What type of hardware are you using: VPS bought online What YunoHost version are you running: 11.3.0.2 (stable) How are you able to access your server: The webadmin
SSH
Describe your issue
Hello, fellow yunohost users,
I got notified that my server started sending out non-valid packages to “bogons” adresses (private 192.0.2.* network), and I found that may be due to yunohost’s current default spam protection configuration and may likely affect you, too:
The logs showed DNS requests for a particular domain that return such private addresses, even if I try them locally:
$ host ix-dns04.dnsbl.manitu.net
ix-dns04.dnsbl.manitu.net has address 192.0.2.4
I’m not familiar with the spam configuration, but found that particular domain in the spam config, by executing:
$ grep 'dnsbl.manitu.net' -r /etc
/etc/rspamd/modules.d/rbl.conf: rbl = "ix.dnsbl.manitu.net";
/etc/rspamd/scores.d/rbl_group.conf: description = "From address is listed in NiX Spam (http://www.dnsbl.manitu.net/)"
If I interpret that correctly, it seems yunohosts still has that DNS-blocklist (dnsbl) provider configured, which has stopped services this year, and together with some external misconfiguration this is now causing yunohost to initiate “bogons” requests.
Would someone know a good way for us users to disable/replace that spam blocklist?
Ideally, without interfering with any forthcoming yunohost update to fix this (“locally changed files conflict”)?
Ok, I checked a yunohost 12 install with rspamd [edit: _ynh app] package installed, and it also still ships those lines (within the Debian .deb package).
The NixSpam info page makes some pretty hefty claims:
What you must do:
You MUST stop any queries to the dns zone ix.dnsbl.manitu.net IMMEDIATELY (not tomorrow, not within a few days - NOW).
Do NOT wait until the issuer of your software (e.g. anti spam solution) has removed it from its defaults.
Do NOT wait until your operation system issuer have removed the dnsbl from any configuration.
Do NOT expect a full RFC compliant behaviour.
Do STOP abuse our dns servers. We are not a free service for your outdated configuration.
Do NOT write to us (manitu). We will not answer.
Why this is important:
Despite an RFC-compliant shutdown, we still receive millions of queries to our DNS servers. Too many administrators wrongly assume that UDP network traffic is free. It is NOT.
Our carriers / anti dDoS solution providers are starting to classify the usage of the no longer existing dns zone ix.dnsbl.manitu.net as ABUSE.
If you continue to use the blacklist your ipaddress any maybe your network (/24 or even more) or even your whole AS will probably get blacklisted by the carriers / etc. we are using. This blacklisting may not only affect traffic to us (manitu, AS34240) but also to other targets (this decision is up to the carriers etc. themselves).
But well, especially the last point suggests that it might be good to have a way to disable that RBL blocklist, as it could end up affect the functioning of many yunohosts.