<div dir="auto">There's relevant info and links in the replies on this twitter thread <a href="https://twitter.com/EdwardsCP/status/1382336908047437828?s=19">https://twitter.com/EdwardsCP/status/1382336908047437828?s=19</a><div dir="auto">Short of it is that:</div><div dir="auto"> (1) spamhaus is starting to reject queries from open resolvers</div><div dir="auto">(2) there are new query replies that postfix (and other MTAs) needs to be reconfigured to handle. Otherwise the response indicating you're query was rejected because it was through an open resolvers might be treated like the mail sender is present on the zen dnsbl and you will drop all connections (like I experienced last week).</div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Tue, Apr 20, 2021, 1:14 PM Jared Geiger <<a href="mailto:compuwizz@gmail.com">compuwizz@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">I'm seeing errors like this in postfix logs:<div><br></div><div>postfix/smtpd[7313]: NOQUEUE: reject: RCPT from <a href="http://mail-il1-f175.google.com" target="_blank" rel="noreferrer">mail-il1-f175.google.com</a>[209.85.166.175]: 554 5.7.1 Service unavailable; Client host [209.85.166.175] blocked using <a href="http://zen.spamhaus.org" target="_blank" rel="noreferrer">zen.spamhaus.org</a>; Error: open resolver;<br></div><div><br></div><div>dig -t A <a href="http://175.166.85.209.zen.spamhaus.org" target="_blank" rel="noreferrer">175.166.85.209.zen.spamhaus.org</a><br><br>; <<>> DiG 9.11.3-1ubuntu1.14-Ubuntu <<>> -t A <a href="http://175.166.85.209.zen.spamhaus.org" target="_blank" rel="noreferrer">175.166.85.209.zen.spamhaus.org</a><br>;; global options: +cmd<br>;; Got answer:<br>;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 37668<br>;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1<br><br>;; OPT PSEUDOSECTION:<br>; EDNS: version: 0, flags:; udp: 65494<br>;; QUESTION SECTION:<br>;<a href="http://175.166.85.209.zen.spamhaus.org" target="_blank" rel="noreferrer">175.166.85.209.zen.spamhaus.org</a>. IN A<br><br>;; ANSWER SECTION:<br><a href="http://175.166.85.209.zen.spamhaus.org" target="_blank" rel="noreferrer">175.166.85.209.zen.spamhaus.org</a>. 2100 IN A 127.255.255.254<br><br>;; Query time: 18 msec<br>;; SERVER: 127.0.0.53#53(127.0.0.53)<br>;; WHEN: Tue Apr 20 17:04:19 UTC 2021<br>;; MSG SIZE rcvd: 76<br></div><div><br></div><div><br></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Tue, Apr 20, 2021 at 8:35 AM Stephane Bortzmeyer <<a href="mailto:bortzmeyer@nic.fr" target="_blank" rel="noreferrer">bortzmeyer@nic.fr</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">On Tue, Apr 20, 2021 at 11:18:28AM -0400,<br>
<a href="mailto:eric-list@truenet.com" target="_blank" rel="noreferrer">eric-list@truenet.com</a> <<a href="mailto:eric-list@truenet.com" target="_blank" rel="noreferrer">eric-list@truenet.com</a>> wrote <br>
a message of 489 lines which said:<br>
<br>
> I wonder if it’s regional?<br>
<br>
Regional no, but "it depends". RIPE Atlas probes show that many probes<br>
get a wrong answer:<br>
<br>
% blaeu-resolve --requested 100 --type A --country US <a href="http://2.0.0.127.zen.spamhaus.org" rel="noreferrer noreferrer" target="_blank">2.0.0.127.zen.spamhaus.org</a><br>
[127.0.0.10 127.0.0.2 127.0.0.4] : 65 occurrences<br>
[] : 5 occurrences<br>
[ERROR: NXDOMAIN] : 18 occurrences<br>
[ERROR: SERVFAIL] : 3 occurrences<br>
Test #29757014 done at 2021-04-20T15:26:46Z<br>
<br>
Less issues (but not zero) in France :<br>
<br>
% blaeu-resolve --requested 100 --type A --country FR <a href="http://2.0.0.127.zen.spamhaus.org" rel="noreferrer noreferrer" target="_blank">2.0.0.127.zen.spamhaus.org</a><br>
[127.0.0.10 127.0.0.2 127.0.0.4] : 66 occurrences<br>
[ERROR: NXDOMAIN] : 10 occurrences<br>
[ERROR: SERVFAIL] : 1 occurrences<br>
Test #29757016 done at 2021-04-20T15:28:15Z<br>
<br>
_______________________________________________<br>
Outages-discussion mailing list<br>
<a href="mailto:Outages-discussion@outages.org" target="_blank" rel="noreferrer">Outages-discussion@outages.org</a><br>
<a href="https://puck.nether.net/mailman/listinfo/outages-discussion" rel="noreferrer noreferrer" target="_blank">https://puck.nether.net/mailman/listinfo/outages-discussion</a><br>
</blockquote></div>
_______________________________________________<br>
Outages-discussion mailing list<br>
<a href="mailto:Outages-discussion@outages.org" target="_blank" rel="noreferrer">Outages-discussion@outages.org</a><br>
<a href="https://puck.nether.net/mailman/listinfo/outages-discussion" rel="noreferrer noreferrer" target="_blank">https://puck.nether.net/mailman/listinfo/outages-discussion</a><br>
</blockquote></div>