:29 #617927(controller) <c9hxbz>; monitored; rspamd_monitored_dns_cb: DNS reply returned 'no error' for zen.spamhaus.org while 'no records with this name' was expected when querying for '1.0.0.127.zen.spamhaus.org'(likely DNS spoofing or BL internal issues) 2024-02-08 09:32:24 #617927(controller) <u9r7uu>; map; http_map_finish: data is not modified for server maps.rspamd.com, next check at Thu, 08 Feb 2024 13:29:46 GMT (http cache based: Thu, 08 Feb 2024 13:29:46 GMT) 2024-02-08 09:32:24 #617927(controller) <1u5hdp>; map; http_map_finish: data is not modified for server maps.rspamd.com, next check at Thu, 08 Feb 2024 13:29:46 GMT (http cache based: Thu, 08 Feb 2024 13:29:46 GMT) 2024-02-08 09:34:24 #617927(controller) <1jqufq>; monitored; rspamd_monitored_dns_cb: DNS reply returned 'no error' for dbl.spamhaus.org while 'no records with this name' was expected when querying for 'DvzN3LInGYEtq9cNOKyV7b.dbl.spamhaus.org'(likely DNS spoofing or BL internal issues) 2024-02-08 09:38:14 #617926(rspamd_proxy) <6da740>; proxy; proxy_accept_socket: accepted milter connection from ::1 port 53180 2024-02-08 09:38:16 #617926(rspamd_proxy) <6da740>; milter; rspamd_milter_process_command: got connection from 91.215.85.17:7168 2024-02-08 09:38:16 #617926(rspamd_proxy) <6da740>; proxy; proxy_milter_finish_handler: finished milter connection 2024-02-08 09:38:31 #617927(controller) <5t8s4f>; map; http_map_finish: data is not modified for server sa-update.surbl.org, next check at Thu, 08 Feb 2024 09:43:31 GMT (timer based) 2024-02-08 09:45:24 #617926(rspamd_proxy) <fafa8f>; proxy; proxy_accept_socket: accepted milter connection from ::1 port 33604 2024-02-08 09:45:27 #617926(rspamd_proxy) <fafa8f>; milter; rspamd_milter_process_command: got connection from 91.215.85.17:12782 2024-02-08 09:45:27 #617926(rspamd_proxy) <fafa8f>; proxy; proxy_milter_finish_handler: finished milter connection 2024-02-08 09:45:52 #617927(controller) <c9hxbz>; monitored; rspamd_monitored_dns_cb: DNS reply returned 'no error' for zen.spamhaus.org while 'no records with this name' was expected when querying for '1.0.0.127.zen.spamhaus.org'(likely DNS spoofing or BL internal issues) 2024-02-08 09:45:53 #617927(controller) <5t8s4f>; map; http_map_finish: data is not modified for server sa-update.surbl.org, next check at Thu, 08 Feb 2024 09:50:53 GMT (timer based) 2024-02-08 09:46:46 #617926(rspamd_proxy) <9ad010>; proxy; proxy_accept_socket: accepted milter connection from ::1 port 45400 2024-02-08 09:46:48 #617926(rspamd_proxy) <9ad010>; milter; rspamd_milter_process_command: got connection from 91.215.85.17:8938 2024-02-08 09:46:48 #617926(rspamd_proxy) <9ad010>; proxy; proxy_milter_finish_handler: finished milter connection ...And here's an excerpt from /var/log/mail.log: