Koozali.org: home of the SME Server

RBL SBL and mail rejection since yesterday

Offline Trashman

  • *
  • 54
  • +0/-0
RBL SBL and mail rejection since yesterday
« on: October 05, 2008, 08:14:42 PM »
Ok, some of the rbl or sbl list started to sent bad data, how did i notice? look:

Code: [Select]
2008-10-05 15:56:50.614683500 14411 Accepted connection 0/40 from 209.191.69.63 / web30301.mail.mud.yahoo.com
2008-10-05 15:56:50.616696500 14411 Connection from web30301.mail.mud.yahoo.com [209.191.69.63]
2008-10-05 15:56:51.757156500 14411 check_earlytalker plugin: remote host said nothing spontaneous, proceeding
2008-10-05 15:56:51.808260500 14411 220 server.canje.com ESMTP
2008-10-05 15:56:52.011134500 14411 dispatching HELO web30301.mail.mud.yahoo.com
2008-10-05 15:56:52.018009500 14411 250 canje.com Hi web30301.mail.mud.yahoo.com [209.191.69.63]; I am so happy to meet you.
2008-10-05 15:56:52.211116500 14411 dispatching MAIL FROM:<pppp@yahoo.com>
2008-10-05 15:56:52.216132500 14411 full from_parameter: FROM:<pppp@yahoo.com>
2008-10-05 15:56:52.216141500 14411 from email address : [<pppp@yahoo.com>]
2008-10-05 15:56:52.484116500 14411 getting mail from <pppp@yahoo.com>
2008-10-05 15:56:52.485679500 14411 250 <pppp@yahoo.com>, sender OK - how exciting to get mail from you!
2008-10-05 15:56:52.681076500 14411 dispatching RCPT TO:<ventas@nnnn.com>
2008-10-05 15:56:52.681084500 14411 to email address : [<ventas@nnnn.com>]
2008-10-05 15:56:52.718318500 14411 logging::logterse plugin: ` 209.191.69.63 web30301.mail.mud.yahoo.com web30301.mail.mud.yahoo.com <pppp@yahoo.com> rhsbl 901 This list is offline. Please stop querying for it. msg denied before queued
2008-10-05 15:56:52.721874500 14411 550 This list is offline. Please stop querying for it.
2008-10-05 15:56:52.923061500 14411 dispatching QUIT
2008-10-05 15:56:52.928054500 14411 221 canje.com closing connection. Have a wonderful day.
2008-10-05 15:56:52.928062500 14411 click, disconnecting

And after disabling the lists:
Code: [Select]
2008-10-05 16:10:04.466252500 4777 Accepted connection 0/40 from 209.191.69.68 / web30306.mail.mud.yahoo.com
2008-10-05 16:10:04.468386500 4777 Connection from web30306.mail.mud.yahoo.com [209.191.69.68]
2008-10-05 16:10:05.627132500 4777 check_earlytalker plugin: remote host said nothing spontaneous, proceeding
2008-10-05 16:10:05.646247500 4777 220 server.canje.com ESMTP
2008-10-05 16:10:05.872151500 4777 dispatching HELO web30306.mail.mud.yahoo.com
2008-10-05 16:10:05.881332500 4777 250 canje.com Hi web30306.mail.mud.yahoo.com [209.191.69.68]; I am so happy to meet you.
2008-10-05 16:10:06.098116500 4777 dispatching MAIL FROM:<pppp@yahoo.com>
2008-10-05 16:10:06.098125500 4777 full from_parameter: FROM:<pppp@yahoo.com>
2008-10-05 16:10:06.098936500 4777 from email address : [<pppp@yahoo.com>]
2008-10-05 16:10:06.637563500 4777 getting mail from <pppp@yahoo.com>
2008-10-05 16:10:06.639843500 4777 250 <pppp@yahoo.com>, sender OK - how exciting to get mail from you!
2008-10-05 16:10:06.864080500 4777 dispatching RCPT TO:<ventas@nnnn.com>
2008-10-05 16:10:06.869081500 4777 to email address : [<ventas@nnnn.com>]
2008-10-05 16:10:06.887142500 4777 check_goodrcptto plugin: stripping '-' extensions
2008-10-05 16:10:06.953177500 4777 250 <ventas@nnnn.com>, recipient ok
2008-10-05 16:10:07.182071500 4777 dispatching DATA
2008-10-05 16:10:07.182078500 4777 354 go ahead
2008-10-05 16:10:07.409133500 4777 spooling message to disk
2008-10-05 16:10:12.970089500 4777 spamassassin plugin: check_spam: No, hits=-0.4, required=7.0, tests=BAYES_00,TVD_SPACE_RATIO
2008-10-05 16:10:12.994966500 4777 virus::clamav plugin: Changing permissions on file to permit scanner access
2008-10-05 16:10:13.254835500 4777 virus::clamav plugin: clamscan results: /var/spool/qpsmtpd/1223230207:4777:0: OK
2008-10-05 16:10:13.264091500 4777 logging::logterse plugin: ` 209.191.69.68 web30306.mail.mud.yahoo.com web30306.mail.mud.yahoo.com <pppp@yahoo.com> <ventas@nnnn.com> queued <270540.18416.qm@web30306.mail.mud.yahoo.com> No, hits=-0.4 required=7.0_
2008-10-05 16:10:13.275735500 4795 queue::qmail_2dqueue plugin: (for 4777 ) Queuing qp 4795 to /var/qmail/bin/qmail-queue
2008-10-05 16:10:13.716692500 4777 250 Queued! 1223230213 qp 4795 <270540.18416.qm@web30306.mail.mud.yahoo.com>
2008-10-05 16:10:13.944803500 4777 dispatching QUIT
2008-10-05 16:10:13.948851500 4777 221 canje.com closing connection. Have a wonderful day.
2008-10-05 16:10:13.948860500 4777 click, disconnecting

