Koozali.org: home of the SME Server

Obsolete Releases => SME 7.x Contribs => Topic started by: Trashman on October 05, 2008, 08:14:42 PM

Title: RBL SBL and mail rejection since yesterday
Post by: Trashman on October 05, 2008, 08:14:42 PM

Ok, some of the rbl or sbl list started to sent bad data, how did i notice? look:

Code: [Select]

2008-10-05 15:56:50.614683500 14411 Accepted connection 0/40 from 209.191.69.63 / web30301.mail.mud.yahoo.com
2008-10-05 15:56:50.616696500 14411 Connection from web30301.mail.mud.yahoo.com [209.191.69.63]
2008-10-05 15:56:51.757156500 14411 check_earlytalker plugin: remote host said nothing spontaneous, proceeding
2008-10-05 15:56:51.808260500 14411 220 server.canje.com ESMTP
2008-10-05 15:56:52.011134500 14411 dispatching HELO web30301.mail.mud.yahoo.com
2008-10-05 15:56:52.018009500 14411 250 canje.com Hi web30301.mail.mud.yahoo.com [209.191.69.63]; I am so happy to meet you.
2008-10-05 15:56:52.211116500 14411 dispatching MAIL FROM:<pppp@yahoo.com>
2008-10-05 15:56:52.216132500 14411 full from_parameter: FROM:<pppp@yahoo.com>
2008-10-05 15:56:52.216141500 14411 from email address : [<pppp@yahoo.com>]
2008-10-05 15:56:52.484116500 14411 getting mail from <pppp@yahoo.com>
2008-10-05 15:56:52.485679500 14411 250 <pppp@yahoo.com>, sender OK - how exciting to get mail from you!
2008-10-05 15:56:52.681076500 14411 dispatching RCPT TO:<ventas@nnnn.com>
2008-10-05 15:56:52.681084500 14411 to email address : [<ventas@nnnn.com>]
2008-10-05 15:56:52.718318500 14411 logging::logterse plugin: ` 209.191.69.63 web30301.mail.mud.yahoo.com web30301.mail.mud.yahoo.com <pppp@yahoo.com> rhsbl 901 This list is offline. Please stop querying for it. msg denied before queued
2008-10-05 15:56:52.721874500 14411 550 This list is offline. Please stop querying for it.
2008-10-05 15:56:52.923061500 14411 dispatching QUIT
2008-10-05 15:56:52.928054500 14411 221 canje.com closing connection. Have a wonderful day.
2008-10-05 15:56:52.928062500 14411 click, disconnecting

And after disabling the lists:

Code: [Select]

2008-10-05 16:10:04.466252500 4777 Accepted connection 0/40 from 209.191.69.68 / web30306.mail.mud.yahoo.com
2008-10-05 16:10:04.468386500 4777 Connection from web30306.mail.mud.yahoo.com [209.191.69.68]
2008-10-05 16:10:05.627132500 4777 check_earlytalker plugin: remote host said nothing spontaneous, proceeding
2008-10-05 16:10:05.646247500 4777 220 server.canje.com ESMTP
2008-10-05 16:10:05.872151500 4777 dispatching HELO web30306.mail.mud.yahoo.com
2008-10-05 16:10:05.881332500 4777 250 canje.com Hi web30306.mail.mud.yahoo.com [209.191.69.68]; I am so happy to meet you.
2008-10-05 16:10:06.098116500 4777 dispatching MAIL FROM:<pppp@yahoo.com>
2008-10-05 16:10:06.098125500 4777 full from_parameter: FROM:<pppp@yahoo.com>
2008-10-05 16:10:06.098936500 4777 from email address : [<pppp@yahoo.com>]
2008-10-05 16:10:06.637563500 4777 getting mail from <pppp@yahoo.com>
2008-10-05 16:10:06.639843500 4777 250 <pppp@yahoo.com>, sender OK - how exciting to get mail from you!
2008-10-05 16:10:06.864080500 4777 dispatching RCPT TO:<ventas@nnnn.com>
2008-10-05 16:10:06.869081500 4777 to email address : [<ventas@nnnn.com>]
2008-10-05 16:10:06.887142500 4777 check_goodrcptto plugin: stripping '-' extensions
2008-10-05 16:10:06.953177500 4777 250 <ventas@nnnn.com>, recipient ok
2008-10-05 16:10:07.182071500 4777 dispatching DATA
2008-10-05 16:10:07.182078500 4777 354 go ahead
2008-10-05 16:10:07.409133500 4777 spooling message to disk
2008-10-05 16:10:12.970089500 4777 spamassassin plugin: check_spam: No, hits=-0.4, required=7.0, tests=BAYES_00,TVD_SPACE_RATIO
2008-10-05 16:10:12.994966500 4777 virus::clamav plugin: Changing permissions on file to permit scanner access
2008-10-05 16:10:13.254835500 4777 virus::clamav plugin: clamscan results: /var/spool/qpsmtpd/1223230207:4777:0: OK
2008-10-05 16:10:13.264091500 4777 logging::logterse plugin: ` 209.191.69.68 web30306.mail.mud.yahoo.com web30306.mail.mud.yahoo.com <pppp@yahoo.com> <ventas@nnnn.com> queued <270540.18416.qm@web30306.mail.mud.yahoo.com> No, hits=-0.4 required=7.0_
2008-10-05 16:10:13.275735500 4795 queue::qmail_2dqueue plugin: (for 4777 ) Queuing qp 4795 to /var/qmail/bin/qmail-queue
2008-10-05 16:10:13.716692500 4777 250 Queued! 1223230213 qp 4795 <270540.18416.qm@web30306.mail.mud.yahoo.com>
2008-10-05 16:10:13.944803500 4777 dispatching QUIT
2008-10-05 16:10:13.948851500 4777 221 canje.com closing connection. Have a wonderful day.
2008-10-05 16:10:13.948860500 4777 click, disconnecting