Code: 2024-02-08T09:10:03.355653+00:00 ns3099373 dovecot: imap-login: Disconnected: Connection closed (disconnected before auth was ready, waited 0 secs): user=<>, rip=::1, lip=::1, secured, session=<cwBALdsQmrwAAAAAAAAAAAAAAAAAAAAB> 2024-02-08T09:10:03.355772+00:00 ns3099373 dovecot: pop3-login: Disconnected: Connection closed (no auth attempts in 0 secs): user=<>, rip=::1, lip=::1, secured, session=<VD9ALdsQVKMAAAAAAAAAAAAAAAAAAAAB> 2024-02-08T09:15:02.788439+00:00 ns3099373 dovecot: pop3-login: Disconnected: Connection closed (no auth attempts in 0 secs): user=<>, rip=::1, lip=::1, secured, session=<jJcZP9sQ5NIAAAAAAAAAAAAAAAAAAAAB> 2024-02-08T09:15:02.788581+00:00 ns3099373 dovecot: imap-login: Disconnected: Connection closed (no auth attempts in 0 secs): user=<>, rip=::1, lip=::1, secured, session=<v5gZP9sQ8rEAAAAAAAAAAAAAAAAAAAAB> 2024-02-08T09:17:00.535549+00:00 ns3099373 postfix/submission/smtpd[631284]: connect from unknown[91.215.85.17] 2024-02-08T09:17:02.427803+00:00 ns3099373 postfix/submission/smtpd[631284]: warning: unknown[91.215.85.17]: SASL PLAIN authentication failed: 2024-02-08T09:17:02.508558+00:00 ns3099373 postfix/submission/smtpd[631284]: disconnect from unknown[91.215.85.17] ehlo=2 starttls=1 auth=0/1 quit=1 unknown=0/1 commands=4/6 2024-02-08T09:20:03.106078+00:00 ns3099373 dovecot: imap-login: Disconnected: Connection closed (disconnected before auth was ready, waited 0 secs): user=<>, rip=::1, lip=::1, secured, session=<txIAUdsQ/IUAAAAAAAAAAAAAAAAAAAAB> 2024-02-08T09:20:03.122799+00:00 ns3099373 dovecot: pop3-login: Disconnected: Connection closed (no auth attempts in 0 secs): user=<>, rip=::1, lip=::1, secured, session=<olUAUdsQxr0AAAAAAAAAAAAAAAAAAAAB> 2024-02-08T09:20:22.625572+00:00 ns3099373 postfix/anvil[631286]: statistics: max connection rate 1/60s for (submission:91.215.85.17) at Feb 8 09:17:00 2024-02-08T09:20:22.625812+00:00 ns3099373 postfix/anvil[631286]: statistics: max connection count 1 for (submission:91.215.85.17) at Feb 8 09:17:00 2024-02-08T09:20:22.625912+00:00 ns3099373 postfix/anvil[631286]: statistics: max cache size 1 at Feb 8 09:17:00 2024-02-08T09:21:42.710206+00:00 ns3099373 postfix/submission/smtpd[631540]: connect from unknown[91.215.85.17] 2024-02-08T09:21:45.067514+00:00 ns3099373 postfix/submission/smtpd[631540]: warning: unknown[91.215.85.17]: SASL PLAIN authentication failed: 2024-02-08T09:21:45.148493+00:00 ns3099373 postfix/submission/smtpd[631540]: disconnect from unknown[91.215.85.17] ehlo=2 starttls=1 auth=0/1 quit=1 unknown=0/1 commands=4/6 2024-02-08T09:25:02.505590+00:00 ns3099373 dovecot: imap-login: Disconnected: Connection closed (disconnected before auth was ready, waited 0 secs): user=<>, rip=::1, lip=::1, secured, session=<dIzYYtsQlJAAAAAAAAAAAAAAAAAAAAAB> 