docker-mailserver: most emails being blocked by spamhaus

Subject

Mail being rejected by spamhaus

Description

Hi, I have quite a serious problem when receiving mail from clients, most mails are being rejected by the DNSBL, however I searched the spamhaus database with the IPs and none of them are listed. multiple clients from multiple other hosting provides are all having the mails being sent back. I really need to address this issue immediately as we can’t have mails being bounced back changing ENABLE_DNSBL to 0 has no affect (everything used to work but something changed, when? I don’t know)

if anyone could point me in the right direction to getting this fixed I would be eternally grateful!

When people try to send me mail they get this bounceback from their host:

Diagnostic information for administrators:

Generating server: SYBP282MB2962.AUSP282.PROD.OUTLOOK.COM

signs@<redacted>.com.au
Remote Server returned '550 5.7.514 Decision Engine classified the mail item was rejected because of IP Block (from outbound normal IP pools) -> 554 5.7.1 Service unavailable; Client host [40.107.107.102] blocked using zen.spamhaus.org'

Original message headers:

ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
 b=CA/jf3WwzLDRaq8tsAyy8YYXPJV/eS/8buavLtbomIcHeqFPJ03KSirKxFp2xv5Fco3ndW9C3iVmPTqR7zDRSfecE7W1RZ1uC0z4uRLPESlFUnTeINqNuUn8CpMWkORm4ecgwG0zXUl8hu1mcqsyO5+WBc1p2Lpi1A/xK8CowXbbdnzi7Fexev9YXxKU/QUxCPfD5HfBiVGDkj1aXRNVDChtdvvwksoRhuhn2jFo1CfPdGI2Cn2tmLW4OEidlVEeAdtWnupuuOV9ou+AfyDz0NUWEh1Z3cCRKmNgQXlXrX1qzKTl5Y5n6xnfWH2rwT1nrQKdsj4TX5ENVhuIMC0etQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
 s=arcselector9901;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
 bh=B+WWHAXQxS7szXhftmK+0WQn9f+oWrCeeQVug0I6s2E=;
 b=fL2bq2fKo31XS7NdOWPmIapz79KvJDzeAPFnQevtCcepgIx2q4w6yUieORv16+5CBwVth1gCODA5ZaQL+pTDE477j6noBAW4BzP4pYXptviBhGurJiMNOHQNk9x+ZmU6oSXy4YXeqXVJuwbrGFzibkk7vbD0zzdF6AEbE9mHa5UEGdWgFOn7rVXlIBFr3tfnMq8acXN1AJFtUvpGusllMWNkNdf5Ep7wd+9H6YCYwn35Sg1ybbr70FUk62YFkYR+iqTOa56nfzeH78sZP/ig+eblT1BGM0PgAmO4fwWqPA81wHVreLllFcnrwuDVatWf5CMYUvFGciKoxIWLLY6CDQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass
 smtp.mailfrom=constructhomes.com.au; dmarc=pass action=none
 header.from=constructhomes.com.au; dkim=pass header.d=constructhomes.com.au;
 arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=ConstructHomes.onmicrosoft.com; s=selector2-ConstructHomes-onmicrosoft-com;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=B+WWHAXQxS7szXhftmK+0WQn9f+oWrCeeQVug0I6s2E=;
 b=I99hRgQ5RWO0CfXgjWaCnPENV3XCZIRunhGmjFEbiaPZLdEMwPR3/pHtYYdS6lZqHXsrhM3yFrvvE5exfV1RChAb763BlMER+fuJj9k8dbF7zAWVzpuqv5S7PMvFfdIHoND/LB73Ytpd3mRIVoYXlef9TXWXH00BJwgEamvoFhQ=
