most emails being blocked by spamhaus

[hydazz]

Subject

Mail being rejected by spamhaus

Description

Hi, I have quite a serious problem when receiving mail from clients, most mails are being rejected by the DNSBL, however I searched the spamhaus database with the IPs and none of them are listed. multiple clients from multiple other hosting provides are all having the mails being sent back. I really need to address this issue immediately as we can't have mails being bounced back changing ENABLE_DNSBL to 0 has no affect (everything used to work but something changed, when? I don't know)

if anyone could point me in the right direction to getting this fixed I would be eternally grateful!

When people try to send me mail they get this bounceback from their host:

Diagnostic information for administrators:

Generating server: SYBP282MB2962.AUSP282.PROD.OUTLOOK.COM

signs@<redacted>.com.au
Remote Server returned '550 5.7.514 Decision Engine classified the mail item was rejected because of IP Block (from outbound normal IP pools) -> 554 5.7.1 Service unavailable; Client host [40.107.107.102] blocked using zen.spamhaus.org'

Original message headers:

ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
 b=CA/jf3WwzLDRaq8tsAyy8YYXPJV/eS/8buavLtbomIcHeqFPJ03KSirKxFp2xv5Fco3ndW9C3iVmPTqR7zDRSfecE7W1RZ1uC0z4uRLPESlFUnTeINqNuUn8CpMWkORm4ecgwG0zXUl8hu1mcqsyO5+WBc1p2Lpi1A/xK8CowXbbdnzi7Fexev9YXxKU/QUxCPfD5HfBiVGDkj1aXRNVDChtdvvwksoRhuhn2jFo1CfPdGI2Cn2tmLW4OEidlVEeAdtWnupuuOV9ou+AfyDz0NUWEh1Z3cCRKmNgQXlXrX1qzKTl5Y5n6xnfWH2rwT1nrQKdsj4TX5ENVhuIMC0etQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
 s=arcselector9901;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
 bh=B+WWHAXQxS7szXhftmK+0WQn9f+oWrCeeQVug0I6s2E=;
 b=fL2bq2fKo31XS7NdOWPmIapz79KvJDzeAPFnQevtCcepgIx2q4w6yUieORv16+5CBwVth1gCODA5ZaQL+pTDE477j6noBAW4BzP4pYXptviBhGurJiMNOHQNk9x+ZmU6oSXy4YXeqXVJuwbrGFzibkk7vbD0zzdF6AEbE9mHa5UEGdWgFOn7rVXlIBFr3tfnMq8acXN1AJFtUvpGusllMWNkNdf5Ep7wd+9H6YCYwn35Sg1ybbr70FUk62YFkYR+iqTOa56nfzeH78sZP/ig+eblT1BGM0PgAmO4fwWqPA81wHVreLllFcnrwuDVatWf5CMYUvFGciKoxIWLLY6CDQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass
 smtp.mailfrom=constructhomes.com.au; dmarc=pass action=none
 header.from=constructhomes.com.au; dkim=pass header.d=constructhomes.com.au;
 arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=ConstructHomes.onmicrosoft.com; s=selector2-ConstructHomes-onmicrosoft-com;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=B+WWHAXQxS7szXhftmK+0WQn9f+oWrCeeQVug0I6s2E=;
 b=I99hRgQ5RWO0CfXgjWaCnPENV3XCZIRunhGmjFEbiaPZLdEMwPR3/pHtYYdS6lZqHXsrhM3yFrvvE5exfV1RChAb763BlMER+fuJj9k8dbF7zAWVzpuqv5S7PMvFfdIHoND/LB73Ytpd3mRIVoYXlef9TXWXH00BJwgEamvoFhQ=
Received: from ME3P282MB1395.AUSP282.PROD.OUTLOOK.COM (2603:10c6:220:8a::16)
 by SYBP282MB2962.AUSP282.PROD.OUTLOOK.COM (2603:10c6:10:155::8) with
 Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5482.11; Fri, 29 Jul
 2022 02:50:26 +0000
Received: from ME3P282MB1395.AUSP282.PROD.OUTLOOK.COM