Im using the ones instructed on the email wiki...so...to the gurus: wich one is failing and how to remove it? (as already stated before im very noob to linux)

Also maybe make this post a sticky? this makes every mail rejected, is a big issue IMO

PS: in fact i think that the info i used to activate mines are from this wiki:
http://wiki.contribs.org/Updating_to_SME_7.2#RHSBL_Servers
http://wiki.contribs.org/Updating_to_SME_7.2#DNSBL_Servers
My actual qpsmtpd config is:
Code: [Select]
[root@server ~]# config show qpsmtpd
qpsmtpd=service
    Bcc=disabled
    BccMode=cc
    BccUser=maillog
    DNSBL=disabled
    LogLevel=6
    MaxScannerSize=25000000
    RBLList=zen.spamhaus.org:whois.rfc-ignorant.org:dnsbl.njabl.org
    RHSBL=disabled
    RequireResolvableFromHost=yes
    SBLList=bogusmx.rfc-ignorant.org:multi.surbl.org:black.uribl.com:rhsbl.sorbs.net:bulk.rhs.mailpolice.com:fraud.rhs.mailpolice.com:porn.rhs.mailpolice.com:adult.rhs.mailpolice.com:ex.dnsbl.org:blackhole.securitysage.com
    access=public
    qplogsumm=disabled
    status=enabled
And if that is the case maybe a sticky is not necessary...
« Last Edit: October 05, 2008, 08:59:30 PM by Trashman »

Offline cactus

  • *
  • 4,880
  • +3/-0
    • http://www.snetram.nl
Re: RBL SBL and mail rejection since yesterday
« Reply #1 on: October 05, 2008, 09:13:45 PM »
Please follow the instructions in this message.

To go short:
A bug has been raised for it: http://bugs.contribs.org/show_bug.cgi?id=4623
Configuration instructions have been updated. Details and pointers are in the linked forum post.
Be careful whose advice you buy, but be patient with those who supply it. Advice is a form of nostalgia, dispensing it is a way of fishing the past from the disposal, wiping it off, painting over the ugly parts and recycling it for more than its worth ~ Baz Luhrmann - Everybody's Free (To Wear Sunscreen)

Offline Trashman

  • *
  • 54
  • +0/-0
Re: RBL SBL and mail rejection since yesterday
« Reply #2 on: October 05, 2008, 09:16:29 PM »
Is not a good thing to start a post and after that answer yourself but im not eve sure if this is the answer, i found that apparently blackhole.securitysage.com have died:
http://www.dnsbl.com/2007/10/status-of-blackholesecuritysagecom-down.html

So, to disable it i do a
Code: [Select]
config setprop qpsmtpd SBLList \
bogusmx.rfc-ignorant.org:multi.surbl.org:black.uribl.com\
:rhsbl.sorbs.net:bulk.rhs.mailpolice.com:fraud.rhs.mailpolice.com\
:porn.rhs.mailpolice.com:adult.rhs.mailpolice.com:ex.dnsbl.org

And now is working...

And i think that i took the info from the sonoracom instruction...im not sure...im probably not the only one to suffer this tho...

PS: sorry cactus you posted at the same time than me...

Offline cactus

  • *
  • 4,880
  • +3/-0
    • http://www.snetram.nl
Re: RBL SBL and mail rejection since yesterday
« Reply #3 on: October 05, 2008, 09:37:44 PM »
PS: sorry cactus you posted at the same time than me...
It took a little longer as this was a coordinated effort by members of the SME Server team.
Be careful whose advice you buy, but be patient with those who supply it. Advice is a form of nostalgia, dispensing it is a way of fishing the past from the disposal, wiping it off, painting over the ugly parts and recycling it for more than its worth ~ Baz Luhrmann - Everybody's Free (To Wear Sunscreen)