Rejected because [ip] in a black list at zen.spamhaus.org

Hello! Sorry for posting, I have the same problem. I have a production environment, this error occurred today or a few days ago. Since I didn’t set anything on the server, I don’t know why this happened. Then I installed 2 debian servers and installed the fresh hestiacp:bash hst-install.sh --apache yes --phpfpm yes --multiphp yes --proftpd yes --named yes --mysql yes --exim yes – dovecot yes --clamav yes --sieve yes --spamassassin yes --iptables yes --fail2ban yes --api yes --interactive yes

and everything is still marked as spam by zen.spamhaus.org. gmail and other email addresses, only internal emails are received.

cat -A /etc/exim4/dnsbl.conf

bl.spamcop.net
zen.spamhaus.org

Since I had an older backup, since the systems are split into lxc, I looked into the backup, but zen.spamhaus.org was also there, maybe it has become paid and can no longer be used? Or what’s the problem?

gmail.com:

2024-09-13 19:56:13 H=mail-qk1-f182.google.com [209.85.222.182] X=TLS1.3:ECDHE_SECP256R1__RSA_PSS_RSAE_SHA256__AES_128_GCM:128 CV=no SNI=mail.myservertest.host.eu F=<[email protected]> rejected RCPT <[email protected]>: Rejected because 209.85.222.182 is in a black list at zen.spamhaus.org
2024-09-13 19:58:33 H=mail-pg1-f181.google.com [209.85.215.181] X=TLS1.3:ECDHE_SECP256R1__RSA_PSS_RSAE_SHA256__AES_128_GCM:128 CV=no SNI=mail.myservertest.host.eu F=<[email protected]> rejected RCPT <[email protected]>: Rejected because 209.85.215.181 is in a black list at zen.spamhaus.org
2024-09-13 20:29:02 H=mail-oa1-f47.google.com [209.85.160.47] X=TLS1.3:ECDHE_SECP256R1__RSA_PSS_RSAE_SHA256__AES_128_GCM:128 CV=no SNI=mail.myservertest.host.eu F=<[email protected]> rejected RCPT <[email protected]>: Rejected because 209.85.160.47 is in a black list at zen.spamhaus.org
2024-09-13 19:46:02 H=mail-qt1-f178.google.com [209.85.160.178] X=TLS1.3:ECDHE_SECP256R1__RSA_PSS_RSAE_SHA256__AES_128_GCM:128 CV=no SNI=mail.myservertest.host.eu F=<[email protected]> rejected RCPT <[email protected]>: Rejected because 209.85.160.178 is in a black list at zen.spamhaus.org

another:

2024-09-13 19:48:12 H=fmfe28.freemail.hu (web-out.onbox.hu) [46.107.16.233] X=TLS1.3:ECDHE_SECP256R1__RSA_PSS_RSAE_SHA256__AES_128_GCM:128 CV=no F=<[email protected]> rejected RCPT <[email protected]>: Rejected because 46.107.16.233 is in a black list at zen.spamhaus.org
2024-09-13 19:50:16 H=fmfe28.freemail.hu (web-out.onbox.hu) [46.107.16.233] X=TLS1.3:ECDHE_SECP256R1__RSA_PSS_RSAE_SHA256__AES_128_GCM:128 CV=no F=<[email protected]> rejected RCPT <[email protected]>: Rejected because 46.107.16.233 is in a black list at zen.spamhaus.org

But this is the case with any service provider, only internal correspondence works.

Thanks for help!

1 Like

Hi @raptor666,

Show the output of this command:

curl -sSL https://7j.gg/chksph2 | bash -s --

What are the DNS servers configured on your server?

2 Likes

Hi @sahsanu

test server:

 curl -sSL https://7j.gg/chksph2 | bash -s --
Test 01: Error: open resolver; https://check.spamhaus.org/returnc/pub/172.68.224.71/
Test 02: Error: open resolver; https://check.spamhaus.org/returnc/pub/172.68.224.71/
Test 03: Error: open resolver; https://check.spamhaus.org/returnc/pub/172.68.224.71/
Test 04: Error: open resolver; https://check.spamhaus.org/returnc/pub/172.68.224.71/
Test 05: Error: open resolver; https://check.spamhaus.org/returnc/pub/172.68.224.71/
Test 06: Error: open resolver; https://check.spamhaus.org/returnc/pub/172.68.224.71/
Test 07: Error: open resolver; https://check.spamhaus.org/returnc/pub/172.68.224.71/
Test 08: Error: open resolver; https://check.spamhaus.org/returnc/pub/172.68.224.71/
Test 09: Error: open resolver; https://check.spamhaus.org/returnc/pub/172.68.224.71/
Test 10: Error: open resolver; https://check.spamhaus.org/returnc/pub/172.68.224.71/

Result is bad, Spamhaus is blocking/ignoring your current DNS Resolver 1.0.0.1{}

product server:

curl -sSL https://7j.gg/chksph2 | bash -s --
Test 01: Request ignored by Spamhaus or DNS Resolver timed out
Test 02: Request ignored by Spamhaus or DNS Resolver timed out
Test 03: Request ignored by Spamhaus or DNS Resolver timed out
Test 04: Request ignored by Spamhaus or DNS Resolver timed out
Test 05: Request ignored by Spamhaus or DNS Resolver timed out
Test 06: Request ignored by Spamhaus or DNS Resolver timed out
Test 07: Request ignored by Spamhaus or DNS Resolver timed out
Test 08: Request ignored by Spamhaus or DNS Resolver timed out
Test 09: Request ignored by Spamhaus or DNS Resolver timed out
Test 10: Request ignored by Spamhaus or DNS Resolver timed out

Result is bad, Spamhaus is blocking/ignoring your current DNS Resolver 8.8.8.8{}

I tried the following name servers: 8.8.8.8,8.8.4.4,1.0.0.1,1.1.1.1
But it doesn’t work at all.

However, 8.8.8.8 and 8.8.4.4 were always set on the production server.

If you use Google DNS servers; 8.8.8.8 and 8.8.4.4, Spamhaus will ignore the requests so it is like if you dont’ use the Spamhaus block list. But using them, the received mails shouldn’t be rejected.

If you use Cloudflare DNS servers; 1.1.1.1 and 1.0.0.1, all the mails sent to your server will be rejected.

Change your DNS Servers for others not blocked/ignored by Spamhaus like:

76.76.2.0
76.76.10.0

If you still want to use Google or Cloudflare DNS servers, follow this doc:

https://hestiacp.com/docs/server-administration/email.html#rejected-because-ip-is-in-black-list-at-zen-spamhaus-org-error-open-resolver-https-www-spamhaus-org-returnc-pub-65-1-174-102

2 Likes

Thanks, can you tell, when did it change? Because it would be nice to know how long the correspondence has been going on. We rarely receive letters, so it would be nice to know. Thanks.

March 2021.

https://www.spamhaus.org/resource-hub/dnsbl/using-our-public-mirrors-check-your-return-codes-now./

2 Likes

But then how could this be used until now? Was there any transition period for the introduction? thanks for the solution!

I don’t know when they introduced 1.1.1.1 in the list of open resolvers and as far as I know Spamhaus doesn’t share the list of blocked public resolvers). 8.8.8.8 is in the list but they don’t block it, just don’t answer at all.

1 Like