Received: from ME3P282MB1395.AUSP282.PROD.OUTLOOK.COM (2603:10c6:220:8a::16)
 by SYBP282MB2962.AUSP282.PROD.OUTLOOK.COM (2603:10c6:10:155::8) with
 Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5482.11; Fri, 29 Jul
 2022 02:50:26 +0000
Received: from ME3P282MB1395.AUSP282.PROD.OUTLOOK.COM
 ([fe80::20ff:5db4:11:fad2]) by ME3P282MB1395.AUSP282.PROD.OUTLOOK.COM
 ([fe80::20ff:5db4:11:fad2%6]) with mapi id 15.20.5482.011; Fri, 29 Jul 2022
 02:50:26 +0000
From: Info <Info@constructhomes.com.au>
To: <redacted> <signs@<redacted>.com.au>
Subject: Construct Homes Pty Ltd - Hino Truck and Banner signage
Thread-Topic: Construct Homes Pty Ltd - Hino Truck and Banner signage
Thread-Index: Adii9QT1a0GqCVd5SzKio6oOejp9pw==
Date: Fri, 29 Jul 2022 02:50:26 +0000
Message-ID: <ME3P282MB13955D4E11E49F1C9D4C0CC988999@ME3P282MB1395.AUSP282.PROD.OUTLOOK.COM>
Accept-Language: en-AU, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: dkim=none (message not signed)
 header.d=none;dmarc=none action=none header.from=constructhomes.com.au;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 2d07c5ed-fef3-424b-29cd-08da710d171f
x-ms-traffictypediagnostic: SYBP282MB2962:EE_
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: YEiqRAoOSInTPbA+j8qSXB7YPpAAiilFFUtcfHUWB4Itvk1c/93V1RBF5Jg6NHJkmvwzS9zj2wTtX7pun3wpeZ7FtZ0MP7Ni+nrk+urX2YBCUnJjzovxlVnF62Uw97n15gHMQb0zgENg1CNbZQ4+U7OlqwoKkrNskcf88J8xCfDDC2ceIipDA4sdQSf2t3FidP0yeCKxNCeyqOIvLpbb2HTuhDRMeyHan3KXh8ckOXOSZmd1KetHrSxcGA6t/64xB88BFvunuVYd5a32+HZAIJdNK8u6rFIFCTbENAhwBqafPjnlXdsmT6pvV/QCrECG95GDZoVThHTh3QtLbZs5AjtTYTS/1lup8LRlPteXLV401r2VdQ7kX5MwoYLufYiOpukV4jb6tRTn5kaIlwl7KCIO0BUB9tzv7V/pkZZWnwqdmiWloRWTSSjoRPRilo9WAk16nqSWhXc0YtnhT1xwPGL6MSopl8KG2of1EEk4Akuue3BaizM9OdXsoa73XLA8MPXnvjMQ5a/MYho4Cy5y9yLqQ7LOEeyzqLeR9BzTjYVeFdNRA6lw8Bs4jroDNt0QHu6CP+V5Ou5gJwXQnjrqomlUufYwDRTdUEGGNde1U0JVlJDfEv+SiLYFC1uJ0NhM3c8mJPu25ioxp+QAcTXNGC8Gbiz7DZj1fblnhl0IAFuomLeOP3tpBJjuL0J6OD0NmrT1GJhs1l5479SJ8XHDEfDA2RRQwB2/OC96ifXNCtDbsNSZGxjt7uv9ch/F5gPhs3sEP8LbbYVUCzDI25orBtAs+4E6tAuEP+tUGi6sL0cy/Lt3RlzZc1Ow/RQ3pg3b
x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:ME3P282MB1395.AUSP282.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230016)(4636009)(39830400003)(366004)(376002)(396003)(346002)(136003)(52536014)(41300700001)(9686003)(478600001)(2906002)(4744005)(7696005)(8936002)(5660300002)(86362001)(33656002)(55016003)(26005)(71200400001)(6916009)(6506007)(38070700005)(38100700002)(186003)(83380400001)(8676002)(64756008)(66476007)(66446008)(316002)(66556008)(66946007)(76116006)(122000001);DIR:OUT;SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?RymHOExhFxdTda8AU3DpvuGIeEHVu0rhDyU4Iiwtv7/p+f4oVnyqG/2pc/ev?=
 =?us-ascii?Q?e1wE1H1t8i7S3M/Il1EIjY7fY/LajuwtecegPCJMH0fT8ZLubzheIHp1YTox?=
