Spamhaus blocks mails but Spam and AntiVirus is deactivated

kparzinger · May 26, 2025, 6:50pm

I try to send mails from a official Exchange O365 Server but the mails come back with:

550 5.7.350 Remote server returned message detected as spam -> 550 Rejected because 52.101.171.137 is in a black list at zen.spamhaus.org;Error: open resolver; https://check.spamhaus.org/returnc/pub/46.38.225.220/

I checked 46.38.225.220 and also the official MS IP 52.101.171.137 on Spamhaus and both are listed with no issues.

sahsanu · May 26, 2025, 7:05pm

kparzinger · May 26, 2025, 7:42pm

In Germany we say: Thanks for the wave wiht a fencepost
I created a account to spamhouse and addes the dqs (funny i already had a account from my testing phase but forgot this step)

Now waiting for the results but first test message looks good, its working instantly in my opinion

kparzinger · May 26, 2025, 8:08pm

@sahsanu now I am totally confused:

Before the change of DQS Key in the exim4 files I got a good result of your Curl-Script:
" curl -sSL https://7j.gg/chksph2 | bash -s – "

But now I get error on the Curl Script.

kpssh@hub:~$ curl -sSL https://7j.gg/chksph2 | bash -s --
Test 01: Listed by XBL, see https://check.spamhaus.org/query/ip/127.0.0.4
Test 02: Listed by XBL, see https://check.spamhaus.org/query/ip/127.0.0.4
Test 03: Listed by XBL, see https://check.spamhaus.org/query/ip/127.0.0.4
Test 04: Listed by XBL, see https://check.spamhaus.org/query/ip/127.0.0.4
Test 05: Listed by XBL, see https://check.spamhaus.org/query/ip/127.0.0.4
Test 06: Listed by XBL, see https://check.spamhaus.org/query/ip/127.0.0.4
Test 07: Listed by XBL, see https://check.spamhaus.org/query/ip/127.0.0.4
Test 08: Listed by XBL, see https://check.spamhaus.org/query/ip/127.0.0.4
Test 09: Listed by XBL, see https://check.spamhaus.org/query/ip/127.0.0.4
Test 10: Listed by XBL, see https://check.spamhaus.org/query/ip/127.0.0.4

Result is good, Spamhaus works fine with your current DNS Resolver 46.38.252.230
kpssh@hub:~$ curl -sSL https://7j.gg/chksph2 | bash -s --
Test 01: Error: open resolver; https://check.spamhaus.org/returnc/pub/46.38.225.220/
Test 02: Error: open resolver; https://check.spamhaus.org/returnc/pub/46.38.225.220/
Test 03: Error: open resolver; https://check.spamhaus.org/returnc/pub/46.38.225.220/
Test 04: Error: open resolver; https://check.spamhaus.org/returnc/pub/46.38.225.220/
Test 05: Error: open resolver; https://check.spamhaus.org/returnc/pub/46.38.225.220/
Test 06: Error: open resolver; https://check.spamhaus.org/returnc/pub/46.38.225.220/
Test 07: Error: open resolver; https://check.spamhaus.org/returnc/pub/46.38.225.220/
Test 08: Error: open resolver; https://check.spamhaus.org/returnc/pub/46.38.225.220/
Test 09: Error: open resolver; https://check.spamhaus.org/returnc/pub/46.38.225.220/
Test 10: Error: open resolver; https://check.spamhaus.org/returnc/pub/46.38.225.220/

Result is bad, Spamhaus is blocking/ignoring your current DNS Resolver 46.38.252.230{}
kpssh@hub:~$ curl -sSL https://7j.gg/chksph2 | bash -s --
Test 01: Error: open resolver; https://check.spamhaus.org/returnc/pub/46.38.225.220/
Test 02: Error: open resolver; https://check.spamhaus.org/returnc/pub/46.38.225.220/
Test 03: Error: open resolver; https://check.spamhaus.org/returnc/pub/46.38.225.220/
Test 04: Error: open resolver; https://check.spamhaus.org/returnc/pub/46.38.225.220/
Test 05: Error: open resolver; https://check.spamhaus.org/returnc/pub/46.38.225.220/
Test 06: Error: open resolver; https://check.spamhaus.org/returnc/pub/46.38.225.220/
Test 07: Error: open resolver; https://check.spamhaus.org/returnc/pub/46.38.225.220/
Test 08: Error: open resolver; https://check.spamhaus.org/returnc/pub/46.38.225.220/
Test 09: Error: open resolver; https://check.spamhaus.org/returnc/pub/46.38.225.220/
Test 10: Error: open resolver; https://check.spamhaus.org/returnc/pub/46.38.225.220/

kparzinger · May 26, 2025, 8:09pm

I only added a account on spamhouse and added the dqs key to the domain in the exim4 dnbsl file like the guide instructs

kparzinger · May 26, 2025, 8:14pm

Ah and I forgot to say: But all test mails now are working…

sahsanu · May 26, 2025, 8:59pm

You’re welcome

Maybe your DNS resolver wasn’t listed in Spamhaus before and now it is, or perhaps only one of the IPs is listed. For example, you’re using DNS resolver 46.38.252.230, but the actual requests to Spamhaus are coming from a different IP: 46.38.225.220.

To prevent your query key from leaking, remember to edit the file /etc/exim4/exim4.conf.template and replace this line:

deny message = Rejected because $sender_host_address is in a black list at $dnslist_domain\n$dnslist_text

With:

deny message = Rejected because $sender_host_address is in a black list

Or better, with this (I use this to know what DNSBL is blocking the spammers).

  deny    message       = Rejected because $sender_host_address is in a black list at ${if match{$dnslist_domain}{.*zen.dq.spamhaus.*}{zen.dq.spamhaus.net}{$dnslist_domain}}\n$dnslist_text

kparzinger · May 26, 2025, 9:14pm

I already edited the message.

After a second restart of exim4 the Curl test is looking good again.

I will test it in the next days a bit. Thank you for all