Hi,
I'm running several UTMs as hardware appliances, but I also do run one UTM Home Edition installation for my personal use.
Somehow I do have a problem integrating zen.spamhaus.org, When I add it do the DNSBLs for some reason mails don't get blocked by it and I don't understand why.
Any other DNSBL I add does work, zen.spamhaus.org not.
Does Sophos somehow prevent the use of it?
Is there any log I can check if it does query Spamhaus for data?
I received a new IP by my provider and still it doesn't work. At first I thought maybe Spamhaus blocked me, but their usage terms are pretty clear:
1) Your use of the Spamhaus DNSBLs is non-commercial*, and2) Your email traffic is less than 100,000 SMTP connections per day, and3) Your DNSBL query volume is less than 300,000 queries per day.
so I should be more than ok...
Thank you.
Hi wolfman1,
do you have the problem only in one or all or the UTMs?
BR
-
Tried two systems, same result.
Enabled debug log
https://community.sophos.com/kb/en-us/115325
looked up log
Looks like I'm not getting any data from Spamhaus.
19996 cached data used for lookup of myself.com_RBL_EXTRA19996 in /etc/exim.conf.profile19996 lookup yielded: sbl.spamhaus.org:xbl.spamhaus.org:ix.dnsbl.manitu.net:bb.barracudacentral.org:new.dnsbl.sorbs.net:bl.spamcop.net:spam.spamrats.com:db.wpbl.info:dul.dnsbl.sorbs.net:dnsbl-1.uceprotect.net:dnsbl-2.uceprotect.net19996 check dnslists = ${lookup{${lc:$domain}_RBL_EXTRA}nwildlsearch{/etc/exim.conf.profile}}19996 = sbl.spamhaus.org:xbl.spamhaus.org:ix.dnsbl.manitu.net:bb.barracudacentral.org:new.dnsbl.sorbs.net:bl.spamcop.net:spam.spamrats.com:db.wpbl.info:dul.dnsbl.sorbs.net:dnsbl-1.uceprotect.net:dnsbl-2.uceprotect.net19996 DNS list check: sbl.spamhaus.org19996 new DNS lookup for 85.150.142.213.sbl.spamhaus.org19996 DNS lookup of 85.150.142.213.sbl.spamhaus.org (A) gave HOST_NOT_FOUND19996 returning DNS_NOMATCH19996 DNS lookup for 85.150.142.213.sbl.spamhaus.org failed19996 => that means 213.142.150.85 is not listed at sbl.spamhaus.org19996 DNS list check: xbl.spamhaus.org19996 new DNS lookup for 85.150.142.213.xbl.spamhaus.org19996 DNS lookup of 85.150.142.213.xbl.spamhaus.org (A) gave HOST_NOT_FOUND19996 returning DNS_NOMATCH19996 DNS lookup for 85.150.142.213.xbl.spamhaus.org failed19996 => that means 213.142.150.85 is not listed at xbl.spamhaus.org19996 DNS list check: ix.dnsbl.manitu.net19996 new DNS lookup for 85.150.142.213.ix.dnsbl.manitu.net19996 DNS lookup of 85.150.142.213.ix.dnsbl.manitu.net (A) gave HOST_NOT_FOUND19996 returning DNS_NOMATCH19996 DNS lookup for 85.150.142.213.ix.dnsbl.manitu.net failed19996 => that means 213.142.150.85 is not listed at ix.dnsbl.manitu.net19996 DNS list check: bb.barracudacentral.org19996 new DNS lookup for 85.150.142.213.bb.barracudacentral.org19996 DNS lookup of 85.150.142.213.bb.barracudacentral.org (A) gave HOST_NOT_FOUND19996 returning DNS_NOMATCH19996 DNS lookup for 85.150.142.213.bb.barracudacentral.org failed19996 => that means 213.142.150.85 is not listed at bb.barracudacentral.org19996 DNS list check: new.dnsbl.sorbs.net19996 new DNS lookup for 85.150.142.213.new.dnsbl.sorbs.net19996 DNS lookup of 85.150.142.213.new.dnsbl.sorbs.net (A) gave HOST_NOT_FOUND19996 returning DNS_NOMATCH19996 DNS lookup for 85.150.142.213.new.dnsbl.sorbs.net failed19996 => that means 213.142.150.85 is not listed at new.dnsbl.sorbs.net19996 DNS list check: bl.spamcop.net19996 new DNS lookup for 85.150.142.213.bl.spamcop.net19996 DNS lookup of 85.150.142.213.bl.spamcop.net (A) gave HOST_NOT_FOUND19996 returning DNS_NOMATCH19996 DNS lookup for 85.150.142.213.bl.spamcop.net failed19996 => that means 213.142.150.85 is not listed at bl.spamcop.net19996 DNS list check: spam.spamrats.com19996 new DNS lookup for 85.150.142.213.spam.spamrats.com19996 DNS lookup of 85.150.142.213.spam.spamrats.com (A) succeeded19996 DNS lookup for 85.150.142.213.spam.spamrats.com succeeded (yielding 127.0.0.38)19996 DNS lookup of 85.150.142.213.spam.spamrats.com (TXT) succeeded19996 => that means 213.142.150.85 is listed at spam.spamrats.com19996 check set acl_c0 = rbl19996 check set acl_c1 = $dnslist_domain19996 = spam.spamrats.com19996 search_open: pgsql "NULL"19996 cached open19996 search_find: file="NULL"...19996 H=(lootsnap.icu) [213.142.150.85]:10407 F=<morale@lootsnap.icu> rejected RCPT <me@myself.com>: 213.142.150.85 blacklisted at spam.spamrats.com
Thing is that during that time 213.142.150.85] was listed (from Spamhaus website)":
213.142.150.85 is listed in the SBL, in the following records:
So why is Spamhaus giving me empty results?
