[Outages-discussion] [outages] zen.spamhaus.org not resolving

Colin Edwards colin.p.edwards at gmail.com
Tue Apr 20 16:36:48 EDT 2021 

There's relevant info and links in the replies on this twitter thread
https://twitter.com/EdwardsCP/status/1382336908047437828?s=19
Short of it is that:
 (1) spamhaus is starting to reject queries from open resolvers
(2) there are new query replies that postfix (and other MTAs) needs to be
reconfigured to handle.   Otherwise the response indicating you're query
was rejected because it was through an open resolvers might be treated like
the mail sender is present on the zen dnsbl and you will drop all
connections (like I experienced last week).

On Tue, Apr 20, 2021, 1:14 PM Jared Geiger <compuwizz at gmail.com> wrote:

> I'm seeing errors like this in postfix logs:
>
> postfix/smtpd[7313]: NOQUEUE: reject: RCPT from mail-il1-f175.google.com[209.85.166.175]:
> 554 5.7.1 Service unavailable; Client host [209.85.166.175] blocked using
> zen.spamhaus.org; Error: open resolver;
>
> dig -t A 175.166.85.209.zen.spamhaus.org
>
> ; <<>> DiG 9.11.3-1ubuntu1.14-Ubuntu <<>> -t A
> 175.166.85.209.zen.spamhaus.org
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 37668
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
>
> ;; OPT PSEUDOSECTION:
> ; EDNS: version: 0, flags:; udp: 65494
> ;; QUESTION SECTION:
> ;175.166.85.209.zen.spamhaus.org. IN    A
>
> ;; ANSWER SECTION:
> 175.166.85.209.zen.spamhaus.org. 2100 IN A      127.255.255.254
>
> ;; Query time: 18 msec
> ;; SERVER: 127.0.0.53#53(127.0.0.53)
> ;; WHEN: Tue Apr 20 17:04:19 UTC 2021
> ;; MSG SIZE  rcvd: 76
>
>
>
> On Tue, Apr 20, 2021 at 8:35 AM Stephane Bortzmeyer <bortzmeyer at nic.fr>
> wrote:
>
>> On Tue, Apr 20, 2021 at 11:18:28AM -0400,
>>  eric-list at truenet.com <eric-list at truenet.com> wrote
>>  a message of 489 lines which said:
>>
>> > I wonder if it’s regional?
>>
>> Regional no, but "it depends". RIPE Atlas probes show that many probes
>> get a wrong answer:
>>
>> % blaeu-resolve --requested 100 --type A --country US
>> 2.0.0.127.zen.spamhaus.org
>> [127.0.0.10 127.0.0.2 127.0.0.4] : 65 occurrences
>> [] : 5 occurrences
>> [ERROR: NXDOMAIN] : 18 occurrences
>> [ERROR: SERVFAIL] : 3 occurrences
>> Test #29757014 done at 2021-04-20T15:26:46Z
>>
>> Less issues (but not zero) in France :
>>
>> % blaeu-resolve --requested 100 --type A --country FR
>> 2.0.0.127.zen.spamhaus.org
>> [127.0.0.10 127.0.0.2 127.0.0.4] : 66 occurrences
>> [ERROR: NXDOMAIN] : 10 occurrences
>> [ERROR: SERVFAIL] : 1 occurrences
>> Test #29757016 done at 2021-04-20T15:28:15Z
>>
>> _______________________________________________
>> Outages-discussion mailing list
>> Outages-discussion at outages.org
>> https://puck.nether.net/mailman/listinfo/outages-discussion
>>
> _______________________________________________
> Outages-discussion mailing list
> Outages-discussion at outages.org
> https://puck.nether.net/mailman/listinfo/outages-discussion
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/outages-discussion/attachments/20210420/fccb9262/attachment.htm>

More information about the Outages-discussion mailing list