I cannot figure out how to disable this. 40.107.244.89 is MS365.
dnsb1.con is empty
–restarted exim4
exim4.conf.template
spamassasin = no
#dnslists disabled under “deny”
–restarted exim4
Now, of course, in paniclog I get the following and it is not sending emails.
spam acl condition: all spamd servers failed
I suppose you mean /etc/exim4/dnsbl.conf
To disable spamassasin just comment the line (putting yes or no doesn’t matter, exim only checks that the variable is defined):
#SPAMASSASSIN = yes
I don’t know what you did with dnslist but don’t do that.
Revert your changes to exim and take a look to this post:
changed back to normal
added my record (that isn’t all of it)
systemctl restart exim4
server still showing MS365 and Google as spam.
Please, don’t use screenshots to show text (it is really hard to read), just copy and paste it here, select the text and click on icon </> to format it correctly.
I suppose you are using the option Reject Spam for your domain, is this true?
Remove the Reject Spam option and try to send again a mail from MS365 to your domain.
v-delete-mail-domain-reject Here_Your_User Here_Your_Domain
If above doesn’t work, try to simulate a connection from MS365 to view what is doing exim.
Use command exim4 -bhc to simulate the connection and in every step you willl see the filters, acls, checks, etc. that exim is using to send the mail.
Note: the mail won’t be send so you can test it all the times you need.
As you will need to recreate the connection manually, I left here the commands you should use:
Note: Replace MAIL FROM and RCPT TO values with the real ones.
exim4 -bhc 40.107.244.89
EHLO mail-mw2nam12on2089.outbound.protection.outlook.com
MAIL FROM: [email protected]
RCPT TO: your_user@your_domain.tld
DATA
SUBJECT: Test
Here the message
.
QUIT
I’ve been testing it and seems spamassassin scores the mail with 0 (ignores it) if it detects you are using an open resolver to query spamhaus (at least in my spamassassin version in Debian 12):
# spamassassin --version
SpamAssassin version 4.0.0
running on Perl version 5.36.0
0.0 RCVD_IN_ZEN_BLOCKED_OPENDNS RBL: ADMINISTRATOR NOTICE: The query to
zen.spamhaus.org was blocked due to usage of an
open resolver. See
https://www.spamhaus.org/returnc/pub/
[40.107.244.89 listed in zen.spamhaus.org]
So if your spamassassin version is using RCVD_IN_ZEN_BLOCKED_OPENDNS then Reject Spam doesn’t seem to be the problem.
Show the exim simulation as I said in above post to know where exim is rejecting the mail.
root@send:/etc/exim4# v-delete-mail-domain-reject x x.com
Error: REJECT= doesn't exist
Never installed spamassassin that I know of.
root@send:/etc/exim4# spamassassin --version
-bash: spamassassin: command not found
root@send:/# find / -iname spamassassin
/usr/local/hestia/web/edit/server/spamassassin
/root/hst_install_backups/300920230958/spamassassin
root@send:/etc/exim4# cat dnsbl.conf
xxxxxxxvtn6xp5xdxaltu3fhoe.dbl.dq.spamhaus.net
**** SMTP testing session as if from host 40.107.244.89
**** but without any ident (RFC 1413) callback.
**** This is not for real!
>>> host in hosts_connection_nolog? no (option unset)
>>> host in host_lookup? yes (matched "*")
>>> looking up host name for 40.107.244.89
>>> IP address lookup yielded "mail-mw2nam12on2089.outbound.protection.outlook.com"
>>> checking addresses for mail-mw2nam12on2089.outbound.protection.outlook.com
>>> 40.107.244.89 OK
>>> host in host_reject_connection? no (option unset)
>>> host in sender_unqualified_hosts? no (option unset)
>>> host in recipient_unqualified_hosts? no (option unset)
>>> host in helo_verify_hosts? no (option unset)
>>> host in helo_try_verify_hosts? no (option unset)
>>> host in helo_accept_junk_hosts? no (option unset)
>>> host in hosts_proxy? no (option unset)
>>> using ACL "acl_check_spammers"
>>> processing "accept" (/var/lib/exim4/config.autogenerated 114)
>>> check hosts = +whitelist
>>> host in "net-iplsearch;/etc/exim4/white-blocks.conf"? no (end of list)
>>> host in "+whitelist"? no (end of list)
>>> accept: condition test failed in ACL "acl_check_spammers"
>>> processing "drop" (/var/lib/exim4/config.autogenerated 116)
>>> message: Your host in blacklist on this server.
>>> l_message: Host in blacklist
>>> check hosts = +spammers
>>> host in "net-iplsearch;/etc/exim4/spam-blocks.conf"? no (end of list)
>>> host in "+spammers"? no (end of list)
>>> drop: condition test failed in ACL "acl_check_spammers"
>>> processing "accept" (/var/lib/exim4/config.autogenerated 120)
>>> accept: condition test succeeded in ACL "acl_check_spammers"
>>> end of ACL "acl_check_spammers": ACCEPT
>>> host in pipelining_connect_advertise_hosts? yes (matched "*")
220 send.x.com
Ok, a few things:
When you said that you tried to disable it in exim conf, I thought that you had it enabled.
Just in case:
grep 'SPAMASSASSIN.*=' /etc/exim4/exim4.conf.template
I don’t know if you tried what I said, you must issue also the commands EHLO, MAIL FROM and RCPT TO and we will see what the problem is.
And here seems we got the problem. You CAN’T use DBL to query ips, only domains so that query is returning always an ip 127.0.1.255 (IP queries prohibited!).
Please, replace dbl by zen:
xxxxxxxvtn6xp5xdxaltu3fhoe.zen.dq.spamhaus.net
Restart exim:
systemctl restart exim4
And try again.
root@send:/etc/exim4# grep 'SPAMASSASSIN.*=' /etc/exim4/exim4.conf.template
#SPAMASSASSIN = yes
Well, I posted the zen in the first time, ID10T at some point.
Please see PM for links to results.
outlook.com and gmail.com forward fine. It appears the !example.com : !example2.com | etc. is the problem, because those are the domains I am sending from and those are no longer on the server. Could just be an ID10T error and migrating those domains to another server has caused the issue.
Not sure where to delete them now. I think in exim4.conf.template ?
Exim gets the domains listing the dir /etc/exim4/domains/ so if you have migrated the domains, remove the symbolic link of those domains from the dir /etc/exim4/domains/.
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.