1] upgraded from debian 9 and myvesta to debian 12 and hestiacp (complete wipe with minimal debian). Most everything works fine, but now can’t use plain auth on 587. A program we use in public safety, which they always suck, uses no-SSL/TLS on 587.
But maybe it won’t work because of the openssl version installed in Debian 12.
zen.spamhaus.org is not related to spamassassin, it is a DBL (Domain BlackList) and it is used by exim to stop spammers, etc.
If you can’t receive any mails because all ips are being rejected and you are using public dns resolvers like 1.1.1.1, 8.8.8.8, etc. you have 3 options:
1.- Install and use your own dns resolver (like Unbound or PowerDNS).
2.- Remove zen.spamhaus.org from /etc/exim4/dnsbl.conf and restart exim (I don’t recommend it)
3.- Create a free query key from spamhaus and use it in exim. To do so, check this link