2024-02-08T09:25:02.521300+00:00 ns3099373 dovecot: pop3-login: Disconnected: Connection closed (no auth attempts in 0 secs): user=<>, rip=::1, lip=::1, secured, session=<4crYYtsQBIQAAAAAAAAAAAAAAAAAAAAB> 2024-02-08T09:25:05.339970+00:00 ns3099373 postfix/anvil[631542]: statistics: max connection rate 1/60s for (submission:91.215.85.17) at Feb 8 09:21:42 2024-02-08T09:25:05.340141+00:00 ns3099373 postfix/anvil[631542]: statistics: max connection count 1 for (submission:91.215.85.17) at Feb 8 09:21:42 2024-02-08T09:25:05.340280+00:00 ns3099373 postfix/anvil[631542]: statistics: max cache size 1 at Feb 8 09:21:42 2024-02-08T09:30:02.913224+00:00 ns3099373 dovecot: imap-login: Disconnected: Connection closed (no auth attempts in 0 secs): user=<>, rip=::1, lip=::1, secured, session=<kmfAdNsQYJUAAAAAAAAAAAAAAAAAAAAB> 2024-02-08T09:30:02.913430+00:00 ns3099373 dovecot: pop3-login: Disconnected: Connection closed (no auth attempts in 0 secs): user=<>, rip=::1, lip=::1, secured, session=<m2nAdNsQcOUAAAAAAAAAAAAAAAAAAAAB> 2024-02-08T09:30:07.691588+00:00 ns3099373 postfix/submission/smtpd[631957]: connect from unknown[91.215.85.17] 2024-02-08T09:30:10.148692+00:00 ns3099373 postfix/submission/smtpd[631957]: warning: unknown[91.215.85.17]: SASL PLAIN authentication failed: 2024-02-08T09:30:10.228709+00:00 ns3099373 postfix/submission/smtpd[631957]: disconnect from unknown[91.215.85.17] ehlo=2 starttls=1 auth=0/1 quit=1 unknown=0/1 commands=4/6 2024-02-08T09:33:30.401504+00:00 ns3099373 postfix/anvil[631959]: statistics: max connection rate 1/60s for (submission:91.215.85.17) at Feb 8 09:30:07 2024-02-08T09:33:30.401716+00:00 ns3099373 postfix/anvil[631959]: statistics: max connection count 1 for (submission:91.215.85.17) at Feb 8 09:30:07 2024-02-08T09:33:30.401812+00:00 ns3099373 postfix/anvil[631959]: statistics: max cache size 1 at Feb 8 09:30:07 2024-02-08T09:35:03.181818+00:00 ns3099373 dovecot: imap-login: Disconnected: Connection closed (disconnected before auth was ready, waited 0 secs): user=<>, rip=::1, lip=::1, secured, session=<ACSmhtsQatIAAAAAAAAAAAAAAAAAAAAB> 2024-02-08T09:35:03.198052+00:00 ns3099373 dovecot: pop3-login: Disconnected: Connection closed (no auth attempts in 0 secs): user=<>, rip=::1, lip=::1, secured, session=<Y2SmhtsQ/OYAAAAAAAAAAAAAAAAAAAAB> 2024-02-08T09:38:14.166644+00:00 ns3099373 postfix/submission/smtpd[632302]: connect from unknown[91.215.85.17] 2024-02-08T09:38:16.061116+00:00 ns3099373 postfix/submission/smtpd[632302]: warning: unknown[91.215.85.17]: SASL PLAIN authentication failed: 2024-02-08T09:38:16.141764+00:00 ns3099373 postfix/submission/smtpd[632302]: disconnect from unknown[91.215.85.17] ehlo=2 starttls=1 auth=0/1 quit=1 unknown=0/1 commands=4/6 