All inbound emails get Spamassassin'ed (even Google's?!)

emiellr · February 18, 2024, 6:26pm

Hi there,

I have noticed that I wasn’t receiving emails anymore, so I tested my inbox with my google account and sure enough: nothing. A day later Google bounced back with a error message, stating that my server rejected the email based bc the IP was on a blacklist. Weird, I though, but ok let’s ask some pals to try it as well (using their own email boxes as well as their icloud mail boxes) and they all bounced as well. I don’t get it at all, because it somehow finds all their IP on zen.spamhaus’es blacklist?

Any idea what could have gone wrong here? This surely can’t be expected behaviour. The only thing that I have edited in the configs is 2 lines in the exim4 config to force report the outbound emails as coming from my hostname so it lines up with the PTR records (smtp_active_hostname).

Thanks in advance!
Emiel

linkp · February 18, 2024, 6:46pm

Spamhaus doesn’t allow their lists to be queried via public DNS resolvers. They helpfully communicate this with those who violate their policy by returning every query as being in the blocklist. You will need to adjust how you access their lists to comply with their terms.

emiellr · February 20, 2024, 5:17pm

Suggestions on how to do that in a non-public dns resolvers way? I found on another thread that someone suggested just yeeting spamhaus from the dnsbl conf altogether, but that doesn’t resonate with me.

linkp · February 20, 2024, 5:30pm

The linked article in my previous reply covers all of the options in detail.

emiellr · February 20, 2024, 6:44pm

Alright so I did the following:

Decided I wanted to keep using public recursive DNS’es, so getting a spamhaus free DQS account was necessary: did that, got an activated account etc.
Looked at their setup steps for Spamassassin: GitHub - spamhaus/spamassassin-dqs: Spamhaus code for the Spamassassin plugin. See https://docs.spamhaustech.com/40-real-world-usage/SpamAssassin/000-intro.html . I don’t have HBL so I did the non-HBL steps.
Checked the configuration steps using spamassassin --lint, no errors.
Rebooted the server to make sure the DQS setup was locked and loaded.
Checked one of the emails on https://blt.spamhaus.com/

C: <Establish TCP connection>
S: 220 [redacted]
C: EHLO unlisted.blt.spamhaus.net
S: 250-[redacted] Hello unlisted.blt.spamhaus.net [199.168.89.101]
S: 250-SIZE 52428800
S: 250-8BITMIME
S: 250-PIPELINING
S: 250-PIPE_CONNECT
S: 250-CHUNKING
S: 250-STARTTLS
S: 250 HELP
C: MAIL FROM:<[email protected]>
S: 250 OK
C: RCPT TO:<[redacted]>
S: 550-Rejected because 199.168.89.101 is in a black list at zen.spamhaus.org
S: 550 Error: excess volume; https://check.spamhaus.org/returnc/vol/140.204.36.42/
C: QUIT
S: 221 [redacted] closing connection
C: <Close TCP connection>

This to me tells me that the whole DQS setup just isn’t working.

sahsanu · February 20, 2024, 7:16pm

You should edit exim conf, take a look to this doc

emiellr · February 20, 2024, 7:40pm

This totally fixed it. Should I undo the spamhaus stuff I did with spamassassin?

sahsanu · February 20, 2024, 9:15pm

There is no need to undo that, it can help to fight the spam on your server so if it works fine, I see no reason to remove it.

system · March 21, 2024, 9:16pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.