 ([fe80::20ff:5db4:11:fad2]) by ME3P282MB1395.AUSP282.PROD.OUTLOOK.COM
 ([fe80::20ff:5db4:11:fad2%6]) with mapi id 15.20.5482.011; Fri, 29 Jul 2022
 02:50:26 +0000
From: Info <Info@constructhomes.com.au>
To: <redacted> <signs@<redacted>.com.au>
Subject: Construct Homes Pty Ltd - Hino Truck and Banner signage
Thread-Topic: Construct Homes Pty Ltd - Hino Truck and Banner signage
Thread-Index: Adii9QT1a0GqCVd5SzKio6oOejp9pw==
Date: Fri, 29 Jul 2022 02:50:26 +0000
Message-ID: <ME3P282MB13955D4E11E49F1C9D4C0CC988999@ME3P282MB1395.AUSP282.PROD.OUTLOOK.COM>
Accept-Language: en-AU, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: dkim=none (message not signed)
 header.d=none;dmarc=none action=none header.from=constructhomes.com.au;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 2d07c5ed-fef3-424b-29cd-08da710d171f
x-ms-traffictypediagnostic: SYBP282MB2962:EE_
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: YEiqRAoOSInTPbA+j8qSXB7YPpAAiilFFUtcfHUWB4Itvk1c/93V1RBF5Jg6NHJkmvwzS9zj2wTtX7pun3wpeZ7FtZ0MP7Ni+nrk+urX2YBCUnJjzovxlVnF62Uw97n15gHMQb0zgENg1CNbZQ4+U7OlqwoKkrNskcf88J8xCfDDC2ceIipDA4sdQSf2t3FidP0yeCKxNCeyqOIvLpbb2HTuhDRMeyHan3KXh8ckOXOSZmd1KetHrSxcGA6t/64xB88BFvunuVYd5a32+HZAIJdNK8u6rFIFCTbENAhwBqafPjnlXdsmT6pvV/QCrECG95GDZoVThHTh3QtLbZs5AjtTYTS/1lup8LRlPteXLV401r2VdQ7kX5MwoYLufYiOpukV4jb6tRTn5kaIlwl7KCIO0BUB9tzv7V/pkZZWnwqdmiWloRWTSSjoRPRilo9WAk16nqSWhXc0YtnhT1xwPGL6MSopl8KG2of1EEk4Akuue3BaizM9OdXsoa73XLA8MPXnvjMQ5a/MYho4Cy5y9yLqQ7LOEeyzqLeR9BzTjYVeFdNRA6lw8Bs4jroDNt0QHu6CP+V5Ou5gJwXQnjrqomlUufYwDRTdUEGGNde1U0JVlJDfEv+SiLYFC1uJ0NhM3c8mJPu25ioxp+QAcTXNGC8Gbiz7DZj1fblnhl0IAFuomLeOP3tpBJjuL0J6OD0NmrT1GJhs1l5479SJ8XHDEfDA2RRQwB2/OC96ifXNCtDbsNSZGxjt7uv9ch/F5gPhs3sEP8LbbYVUCzDI25orBtAs+4E6tAuEP+tUGi6sL0cy/Lt3RlzZc1Ow/RQ3pg3b
x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:ME3P282MB1395.AUSP282.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230016)(4636009)(39830400003)(366004)(376002)(396003)(346002)(136003)(52536014)(41300700001)(9686003)(478600001)(2906002)(4744005)(7696005)(8936002)(5660300002)(86362001)(33656002)(55016003)(26005)(71200400001)(6916009)(6506007)(38070700005)(38100700002)(186003)(83380400001)(8676002)(64756008)(66476007)(66446008)(316002)(66556008)(66946007)(76116006)(122000001);DIR:OUT;SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?RymHOExhFxdTda8AU3DpvuGIeEHVu0rhDyU4Iiwtv7/p+f4oVnyqG/2pc/ev?=
 =?us-ascii?Q?e1wE1H1t8i7S3M/Il1EIjY7fY/LajuwtecegPCJMH0fT8ZLubzheIHp1YTox?=
 =?us-ascii?Q?AhssxNCecSKqxIvGlMFY6MqGhWJlumzO7v8rRAxHNofpNqZOJZ/HmoVFGjKK?=
 =?us-ascii?Q?8Jro6BUkqrtnBXgcrC5fCDpTevJwlaxueiFXmEzO/orsdmsrmVYmgzak7SYB?=
 =?us-ascii?Q?Kof+1/QhJmE7D2QVTAACvg83umFMp0kIyhv5k5ODqmAcOyuj76jNOwW8ddY+?=
 =?us-ascii?Q?87ugsPNs+im8MueA1CI3kSACN2YUbw3YVFQsGkxb3N2uGXmP/2qd3EeK/i8P?=
 =?us-ascii?Q?1Or0NIE7YhKTTgNiTBcveET+3nRHuNuS/OdYSmemKWtjTH3w7JkhktfdEzjf?=
 =?us-ascii?Q?YBHsCNlAHPRQLtVPluv+acUIg+VPXRobUM5N/iZenLwYbZG5GqFHGxL7H4Az?=
 =?us-ascii?Q?5y7PaBQq3vTLo6lyvu+CLk1tx0UvQvied4+ZeG9d4CgwCaRyudPlGtX2Slcu?=