2024-02-08T09:40:02.507869+00:00 ns3099373 dovecot: pop3-login: Disconnected: Connection closed (no auth attempts in 0 secs): user=<>, rip=::1, lip=::1, secured, session=<an59mNsQ/L8AAAAAAAAAAAAAAAAAAAAB> 2024-02-08T09:40:02.508042+00:00 ns3099373 dovecot: imap-login: Disconnected: Connection closed (no auth attempts in 0 secs): user=<>, rip=::1, lip=::1, secured, session=<RYB9mNsQqswAAAAAAAAAAAAAAAAAAAAB> 2024-02-08T09:41:36.344778+00:00 ns3099373 postfix/anvil[632304]: statistics: max connection rate 1/60s for (submission:91.215.85.17) at Feb 8 09:38:14 2024-02-08T09:41:36.345638+00:00 ns3099373 postfix/anvil[632304]: statistics: max connection count 1 for (submission:91.215.85.17) at Feb 8 09:38:14 2024-02-08T09:41:36.345734+00:00 ns3099373 postfix/anvil[632304]: statistics: max cache size 1 at Feb 8 09:38:14 2024-02-08T09:45:03.097186+00:00 ns3099373 dovecot: imap-login: Disconnected: Connection closed (no auth attempts in 0 secs): user=<>, rip=::1, lip=::1, secured, session=<xB5oqtsQstYAAAAAAAAAAAAAAAAAAAAB> 2024-02-08T09:45:03.097373+00:00 ns3099373 dovecot: pop3-login: Disconnected: Connection closed (no auth attempts in 0 secs): user=<>, rip=::1, lip=::1, secured, session=<9SBoqtsQ0IQAAAAAAAAAAAAAAAAAAAAB> 2024-02-08T09:45:24.712312+00:00 ns3099373 postfix/submission/smtpd[633081]: connect from unknown[91.215.85.17] 2024-02-08T09:45:27.295914+00:00 ns3099373 postfix/submission/smtpd[633081]: warning: unknown[91.215.85.17]: SASL PLAIN authentication failed: 2024-02-08T09:45:27.376352+00:00 ns3099373 postfix/submission/smtpd[633081]: disconnect from unknown[91.215.85.17] ehlo=2 starttls=1 auth=0/1 quit=1 unknown=0/1 commands=4/6 2024-02-08T09:45:54.910705+00:00 ns3099373 dovecot: imap-login: Disconnected: Connection closed (no auth attempts in 0 secs): user=<>, rip=198.235.24.237, lip=188.165.192.41, TLS, session=<ubt+rdsQPujG6xjt> 2024-02-08T09:46:46.431159+00:00 ns3099373 postfix/submission/smtpd[633081]: connect from unknown[91.215.85.17] 2024-02-08T09:46:48.291128+00:00 ns3099373 postfix/submission/smtpd[633081]: warning: unknown[91.215.85.17]: SASL PLAIN authentication failed: 2024-02-08T09:46:48.370862+00:00 ns3099373 postfix/submission/smtpd[633081]: disconnect from unknown[91.215.85.17] ehlo=2 starttls=1 auth=0/1 quit=1 unknown=0/1 commands=4/6 I really hope it helps, 'cos i'm at a complete loss currently! Regards, Paul
What have you set on the domain level? You must select a policy like 'non-paying'. Not selecting any policy will not disable spam filtering, it will just cause Rspamd to use its default settings. If you do not want spam filtering, you must always select a policy. Then, as @Th0m mentioned, do not edit postfix config files. You must remove the blacklist in ISPConfig under system > server config > email.