 =?us-ascii?Q?AhssxNCecSKqxIvGlMFY6MqGhWJlumzO7v8rRAxHNofpNqZOJZ/HmoVFGjKK?=
 =?us-ascii?Q?8Jro6BUkqrtnBXgcrC5fCDpTevJwlaxueiFXmEzO/orsdmsrmVYmgzak7SYB?=
 =?us-ascii?Q?Kof+1/QhJmE7D2QVTAACvg83umFMp0kIyhv5k5ODqmAcOyuj76jNOwW8ddY+?=
 =?us-ascii?Q?87ugsPNs+im8MueA1CI3kSACN2YUbw3YVFQsGkxb3N2uGXmP/2qd3EeK/i8P?=
 =?us-ascii?Q?1Or0NIE7YhKTTgNiTBcveET+3nRHuNuS/OdYSmemKWtjTH3w7JkhktfdEzjf?=
 =?us-ascii?Q?YBHsCNlAHPRQLtVPluv+acUIg+VPXRobUM5N/iZenLwYbZG5GqFHGxL7H4Az?=
 =?us-ascii?Q?5y7PaBQq3vTLo6lyvu+CLk1tx0UvQvied4+ZeG9d4CgwCaRyudPlGtX2Slcu?=
 =?us-ascii?Q?8Q3uhsbPuw+sYS38dfyYmq8yscTqZA8/UmSOS4r3fmlJEJE1h2k9h2PWruYe?=
 =?us-ascii?Q?5BPJEZBJddLmHPLd/ulmJTp7GxkoO2kqNvOjnuitarft5u18KcHyCxyhPrjA?=
 =?us-ascii?Q?OQ/CTLIOOqROKxWbTecsgMRUVc8tOn4mGTy2ibFmGBhLIlUySiCqEI2dz9ap?=
 =?us-ascii?Q?4AeXgAWho/zQOhuzyjvxBBwwmqyXY5onNwA64bgLMNwcFc32DjBaWv2jG5eM?=
 =?us-ascii?Q?JXOe4bhF0hcP8U3jmzEYmXG+NLJ1qREL9/RTblgIkRqKZtQeXSlJyIE7Jl48?=
 =?us-ascii?Q?+m3fRStsqKLau4yc2+5GEf6cB7V3ZQ1JxpFW5lsdeN9EEVrP56UjEY/nrWfe?=
 =?us-ascii?Q?5XagmUplUEK+WSKn9nqjX774RqPA7wa5QQsN9m28jtLAJD9mejWo4LT8yagL?=
 =?us-ascii?Q?hPhuBuiOcyYRpGk7+Hut1c+uED2m8ZnyylO+Hi+sMzQCs96iIeGGsCIAVGyu?=
 =?us-ascii?Q?nGO5qCcKjbkiStlbp+TnB3AeMCLkhvYQQ5aSMEEWNeYswzZb/PwJSII5i9yB?=
 =?us-ascii?Q?/wgmmjMX9bVrgeL6hBEFHTxrJFg9HbTTJQncrxdPnjSmXtyvs0+9VyqJY7Gt?=
 =?us-ascii?Q?M9BlFCZuR4Q7U9zvTHcnmw2wkOzA2HN4tqeGYvsuSvSszrlw5mzSpnantg2c?=
 =?us-ascii?Q?cioVR6zb9BWNLoAZleQXVxQe8LcROBEbXnHVqJCF1+jwPaLc44+NhCneN97X?=
 =?us-ascii?Q?gaE0d3PxmSCtU6QtqE/1jW6pQ7klLseKWwZskGEQCDLwl8QSRP0vobg5YfRj?=
 =?us-ascii?Q?/sFHmdIHSq/tMbaaJj0MnopYDmKoG2Qn6lDThWZyvcI9nd3vs8R5xqIkm6Zo?=
 =?us-ascii?Q?bwS+4Ne5ker67hHHbAig+0CYRklgS886/TG9N7vmAH0cs+p+H+ChG4+CNoCI?=
 =?us-ascii?Q?O8Tb90LPSKj+R+6wQcx6NdseQH5fngOnrRryAPsswV39nN6syaHSy02ZFUhV?=
 =?us-ascii?Q?jYbUM7Slr2GsTZRgUAs2tzFIahEPVHUari4lS1ns9bo914UkOyJ57vGylzDF?=
 =?us-ascii?Q?XLweD0HqfYCbPrtIjHx0HGoa20LExdGeg3p7FeUC3zzA0z5R5ef8j1qkiw//?=
 =?us-ascii?Q?uQ=3D=3D?=
Content-Type: multipart/alternative;
        boundary="_000_ME3P282MB13955D4E11E49F1C9D4C0CC988999ME3P282MB1395AUSP_"
MIME-Version: 1.0
X-OriginatorOrg: constructhomes.com.au
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: ME3P282MB1395.AUSP282.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-Network-Message-Id: 2d07c5ed-fef3-424b-29cd-08da710d171f
X-MS-Exchange-CrossTenant-originalarrivaltime: 29 Jul 2022 02:50:26.2465
 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72b0d967-66f1-4d7b-84ca-c057c5c89b90
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: ZrKue4Wx0hFH3+YAv9vrI4gcZlITC8gMOMBDnRQp4tCl2Fwz9XzDoWaoB03aYHUneswWJzjDKf3FSDNScZVaVEUicT8Si9WLvd9P1DOVjVg=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SYBP282MB2962

