Topic: zen.spamhaus.org not responding

[georgios]

Hi,

I see that our Smtps connections were a little bit more slow through thunderbird when sending email cause of:

2017-11-01 10:17:21.112884500 21686 (connect) dnsbl: zen.spamhaus.org query failed:  SERVFAIL


My DNSBL Zones (qpsmtpd RBLList) is:

• psbl.surriel.com
  zen.spamhaus.org
  bl.spamcop.net
  all.s5h.net
  b.barracudacentral.org

Indeed this DNS is not answering:

admin@srv:~$ nslookup zen.spamhaus.org
Server:         8.8.8.8
Address:        8.8.8.8#53

Non-authoritative answer:
*** Can't find zen.spamhaus.org: No answer


do you have the same problem?

[Daniel B.]

You should not use dnsbl/rhsbl when you set a dns forwarder, especially a popular one like 8.8.8.8. Anyway, your issue with Thunderbird is most likely not related to this because dnsbl do not run for connections from the lan. Please give more info on your setup, and more logs so we can understand what's going o.

[georgios]

HI Daniel, big day here today...at work..

So my setup works till August 2015 (at OVH DataCenter), Public IP directly:  in Mode erveronly

As I check on my logs, I had this zen.spamhaus.org query failed:  SERVFAIL since today/yesterday (not before), thats why my user told me that when sending emails, thunderbird was taking 10/15 sec.

From any connection or any server pc, i cant ping this.

I am using only DNSBL Zones (qpsmtpd RBLList):
psbl.surriel.com
zen.spamhaus.org
bl.spamcop.net
all.s5h.net
b.barracudacentral.org

And I have RHSBL disabled.

[Stefano]

Server only with public IP?

[georgios]

Yes.

[Stefano]

Not a smart idea, indeed
I strongly suggest you to reconfigure in server and gateway mode using dummy interface for LAN

[georgios]

I understood but this iP is filtered for spam attacks by our provider.

It’s an option to go to lan and gw but this setup works fine. (This server is not at our office but in datacenter)

For spamhaus what can I do for the fail ? Is for everyone ?

[Stefano]

On a SME in server only mode with a public IP, spam is your last problemi, believe me

[georgios]

hi,

Understood.
FYI, I am not using DNS 8.8.8.8, this was a test from other server.
pls find enclosed my setup attacched.

The reason that I am little bit "sad' is that my setup is working fine till 2Y.
The main problem from other IP when sending through Thunderbird could not be affected only by setting my SERVER by Public IP.

Each time (Now) I am sending a mail from Thunderbird I have from sqpsmtpd  logs dnsbl: zen.spamhaus.org query failed:  SERVFAIL

And I 2017-11-04 18:29:53.368080500 18884 Accepted connection 0/20 from 213... / Unknown
2017-11-04 18:29:53.368180500 18884 Connection from Unknown [213....]
2017-11-04 18:29:53.790583500 18884 (connect) tls: pass, connect via SMTPS
2017-11-04 18:29:54.791867500 18884 (connect) earlytalker: pass, not spontaneous
2017-11-04 18:29:54.792802500 18884 (connect) relay: skip, no match
2017-11-04 18:29:54.792917500 18884 (connect) check_badcountries: GeoIP Country: GR
2017-11-04 18:29:54.793799500 18884 (connect) check_badcountries: Country GR RemoteIP 213....
2017-11-04 18:30:19.882748500 18884 (connect) dnsbl: zen.spamhaus.org query failed:  SERVFAIL
2017-11-04 18:30:20.208472500 18884 (connect) dnsbl: pass
2017-11-04 18:30:20.208710500 18884 220 neomail.ifa.gr ESMTP
2017-11-04 18:30:20.324445500 18884 dispatching EHLO [10.0.0.1]
2017-11-04 18:30:20.326007500 18884 (ehlo) helo: pass
2017-11-04 18:30:20.326347500 18884 250-ifa.gr Hi Unknown [213....]

[georgios]

Seems to have find my problem. It has not to be done with the mode "server only".

After running command: dig 2.0.0.127.zen.spamhaus.org
from tutorial https://www.spamhaus.org/faq/section/DNSBL%20Usage#108 How do I check my DNS server results?

Having setup DNS with main DNS server from OVH (for Dedicated Server) : 213.186.33.99 - this command was getting no result, after adding a secondary DNS in "Manage Domain" from DNS Server I was able to get a result.

So my Provider DNS was problematic.

In my /var/log/sqpsmtpd/current logs:  dnsbl: pass

2017-11-04 22:46:07.427518500 25838 Accepted connection 0/20 from 213.249.5xxxxxx
2017-11-04 22:46:07.427609500 25838 Connection from Unknown [213.249x.x]
2017-11-04 22:46:07.822861500 25838 (connect) tls: pass, connect via SMTPS
2017-11-04 22:46:08.824237500 25838 (connect) earlytalker: pass, not spontaneous
2017-11-04 22:46:08.825241500 25838 (connect) relay: skip, no match
2017-11-04 22:46:08.860402500 25838 (connect) check_badcountries: GeoIP Country: GR
2017-11-04 22:46:08.860403500 25838 (connect) check_badcountries: Country GR RemoteIP 213.249.x.x
2017-11-04 22:46:09.138349500 25838 (connect) dnsbl: pass



SOrry guys !! 

[Daniel B.]

Don't use any DNS server at all. There's no need to (except in some very specific configurations). Sme has its own resolver. If you have to use a external resolver, then turn off dnsbl/rhsbl as you'll most likely exceed their daily requests quota. And you should really consider switching to server and gateway with a dummy nic

[Jean-Philippe Pialasse]

For using also OVH, I can confirm you can work with only SME internal DNS resolver.

Hence I confirm and emphasize both Daniel and Stefano comment :
- DO NOT, in any circumstance use SME SERVER as server only in a hosting service with a public IP. In such configuration, your server will consider part of the internet as local network, a huge security issue : so switch immediately to server gateway with dummy adapter as LAN.
- Unless you have really specific needs, you should not use an external resolver, SME has its own.