Don't use zen.spamhaus.org, it blocks all residential IP. Use sbl.spamhaus.org and xbl.spamhaus.org instead
Thank you all for the replies. I very much regret to say that my mail is still bouncing because it's STILL checking against zen.spamhaus.org... I've gone through the following settings: 1. set my domain to 'non-paying' and left the email account to inherit. That didn't work, so I also set the email mailbox to 'non-paying' too. No difference. 2.Under System->Server Config->Mail I firstly re-rentered zen.spamhaus.org in the 'Real-time Blackhole List' field, did the update and confirmed the /etc/postfix/main.cf contained the zen.spamhaus.org directive, then removed it from 'Real-time Blackhole List'' input field, re-updated the page, waited for the ISpConfig to do its thing, then re-checked the /etc/postfix/main.cf file - no mention of spamhaus is there. i.e.: Code: smtpd_client_restrictions = check_client_access proxy:mysql:/etc/postfix/mysql-virtual_client.cf, permit_inet_interfaces, permit_mynetworks, permit_sasl_authenticated, reject_unauth_pipelining, permit 3. On the Email->Policy page I updated the 'non-paying' option to show: Policy Name: Non-paying Virus lover: Yes SPAM lover: Yes In the Amavis tab i edited the settings to: Banned files lover: Yes Bad header lover: Yes Bypass virus checks: Yes Bypass banned checks: Yes Bypass header checks: Yes In the Rspamd tab, the settings currently show: Greylisting level: 6.00 SPAM tag level: 8.00 SPAM tag method: Subject (adds ****SPAM**** at the beginning) SPAM reject level: 12.00 ...and still the /var/log/rspamd/rspamd.log consistantly shows entries like this: Code: 2024-02-09 02:07:08 #4251(controller) <1jqufq>; monitored; rspamd_monitored_dns_cb: DNS reply returned 'no error' for dbl.spamhaus.org while 'no records with this name' was expected when querying for 'urOW9wQo.dbl.spamhaus.org'(likely DNS spoofing or BL internal issues) 2024-02-09 02:09:37 #4251(controller) <c9hxbz>; monitored; rspamd_monitored_dns_cb: DNS reply returned 'no error' for zen.spamhaus.org while 'no records with this name' was expected when querying for '1.0.0.127.zen.spamhaus.org'(likely DNS spoofing or BL internal issues) Are there any default settings in e.g. SpamAssassin or Rspamd that default to zen.spamhaus.org? If so, where do they reside, so i can remove them to finally stop spamhaus from barricading my inbox?
This should not cause an issue as Rspamd might check them but is not blocking them. You should check your mail.log file instead to see why it gets blocked.
Hey Till, thanks for the reply. Ok, I'm tailing both /var/log/mail.log and /var/log/rspamd/rspamd.log files & I've just sent another mail to my mailbox from google. I then fired-up thunderbird on my PC to check my mail. Here's the output.. /var/log/rspamd/rspamd.log: Code: 2024-02-09 05:36:03 #21618(controller) <c9hxbz>; monitored; rspamd_monitored_dns_cb: DNS reply returned 'no error' for zen.spamhaus.org while 'no records with this name' was expected when querying for '1.0.0.127.zen.spamhaus.org'(likely DNS spoofing or BL internal issues) 2024-02-09 05:39:46 #21618(controller) <1jqufq>; monitored; rspamd_monitored_dns_cb: DNS reply returned 'no error' for dbl.spamhaus.org while 'no records with this name' was expected when querying for 'WOMsRJNH9K8im8avuTqcQGs5V5qZRoZ.dbl.spamhaus.org'(likely DNS spoofing or BL internal issues) 2024-02-09 05:40:59 #21618(controller) <5t8s4f>; map; http_map_finish: data is not modified for server sa-update.surbl.org, next check at Fri, 09 Feb 2024 05:45:59 GMT (timer based) 2024-02-09 05:41:31 #21617(rspamd_proxy) <5b74b9>; proxy; proxy_accept_socket: accepted milter connection from ::1 port 52698 2024-02-09 05:41:33 #21617(rspamd_proxy) <5b74b9>; milter; rspamd_milter_process_command: got connection from 91.215.85.17:24758 2024-02-09 05:41:33 #21617(rspamd_proxy) <5b74b9>; proxy; proxy_milter_finish_handler: finished milter connection /var/log/mail.log: Code: 2024-02-09T05:36:01.235165+00:00 