Hello, I have newly again some problems with openresolver, this time with a yunohost 12.1.33.
Somenoene advise me somme message were not delivered with because of zenspamhaus have problems with openresolver…
Asking on chat support I have try
cat /etc/resolv.conf
# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
# DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
# 127.0.0.53 is the systemd-resolved stub resolver.
# run "resolvectl status" to see details about the actual nameservers.
nameserver 127.0.0.1
cat /var/spool/postfix/etc/resolv.conf
# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
# DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
# 127.0.0.53 is the systemd-resolved stub resolver.
# run "resolvectl status" to see details about the actual nameservers.
nameserver 127.0.0.1
dig +short 23.129.209.213.zen.spamhaus.org
127.0.0.2
127.0.0.9
all normal, so I have try as someone explain edit /usr/share/yunohost/conf/dnsmasq/plain/resolv.dnsmasq.conf to comment the DNS4all Ips resolver and dor a yunohost tools regen-conf dsnmasq -f . The message could arrive without error this time.
But later I found this diagnosis
[ERROR] Your IP or domain XXX.XXX.XXX.XXX is blocklisted on Spamhaus ZEN
- It looks like the reason mentions 'open resolver'.This usually means your server is not using its local DNS, but a public, open, one. Check the contents of /etc/resolv.conf, it should contain nameserver 127.0.0.1.Since this file is usually automatically generated, do not edit it manually. Check your DHCP settings, or your VPN settings if you are using one, or if you used a Debian image made by, for example, a VPS provider, look for a cloudinit configuration. You are most welcome on the YunoHost support channels to get help on this issue. The verbatim blacklist reason is: "Error: open resolver; https://check.spamhaus.org/returnc/pub/2001:xxx:x:xxx::1/"
- After identifying why you are listed and fixing it, feel free to ask for your IP or domain to be removed on https://www.spamhaus.org/zen/
[ERROR] Your IP or domain 2001:xxx:x:xxx::1 is blocklisted on Spamhaus ZEN
- It looks like the reason mentions 'open resolver'.This usually means your server is not using its local DNS, but a public, open, one. Check the contents of /etc/resolv.conf, it should contain nameserver 127.0.0.1.Since this file is usually automatically generated, do not edit it manually. Check your DHCP settings, or your VPN settings if you are using one, or if you used a Debian image made by, for example, a VPS provider, look for a cloudinit configuration. You are most welcome on the YunoHost support channels to get help on this issue. The verbatim blacklist reason is: "Error: open resolver; https://check.spamhaus.org/returnc/pub/2001:xxx:x:xxx::1/"
- After identifying why you are listed and fixing it, feel free to ask for your IP or domain to be removed on https://www.spamhaus.org/zen/
and surprise !! this time the command dig return something different !!
dig +short 23.129.209.213.zen.spamhaus.org
127.255.255.254
I don’t really understand what’s happening !!
I found also as in another discussion I have something similar using cryptpad…
Perhaps stupid and nothing relevant, but the file needed for the sandbox in cryptpad use these lines (and also in domain cryptpad nginx), but pehaps nothing to do with this…
- # OCSP settings
- ssl_stapling on;
- ssl_stapling_verify on;
- ssl_trusted_certificate /etc/yunohost/certs/cryptpad.domaine.tld/crt.pem;
- resolver 1.1.1.1 9.9.9.9 valid=300s;
- resolver_timeout 5s;
Well why is so complicated !!