Exim rejecting emails

I have 5 servers in Hetzner rejecting emails

On the exim4 logs they are being rejected due to the send IP being listed in Spamhouse

After checking those IPs in Spamhouse, none of them is listed

I temporarly solved the issue by disabling Spamhouse checks

sed -i "/zen.spamhaus.org/d" /etc/exim4/dnsbl.conf
systemctl restart exim4

I am now looking after the reason why this is happening.

I have servers outside Hetzner that are working properly, so I believe it is somehow related to the Hetzner DNS

Because Spamhaus rejects requests for some public dns resolvers.

You can:

1.- Disable the spamhaus dnsbl (not recommended)

2.- Change the dns resolver used by your server to one not blocked by Spamhaus like 76.76.2.0 and 76.76.10.0 (Control D Free DNS)

3.- Use your own DNS recursive resolver like bind9, PowerDNS, unbound, etc.

4.- Create a free Spamhaus data query account and you could use your current dns resolvers.

Thanks for your advise,

The weird is that is working for years and a few hours ago just got this issue so Spamhouse blocked requests from Hetzner DNS

This is the solution

I’m using Hetzner but never used their DNS resolvers so I don’t know whether this is a new block but Spamhaus is blocking them.

❯ curl -sSL https://7j.gg/chksph2 | bash -s 185.12.64.1
Test 01: Error: open resolver; https://check.spamhaus.org/returnc/pub/2a01:4f8:0:a0a1::add:1d/
Test 02: Error: open resolver; https://check.spamhaus.org/returnc/pub/2a01:4f8:0:a0a2::add:2d/
Test 03: Error: open resolver; https://check.spamhaus.org/returnc/pub/2a01:4f8:0:a0a1::add:1c/
Test 04: Error: open resolver; https://check.spamhaus.org/returnc/pub/2a01:4f8:0:a0a2::add:2d/
Test 05: Error: open resolver; https://check.spamhaus.org/returnc/pub/2a01:4f8:0:a0a2::add:2c/
Test 06: Error: open resolver; https://check.spamhaus.org/returnc/pub/2a01:4f8:0:a0a2::add:2c/
Test 07: Error: open resolver; https://check.spamhaus.org/returnc/pub/2a01:4f8:0:a0a2::add:2d/
Test 08: Error: open resolver; https://check.spamhaus.org/returnc/pub/2a01:4f8:0:a0a2::add:2d/
Test 09: Error: open resolver; https://check.spamhaus.org/returnc/pub/2a01:4f8:0:a0a1::add:1d/
Test 10: Error: open resolver; https://check.spamhaus.org/returnc/pub/2a01:4f8:0:a0a2::add:2c/

Result is bad, Spamhaus is blocking/ignoring the DNS Resolver 185.12.64.1

❯ curl -sSL https://7j.gg/chksph2 | bash -s 185.12.64.2
Test 01: Error: open resolver; https://check.spamhaus.org/returnc/pub/2a01:4f8:0:a0a1::add:1a/
Test 02: Error: open resolver; https://check.spamhaus.org/returnc/pub/2a01:4f8:0:a0a2::add:2c/
Test 03: Error: open resolver; https://check.spamhaus.org/returnc/pub/2a01:4f8:0:a0a1::add:1a/
Test 04: Error: open resolver; https://check.spamhaus.org/returnc/pub/2a01:4f8:0:a0a1::add:1a/
Test 05: Error: open resolver; https://check.spamhaus.org/returnc/pub/2a01:4f8:0:a0a1::add:1a/
Test 06: Error: open resolver; https://check.spamhaus.org/returnc/pub/2a01:4f8:0:a0a1::add:1a/
Test 07: Error: open resolver; https://check.spamhaus.org/returnc/pub/2a01:4f8:0:a0a1::add:1a/
Test 08: Error: open resolver; https://check.spamhaus.org/returnc/pub/2a01:4f8:0:a0a1::add:1a/
Test 09: Error: open resolver; https://check.spamhaus.org/returnc/pub/2a01:4f8:0:a0a1::add:1c/
Test 10: Error: open resolver; https://check.spamhaus.org/returnc/pub/2a01:4f8:0:a0a2::add:2c/

Result is bad, Spamhaus is blocking/ignoring the DNS Resolver 185.12.64.2

You can use the script with no arguments to check your current DNS server:

curl -sSL https://7j.gg/chksph2 | bash -s --

That was the 4th option I posted

I know, but once hestia has docs for it I just posted it

I meant that the link I posted is the same you posted

Alright, I didn’t notice as I didn’t click on it because I was reading the docs at the same time you answered me.

Thanks again

Hmm something new for me as well.

Also using Hetzner servers in the past for ages …