ns3099373 dovecot: imap-login: Login: user=<[email protected]>, method=PLAIN, rip=82.4.111.84, lip=188.165.192.41, mpid=22120, TLS, session=<vjykTewQhP1SBG9U> 2024-02-09T05:36:01.245488+00:00 ns3099373 dovecot: imap-login: Login: user=<[email protected]>, method=PLAIN, rip=82.4.111.84, lip=188.165.192.41, mpid=22121, TLS, session=<EDykTewQhf1SBG9U> 2024-02-09T05:37:18.544664+00:00 ns3099373 postfix/anvil[21936]: statistics: max connection rate 2/60s for (submission:77.83.246.41) at Feb 9 05:33:51 2024-02-09T05:37:18.544905+00:00 ns3099373 postfix/anvil[21936]: statistics: max connection count 2 for (submission:77.83.246.41) at Feb 9 05:33:51 2024-02-09T05:37:18.545022+00:00 ns3099373 postfix/anvil[21936]: statistics: max cache size 2 at Feb 9 05:33:49 2024-02-09T05:40:03.139307+00:00 ns3099373 dovecot: imap-login: Disconnected: Connection closed (disconnected before auth was ready, waited 0 secs): user=<>, rip=::1, lip=::1, secured, session=<nPAPXOwQjt8AAAAAAAAAAAAAAAAAAAAB> 2024-02-09T05:40:03.155208+00:00 ns3099373 dovecot: pop3-login: Disconnected: Connection closed (no auth attempts in 0 secs): user=<>, rip=::1, lip=::1, secured, session=<FDAQXOwQfqIAAAAAAAAAAAAAAAAAAAAB> 2024-02-09T05:41:31.434749+00:00 ns3099373 postfix/submission/smtpd[22769]: connect from unknown[91.215.85.17] 2024-02-09T05:41:33.285282+00:00 ns3099373 postfix/submission/smtpd[22769]: warning: unknown[91.215.85.17]: SASL PLAIN authentication failed: 2024-02-09T05:41:33.365080+00:00 ns3099373 postfix/submission/smtpd[22769]: disconnect from unknown[91.215.85.17] ehlo=2 starttls=1 auth=0/1 quit=1 unknown=0/1 commands=4/6 Are there any system or module defaults erroneously kicking-in? Could this be an arcane cache/db error issue? I'm well over my head now, lost at sea... Paul
As far as I can see, the message was not rejected by your rspamd system. Otherwise, you would have seen something like this: Code: milter-reject: END-OF-MESSAGE from .................: 5.7.1 Spam message rejected; from=<.......> to=<.............> proto=ESMTP helo=<...........> What you can do is that you take a look into the rspamd GUI to see if you get any further info. Besides that, the message might just have been delivered but either you mail client did not show it to you or you have server or client side filter rule sin place that moved the message to a different folder.
Thanks for getting back to me. Regrettably, I've checked everywhere - many, many times before & just now - NO mail is being received here. I've checked junk, deleted, archive - there are no others. That is somewhat besides the point. Why is spamhaus showing anywhere in the log entries if it's not specified as the designated RBL in ISPConfig? How/where do i access the rspamd GUI in ISPConfig?
ISPConfig sets RBL's for Postfix only in Postfix main.,cf file. Rspamd itself uses all kinds of RBLs internally to calculate its scores, but Rspamd does not reject based on a single RBL or based on a non-working RBL, and as you can see from your log, the email was indeed not rejected by Rspamd. You can see the URL and there is also a item for that under System > server config > Email. If you can't figure that out yourself, then you should consider contacting Thom from ISPConfig business support to check that for you: https://www.ispconfig.org/get-support/?type=ispconfig
use bwrap to load postfix by setting a new resolv.conf /lib/systemd/system/[email protected] Code: ExecStart=/usr/bin/bwrap --bind / / --bind /etc/resolv.conf.PLAIN /etc/resolv.conf --dev /dev /usr/sbin/postmulti -i %i -p start ExecStop=/usr/bin/bwrap --bind / / --bind /etc/resolv.conf.PLAIN /etc/resolv.conf --dev /dev /usr/sbin/postmulti -i %i -p stop ExecReload=/usr/bin/bwrap --bind / / --bind /etc/resolv.conf.PLAIN /etc/resolv.conf --dev /dev /usr/sbin/postmulti -i %i -p reload then put your ISP nameserver in resolv.conf.PLAIN
who can argue with that well reasoned response. if you dont want to load postfix with a new resolv.conf then just edit the original