I've used dig to manually check and got nothing with Spamhaus:
dig 85.150.142.213.sbl.spamhaus.org
; <<>> DiG 9.9.6-P1 <<>> 85.150.142.213.sbl.spamhaus.org;; global options: +cmd;; Got answer:;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 22630;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
;; OPT PSEUDOSECTION:; EDNS: version: 0, flags:; udp: 4096;; QUESTION SECTION:;85.150.142.213.sbl.spamhaus.org. IN A
;; AUTHORITY SECTION:sbl.spamhaus.org. 9 IN SOA need.to.know.only. hostmaster.spamhaus.org. 2002102209 3600 600 432000 10
;; Query time: 15 msec;; SERVER: 127.0.0.1#53(127.0.0.1);; WHEN: Mon Feb 10 23:10:28 CET 2020;; MSG SIZE rcvd: 124
using dig with Spamrats gave me a result:dig 85.150.142.213.spam.spamrats.com
; <<>> DiG 9.9.6-P1 <<>> 85.150.142.213.spam.spamrats.com;; global options: +cmd;; Got answer:;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 51361;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 13, ADDITIONAL: 14
;; OPT PSEUDOSECTION:; EDNS: version: 0, flags:; udp: 4096;; QUESTION SECTION:;85.150.142.213.spam.spamrats.com. IN A
;; ANSWER SECTION:85.150.142.213.spam.spamrats.com. 475 IN A 127.0.0.38
And while writing all this down I gave it another thought and started to remember why it is not working. Stupid me!!! NEVER USE GOOGLE DNS!!!
https://www.spamhaus.org/faq/section/DNSBL%2520Usage#261
Your DNSBL blocks nothing at all!
First, check our FAQ answer for "Your DNSBL blocks the whole Internet!" and make sure you've not made a spelling mistake in your mailserver configuration.
Check what DNS resolvers you are using: If you are using a free "open DNS resolver" service such as the Google Public DNS (8.8.8.8) and others (eg. Alternate DNS, Comodo Secure, DNS.Watch, DynDNS, FreeDNS, Hurricane, NeuStar DNS Advantage, Norton ConnectSafe, OpenNIC, Puncat, Quad9, SafeDNS, Uncensored, Verisign, Yandex.DNS), or large cloud/outsourced public DNS servers, such as Level3's, Verizon's or AT&T's to resolve your DNSBL requests, in most cases you will receive a "not listed" (NXDOMAIN) reply from Spamhaus' public DNSBL servers. We recommend using your own DNS servers when doing DNSBL queries to Spamhaus. If this is not possible, contact us for other options.
And of course I do have Google DNS 8.8.8.8 set in my Sophos UTM
After setting DNS to Cloudflare 1.1.1.1 and my provider as a backup Spamhaus is working again:
dig 85.150.142.213.zen.spamhaus.org; <<>> DiG 9.9.6-P1 <<>> 85.150.142.213.zen.spamhaus.org;; global options: +cmd;; Got answer:;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 44321;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 13, ADDITIONAL: 1
;; OPT PSEUDOSECTION:; EDNS: version: 0, flags:; udp: 4096;; QUESTION SECTION:;85.150.142.213.zen.spamhaus.org. IN A
;; ANSWER SECTION:85.150.142.213.zen.spamhaus.org. 60 IN A 127.0.0.3
Whoop whoop!
And btw: Maybe Sophos could get their documenation straight:
https://community.sophos.com/kb/en-us/120283
They are suggesting Google, but maybe they should add if you choose Google for DNS that Spamhaus will not work!!!
just checked my log to make sure spamhaus was working. Glad to hear you find the DNS Server as cause for that. I agree Sophos could add a note in that KBA. (But after all it's not direct UTM related)Again, thanks for posting your results.
Best regards
Alex
Good work, wolfman1!
That KB article was copied years ago from my DNS best practice post and then only reformatted last year. My post has been updated many times (note the Change Log at the bottom of the post) since someone copied it. I just added your caution about using Google DNS.
Cheers - Bob