All incoming e-mails blocked by RBL

webaltern

Verified User
Joined
Feb 10, 2008
Messages
173
Location
Québec, Canada
Hi,

I have setup a new VPS with DA for one of your customer... But ALL the incoming mail are blocked by the RBL (when RBL blocking is activated).

Each time we send a mail to one of the e-mail hosted on this vps we got the following error message:

INVALID_ADDRESS, ERROR_CODE :550, ERROR_CODE :Email blocked by cbl.abuseat.org
But, I know that the IP of the sending server is not blacklisted by clb.abuseat.org and I also know that the e-mail address exist on the receiving server, because when RBL Blocking are off, I can receive e-mail on this VPS without issue...

Did someone have a clue on this issue?

Sorry for my bad english, thats not my primary language.

Regards,
 

Richard G

Verified User
Joined
Jul 6, 2008
Messages
4,584
Location
Maastricht
It's very difficult to help you without any domains or ip addresses to do some checks.
But due to the error notice, it looks like the receiving ip (so the VPS ip) is blacklisted in the abuseat spamlist (and maybe more).
 

webaltern

Verified User
Joined
Feb 10, 2008
Messages
173
Location
Québec, Canada
Hi Richard,

the sending and receiving server are not blacklisted anywhere.... It's really a false positive issue.

I can try to send to this server from everywhere (from my others DA servers, from gmail, from hotmail, from gmx, etc) and each time we get this error message.

I have tried to remove clb.abuseat.org from the exim configuration but we get the same message but abuseat are replaced with spamhaus (the next rbl in the exim configuration). and again, the IP are clean and not blacklisted. So I know it's a RBL checking problem somewhere...and each time it's return a false positive... maybe a missing library on the server or something that prevent the rbl checking to be done correctly.

Receiving server ip: 5.135.192.139 (the one who make the false positive and reject all incoming e-mail where rbl are ON)
Yes it's clean: https://mxtoolbox.com/SuperTool.aspx?action=blacklist:5.135.192.139&run=toolpage


Regards,
 

Richard G

Verified User
Joined
Jul 6, 2008
Messages
4,584
Location
Maastricht
That is very odd indeed, or très curieus like you French say, correct? :)

Anyway, nothing really to laugh about. Could you send me an email address which is on that server per pm? I could try to send 2 test messages, one from my company and one from my hobby site on another server, see what exactly happens.

Do you use the latest exim.pl and the latest spamblocker exim.conf file?

Before I forget... anything to be found in /var/log/exim/mainlog or /var/log/exim/rejectlog or paniclog?
 
Last edited:

webaltern

Verified User
Joined
Feb 10, 2008
Messages
173
Location
Québec, Canada
Hi Richard,

That is very odd indeed, or très curieus like you French say, correct?
It's almost that... it's: C'est très curieux (is very curious) or C'est très étrange (It's very strange)

actually the RBL are deactivated. So all e-mail can go to the user mailboxes without issue... But you can add me on skype: webalternativeorg
and I will give you a test e-mail address on my customer domain and I will temporary enable the RBL for your tests... I don't want to keep it enabled at this time since my customer can't receive any mails when rbl is on....

Yes, we use the lastest exim.conf and exim.pl.

The exim log said almost the same this as the error message in my first post : 2016-12-10 13:48:16 H=sender163-mail.zoho.com [74.201.84.163] X=TLSv1:ECDHE-RSA-AES256-SHA:256 CV=no F=<services@webalternative.ca> rejected RCPT <xxxx@xxxxxxxxx.com>: Email blocked by cbl.abuseat.org
 

Richard G

Verified User
Joined
Jul 6, 2008
Messages
4,584
Location
Maastricht
Ah at first I typed it with an x but then I changed it. I was doubting if it was with s or x. But almost then. :)
I'll have a look if I can still find my skype account, I almost never use it.
A pm would have been easier, because I'm not at my pc all the time but I'll try to reach you. I can't speak French by the way, it's too long ago that I've had that at school and after that almost never spoke or wrote it again.
 

