Hello Hestia community,
I’m running HestiaCP with Exim4, ClamAV and SpamAssassin on my mail server. Over the past few days, I noticed that incoming messages from both Outlook (Office 365) and GMX were being rejected with a “550 Rejected because is in a black list at zen.spamhaus.org” error. However, when I checked the same IPs on the Spamhaus website, they were reported as not listed.
After I reloaded Exim (sudo systemctl reload exim4
) and flushed my DNS resolver cache, all pending Outlook and GMX mails started coming through immediately. This leads me to believe that Exim was querying a stale or slow DNSBL cache and acting on outdated blacklist status.
My questions to the community are:
- Has anyone else experienced intermittent RBL blocks for perfectly clean IPs, only to have them resolved by an MTA reload or DNS cache flush?
- Do you run any automation or cronjob to periodically flush DNS caches or reload Exim to avoid this?
- Are there recommended best practices or built-in Hestia/Exim settings to ensure the most up-to-date DNSBL lookups (e.g. configuring resolver timeouts, cache settings, or integrating a local Unbound/Bind instance)?
Any insights or configuration snippets would be greatly appreciated!
Maybe it helps.
Thanks