Non valid RBL rejections

MiamiJack

MiamiJack

Active Member
Proxmox Subscriber
Sep 17, 2020
315
20
38
Hello All,

I have a situation where some random IP's will come back as blocked by zen.spamhaus.org, or cbl.abuseat.org. but the IP's are not in those RBL's.
Overall this has been running for a long time, but magically it seems to be hitting this strange issue.

Any suggestions?
 
Hello,

I'm seeing tons of false positives showing IP's being blocked by RBL's and when I check those RBL's the IP's are not in there... this is not good.
WHat can I check?
 
Hi, since the last update I'm also experienced the same!
And even worse, domains such gmail and hotmail are being blocked.
Even removing all the RBL's don't solve.

Thanks,
 
OK, reporting back, while I removed ALL RBL's from the configuration of PMG, and rebooted, I am experiencing the same issue where messages are being RBL blocked !!!!

Service unavailable; client [111.111.111.111] blocked using zen.spamhaus.org; (IP changed to protect sender)

I verified no reference to any RBL's in postfix configuration within /etc/postfix.
Not good!
 
Show the content of /etc/pmg/pmg.conf and /etc/pmg/templates/main.cf.in (if available).
Do you customize your main.cf?
 
Attached are my configuration files.
For reference these are my RBL's, but its the good ones getting the false positives.

zen.spamhaus.org,bl.score.senderscore.com,b.barracudacentral.org, bl.spamcop.net, psbl.surriel.com,all.spamrats.com, bl.mailspike.net, cbl.abuseat.org, bl.spameatingmonkey.net
 

Attachments

  • pmg.txt
    654 bytes · Views: 11
  • main.txt
    5.7 KB · Views: 9
Please share the actual logs of such a mail (without obfuscating any relevant details such as IPs) then we can assess the situation
 
MiamiJack said:
That would expose certain client details... is there a way to share it privately?
Click to expand...
If you have a support subscription of level Basic/Standard/Premium you can contact our enterprise support team at https://my.proxmox.com

I hope this helps!
 
Hello All,

I was able to get a little more detail on one of the rejections today.
I will obfuscate numbers and domains, but I can confirm the IP numbers being referenced will be matched!

Code: 
Jun  9 14:18:22 mgw postfix/postscreen[551987]: NOQUEUE: reject: RCPT from [162.x.x.x]:42830: 550 5.7.1 Service unavailable; client [162.x.x.x] blocked using cbl.abuseat.org; from=<user@senderddom.com>, to=<client@receivedomain.com>, proto=ESMTP, helo=<sender.server.net>

Within 1 minutes I checked the blacklist both on MX toolbox (80 some odd blacklists, and then on cbl.abuseat.org
See attachment showing result from page showing NO issue.

I believe this is across the board with multiple RBL's not a specific one.
 

Attachments

  • 09.06.2022_14.25.01_REC.png
    09.06.2022_14.25.01_REC.png
    60.4 KB · Views: 6
Last edited:
MiamiJack said:
Within 1 minutes I checked the blacklist both on MX toolbox (80 some odd blacklists, and then on cbl.abuseat.org
See attachment showing result from page showing NO issue.
Click to expand...
Well - then the next step would be to take a look at your DNS-Server logs - and enable debug logging ...
 
Currently in respect to DNS we have the the following in resolv.conf
search 127.0.0.1
nameserver 127.0.0.1
nameserver 1.1.1.1
nameserver 8.8.4.4

I know you want me to check logs, just making sure there is nothing here that looks wrong.
 
I dont remember initially how this was setup, but the goal is to have the local caching in order to utilize RBL's and not use public dns servers.
Being much more familiar with Centos, I'm wanting to confirm this was done correctly.

In respect to resolv.conf, we want to use
search mgw.domain.com ( for the FQDN of the proxmox server)
And then possibly a public DNS
Right?

When I read through the docs it talks about setting up unbound dnsutils

I check apt and see the following:

Bash: 
bind9-dnsutils/stable,stable-security,now 1:9.16.27-1~deb11u1 amd64 [installed,automatic]
dns-root-data/stable,now 2021011101 all [installed,automatic]
dnsutils/stable,stable-security,now 1:9.16.27-1~deb11u1 all [installed]
libdns-export1104/now 1:9.11.5.P4+dfsg-5.1+deb10u5 amd64 [installed,local]
libdns-export1110/stable,now 1:9.11.19+dfsg-2.1 amd64 [installed,automatic]
libdns1104/now 1:9.11.5.P4+dfsg-5.1+deb10u5 amd64 [installed,local]
libdns1110/stable,now 1:9.11.19+dfsg-2.1 amd64 [installed,automatic]
libnet-dns-perl/stable,now 1.29-1 all [installed]

And I see the below listening on local ports with named

Bash: 
tcp        0      0 127.0.0.1:85            0.0.0.0:*               LISTEN      1140/pmgdaemon
tcp        0      0 127.0.0.1:53            0.0.0.0:*               LISTEN      578/named

tcp        0      0 127.0.0.1:953           0.0.0.0:*               LISTEN      578/named

I left only the below in named conf to test and was able to resolve.
nameserver 127.0.0.1

So this should confirm I'm running locally?

Having said all of the above, I'm guessing I should be good to put the fqdn in resolv.conf and see if we continue to experience issues.

Thanks
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back