Richard G

Verified User
Joined
Jul 6, 2008
Messages
4,584
Location
Maastricht
Oke we looked and did some test, mails get blocked on connection by the RBL.
The use_rbl_domains is linked to domains so that is also good, DNS is good... I'm out of idea's.
Hopefully somebody else (maybe Zeiter or Sellerone) have some clues for you?
 

webaltern

Verified User
Joined
Feb 10, 2008
Messages
173
Location
Québec, Canada
Oke we looked and did some test, mails get blocked on connection by the RBL.
The use_rbl_domains is linked to domains so that is also good, DNS is good... I'm out of idea's.
Hopefully somebody else (maybe Zeiter or Sellerone) have some clues for you?
Thank you for your help Richard. Hope someone else can give me a clue about this issue
 

SeLLeRoNe

Super Moderator
Joined
Oct 9, 2004
Messages
6,793
Location
A Coruña, Spain
Hi Philippe,

can you please confirm:
Exim Version
Exim Conf Version
BlockCracking Version
EasySpamFighter version

Also, can you provide an email address to test with?

Thanks
Best regard
 

webaltern

Verified User
Joined
Feb 10, 2008
Messages
173
Location
Québec, Canada
Hi,

can you please confirm:
Exim Version
Installed version of Exim: 4.87

Exim Conf Version
Installed version of exim.conf: 4.5.1

BlockCracking Version
Installed version of BlockCracking: 1.6

EasySpamFighter version
Installed version of Easy Spam Fighter: 1.14

Also, can you provide an email address to test with?
Add me on skype (webalternativeorg) and I will be happy to put RBL to ON and give you a test adress to check as I don't want to let the RBL to ON as my customer can't receive any e-mails when it's ON.

Regards,
 

yonatanp

Verified User
Joined
Aug 25, 2006
Messages
57
Location
Israel
Hello,
I can confirm we see a similar issue,
server is monitored for blocks, all tests show the server is not blacklisted.

all incoming mail gets blocked with SPAMHAUS as the reason.

when we go to
Administrator Settings > email, and set RBL to NO ,
then the mail works fine.
otherwise, a false positive match for SPAMHAUS block(?)

current version:
da build 1.2.41
Exim version 4.87 #1 built 14-Dec-2016 12:14:25
SpamBlocker.exim.conf.2.1.1-release

everything was perfect until today, this morning.
no spam alerts on the server.

what were your conclusions for the tests you have run so far?




Delivery to the following recipient failed permanently:

user@example.com

Technical details of permanent failure:
Google tried to deliver your message, but it was rejected by the server for the recipient domain example.com by mail.example.com. [81.218.X.X].

The error that the other server returned was:
550 Email blocked by SPAMHAUS - to unblock see
 

SeLLeRoNe

Super Moderator
Joined
Oct 9, 2004
Messages
6,793
Location
A Coruña, Spain
The issue with the user was related to /etc/resolv.conf
Changing the DNS the server was using (they were COMODO Free DNS) with Google ones (8.8.8.8 and 8.8.4.4) fixed the issue.

Best regards
 

yonatanp

Verified User
Joined
Aug 25, 2006
Messages
57
Location
Israel
Thank you!,
i can confirm that after commenting out the ISP dns and adding open dns , the issue was resolved.
]# cat /etc/resolv.conf
nameserver 127.0.0.1
#nameserver 192.115.106.10
nameserver 208.67.222.222
nameserver 208.67.220.220
using openDNS from : http://208.69.38.205
 
Last edited:

Richard G

Verified User
Joined
Jul 6, 2008
Messages
4,584
Location
Maastricht
Changing the DNS the server was using (they were COMODO Free DNS) with Google ones (8.8.8.8 and 8.8.4.4) fixed the issue.
Watch it, you might need to use other DNS servers then the Google ones.

I had an issue that RBL were not checked at all anymore because of a limit on the Google DNS servers and everybody received more spam.
If that is happening, change your google DNS servers to some other, maybe opendns or ask your provider/datacenter.
 

webaltern

Verified User
Joined
Feb 10, 2008
Messages
173
Location
Québec, Canada
The issue with the user was related to /etc/resolv.conf
Changing the DNS the server was using (they were COMODO Free DNS) with Google ones (8.8.8.8 and 8.8.4.4) fixed the issue.

Best regards
Yes, thank SeLLeRoNe for solving my issue. We are currently build our own dns server to avoid this problem in the futur.

Regards,
 
Top