and here are the corresponding logs to go along with the email they tried to send:

Jul 29 12:50:28 mail postfix/smtpd[21942]: connect from mail-sy4aus01on2102.outbound.protection.outlook.com[40.107.107.102]
Jul 29 12:50:28 mail postfix/smtpd[21942]: Anonymous TLS connection established from mail-sy4aus01on2102.outbound.protection.outlook.com[40.107.107.102]: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
Jul 29 12:50:28 mail policyd-spf[21950]: prepend Received-SPF: Pass (mailfrom) identity=mailfrom; client-ip=40.107.107.102; helo=aus01-sy4-obe.outbound.protection.outlook.com; envelope-from=info@constructhomes.com.au; receiver=<UNKNOWN> 
Jul 29 12:50:28 mail postfix/smtpd[21942]: NOQUEUE: reject: RCPT from mail-sy4aus01on2102.outbound.protection.outlook.com[40.107.107.102]: 554 5.7.1 Service unavailable; Client host [40.107.107.102] blocked using zen.spamhaus.org; from=<Info@constructhomes.com.au> to=<signs@<redacted>.com.au> proto=ESMTP helo=<AUS01-SY4-obe.outbound.protection.outlook.com>
Jul 29 12:50:28 mail postfix/smtpd[21942]: disconnect from mail-sy4aus01on2102.outbound.protection.outlook.com[40.107.107.102] ehlo=2 starttls=1 mail=1 rcpt=0/1 quit=1 commands=5/6

About this issue

  • Original URL
  • State: closed
  • Created 2 years ago
  • Comments: 19 (10 by maintainers)

Most upvoted comments

Sorry to have wasted your time as I wasn’t using the latest version.

I pulled the latest image, recreated the container and can confirm that ENABLE_DNSBL is working as expected.

Thanks.

+4
chascode on Aug 21, 2022

thanks for the suggestions, @polarathene

changing ENABLE_DNSBL to 0 has no affect

after investigating with grep DNS /etc/dms-settings changes only apply when the container is recreated, not restarted. when I opened mailserver.env ENABLE_DNSBL was set to 0 and as the last time I modified the file was a while ago, I assumed that the container would have been recreated by then (I tinker with docker a lot).

For reference feature was originally added via https://github.com/docker-mailserver/docker-mailserver/pull/2342 (Dec 2021, Released in v10.5.0 March 2022).

When this feature was introduced I enabled it and had no delivery problems (that were bought to my attention by clients trying to email me). I’ve been running v11.1.0 since it was released and don’t believe its causing this issue. (this container has no control over spamhaus, which is the culprit here).

One of our clients have said that when they try send attachments they receive the following:

The following message to <signs@domain.com.au> was undeliverable.
The reason for the problem:
5.1.0 - Unknown address error 554-'5.7.1 Service unavailable: Client host [139.138.45.76] blocked using zen.spamhaus.org'

Sending attachments is definitely unrelated to the spamhaus IP blocklist, however they have stated that this has been the case for a week or so. we receive some emails, and some get blocked by spamhaus.

Just now, as I was writing this, I had been monitoring the logs and another email had been rejected by spamhaus (I had re-enabled it)

Jul 30 12:24:46 mail postfix/postscreen[5042]: CONNECT from [104.223.127.45]:45844 to [192.168.1.2]:25
Jul 30 12:24:46 mail postfix/dnsblog[5046]: addr 104.223.127.45 listed by domain zen.spamhaus.org as 127.255.255.254
Jul 30 12:24:46 mail postfix/dnsblog[5045]: addr 104.223.127.45 listed by domain list.dnswl.org as 127.0.0.255
... (imap client logs in)
Jul 30 12:24:52 mail postfix/postscreen[5042]: DNSBL rank 3 for [104.223.127.45]:45844
Jul 30 12:24:52 mail postfix/tlsproxy[5069]: CONNECT from [104.223.127.45]:45844
Jul 30 12:24:53 mail postfix/tlsproxy[5069]: Anonymous TLS connection established from [104.223.127.45]:45844: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
Jul 30 12:24:53 mail postfix/postscreen[5042]: NOQUEUE: reject: RCPT from [104.223.127.45]:45844: 550 5.7.1 Service unavailable; client [104.223.127.45] blocked using zen.spamhaus.org; from=<karlie@seowebmasternet.co>, to=<info@domain.com.au>, proto=ESMTP, helo=<reptile.seowebmasternet.co>
Jul 30 12:24:54 mail postfix/postscreen[5042]: DISCONNECT [104.223.127.45]:45844

and literally, the second the email was rejected I checked the IP here and it said 104.223.127.45 has no issues. Now this is a spam email, and info@domain.com.au is not an actual user that exists. but that is not the reason it was rejected.

so I’m lost… I receive 50+ spam emails per day and the easy way, of just disabling it is not optimal for me. i also want to track down the issue present

+1
hydazz on Jul 30, 2022
Read more comments on GitHub
← docker-mailserver: latest build breaks ssl connections with Mac OS clients
docker-mailserver: [NOT A BUG] Fresh 10.2.0 container crashes while booting: Failed to remove ClamAV configuration →