Im using the ones instructed on the email wiki...so...to the gurus: wich one is failing and how to remove it? (as already stated before im very noob to linux)

Also maybe make this post a sticky? this makes every mail rejected, is a big issue IMO

PS: in fact i think that the info i used to activate mines are from this wiki:
http://wiki.contribs.org/Updating_to_SME_7.2#RHSBL_Servers
http://wiki.contribs.org/Updating_to_SME_7.2#DNSBL_Servers
My actual qpsmtpd config is:

Code: [Select]

[root@server ~]# config show qpsmtpd
qpsmtpd=service
    Bcc=disabled
    BccMode=cc
    BccUser=maillog
    DNSBL=disabled
    LogLevel=6
    MaxScannerSize=25000000
    RBLList=zen.spamhaus.org:whois.rfc-ignorant.org:dnsbl.njabl.org
    RHSBL=disabled
    RequireResolvableFromHost=yes
    SBLList=bogusmx.rfc-ignorant.org:multi.surbl.org:black.uribl.com:rhsbl.sorbs.net:bulk.rhs.mailpolice.com:fraud.rhs.mailpolice.com:porn.rhs.mailpolice.com:adult.rhs.mailpolice.com:ex.dnsbl.org:blackhole.securitysage.com
    access=public
    qplogsumm=disabled
    status=enabled
And if that is the case maybe a sticky is not necessary...

Title: Re: RBL SBL and mail rejection since yesterday
Post by: cactus on October 05, 2008, 09:13:45 PM

Please follow the instructions in this message (http://forums.contribs.org/index.php?topic=42252.0).

To go short:
A bug has been raised for it: http://bugs.contribs.org/show_bug.cgi?id=4623
Configuration instructions have been updated. Details and pointers are in the linked forum post.

Title: Re: RBL SBL and mail rejection since yesterday
Post by: Trashman on October 05, 2008, 09:16:29 PM

Is not a good thing to start a post and after that answer yourself but im not eve sure if this is the answer, i found that apparently blackhole.securitysage.com have died:
http://www.dnsbl.com/2007/10/status-of-blackholesecuritysagecom-down.html

So, to disable it i do a

Code: [Select]

config setprop qpsmtpd SBLList \
bogusmx.rfc-ignorant.org:multi.surbl.org:black.uribl.com\
:rhsbl.sorbs.net:bulk.rhs.mailpolice.com:fraud.rhs.mailpolice.com\
:porn.rhs.mailpolice.com:adult.rhs.mailpolice.com:ex.dnsbl.org
And now is working...

And i think that i took the info from the sonoracom instruction...im not sure...im probably not the only one to suffer this tho...

PS: sorry cactus you posted at the same time than me...

Title: Re: RBL SBL and mail rejection since yesterday
Post by: cactus on October 05, 2008, 09:37:44 PM

Quote from: Trashman on October 05, 2008, 09:16:29 PM

PS: sorry cactus you posted at the same time than me...

It took a little longer as this was a coordinated effort by members of the SME Server team.