Hi
I’ve recently noticed that I wasn’t receiving some emails from well known organizations, namely github and enedis, that I can’t suspect of being considered spam senders.
Looking to my mail log I’ve noticed that indeed the email was sent, but block by spamhaus.
Feb 25 12:11:46 postfix/smtpd[799447]: NOQUEUE: reject: RCPT from out-17.smtp.github.com[192.30.252.200]: 554 5.7.1 Service unavailable; Client host [192.30.252.200] blocked using cbl.abuseat.org; Error: open resolver; https://www.spamhaus.org/returnc/pub/66.185.123.232; from=<noreply@github.com> to=<mail@domain.tld> proto=ESMTP helo=<out-17.smtp.github.com>
Looking at it, I’ve discovered that github wasn’t the only service to be blocked, and I actually missed a lot of mails over time that never reached my mail box because of that.
But hard to notice unless you’re actually waiting for a specific email that doesn’t come…
Investigating that, it appears that spamhaus changed its policy over its free service and doesn’t allow to use open dns services.
I’m not sure our usage of open dns resolver in dnsmasq is actually link to that issue.
But I guess if the server is contacting spamhaus, it should do it using dnsmasq, and thus using an open resolver in the process.
I can’t figure out though, why and how it would be an issue. This would be a server’s matter only.
Spamhaus talk about reverse dns set up correctly, which doesn’t seem to be an issue in my config, while other are just saying that spamhaus is getting rid of its free service.
I’d like to know if some of you have experienced any issue of that kind.
A sudo cat /var/log/mail.info | grep reject
would gives you a list of recently rejected mails. As far as I can see, that’s mostly legit mails in my case…
The question being, is it just an error on my side or would it be something we should really investigate and maybe consider removing spamhaus from postfix configuration.