 =?us-ascii?Q?8Q3uhsbPuw+sYS38dfyYmq8yscTqZA8/UmSOS4r3fmlJEJE1h2k9h2PWruYe?=
 =?us-ascii?Q?5BPJEZBJddLmHPLd/ulmJTp7GxkoO2kqNvOjnuitarft5u18KcHyCxyhPrjA?=
 =?us-ascii?Q?OQ/CTLIOOqROKxWbTecsgMRUVc8tOn4mGTy2ibFmGBhLIlUySiCqEI2dz9ap?=
 =?us-ascii?Q?4AeXgAWho/zQOhuzyjvxBBwwmqyXY5onNwA64bgLMNwcFc32DjBaWv2jG5eM?=
 =?us-ascii?Q?JXOe4bhF0hcP8U3jmzEYmXG+NLJ1qREL9/RTblgIkRqKZtQeXSlJyIE7Jl48?=
 =?us-ascii?Q?+m3fRStsqKLau4yc2+5GEf6cB7V3ZQ1JxpFW5lsdeN9EEVrP56UjEY/nrWfe?=
 =?us-ascii?Q?5XagmUplUEK+WSKn9nqjX774RqPA7wa5QQsN9m28jtLAJD9mejWo4LT8yagL?=
 =?us-ascii?Q?hPhuBuiOcyYRpGk7+Hut1c+uED2m8ZnyylO+Hi+sMzQCs96iIeGGsCIAVGyu?=
 =?us-ascii?Q?nGO5qCcKjbkiStlbp+TnB3AeMCLkhvYQQ5aSMEEWNeYswzZb/PwJSII5i9yB?=
 =?us-ascii?Q?/wgmmjMX9bVrgeL6hBEFHTxrJFg9HbTTJQncrxdPnjSmXtyvs0+9VyqJY7Gt?=
 =?us-ascii?Q?M9BlFCZuR4Q7U9zvTHcnmw2wkOzA2HN4tqeGYvsuSvSszrlw5mzSpnantg2c?=
 =?us-ascii?Q?cioVR6zb9BWNLoAZleQXVxQe8LcROBEbXnHVqJCF1+jwPaLc44+NhCneN97X?=
 =?us-ascii?Q?gaE0d3PxmSCtU6QtqE/1jW6pQ7klLseKWwZskGEQCDLwl8QSRP0vobg5YfRj?=
 =?us-ascii?Q?/sFHmdIHSq/tMbaaJj0MnopYDmKoG2Qn6lDThWZyvcI9nd3vs8R5xqIkm6Zo?=
 =?us-ascii?Q?bwS+4Ne5ker67hHHbAig+0CYRklgS886/TG9N7vmAH0cs+p+H+ChG4+CNoCI?=
 =?us-ascii?Q?O8Tb90LPSKj+R+6wQcx6NdseQH5fngOnrRryAPsswV39nN6syaHSy02ZFUhV?=
 =?us-ascii?Q?jYbUM7Slr2GsTZRgUAs2tzFIahEPVHUari4lS1ns9bo914UkOyJ57vGylzDF?=
 =?us-ascii?Q?XLweD0HqfYCbPrtIjHx0HGoa20LExdGeg3p7FeUC3zzA0z5R5ef8j1qkiw//?=
 =?us-ascii?Q?uQ=3D=3D?=
Content-Type: multipart/alternative;
        boundary="_000_ME3P282MB13955D4E11E49F1C9D4C0CC988999ME3P282MB1395AUSP_"
MIME-Version: 1.0
X-OriginatorOrg: constructhomes.com.au
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: ME3P282MB1395.AUSP282.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-Network-Message-Id: 2d07c5ed-fef3-424b-29cd-08da710d171f
X-MS-Exchange-CrossTenant-originalarrivaltime: 29 Jul 2022 02:50:26.2465
 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72b0d967-66f1-4d7b-84ca-c057c5c89b90
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: ZrKue4Wx0hFH3+YAv9vrI4gcZlITC8gMOMBDnRQp4tCl2Fwz9XzDoWaoB03aYHUneswWJzjDKf3FSDNScZVaVEUicT8Si9WLvd9P1DOVjVg=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SYBP282MB2962

and here are the corresponding logs to go along with the email they tried to send:

Jul 29 12:50:28 mail postfix/smtpd[21942]: connect from mail-sy4aus01on2102.outbound.protection.outlook.com[40.107.107.102]
Jul 29 12:50:28 mail postfix/smtpd[21942]: Anonymous TLS connection established from mail-sy4aus01on2102.outbound.protection.outlook.com[40.107.107.102]: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
Jul 29 12:50:28 mail policyd-spf[21950]: prepend Received-SPF: Pass (mailfrom) identity=mailfrom; client-ip=40.107.107.102; helo=aus01-sy4-obe.outbound.protection.outlook.com; envelope-from=info@constructhomes.com.au; receiver=<UNKNOWN> 
Jul 29 12:50:28 mail postfix/smtpd[21942]: NOQUEUE: reject: RCPT from mail-sy4aus01on2102.outbound.protection.outlook.com[40.107.107.102]: 554 5.7.1 Service unavailable; Client host [40.107.107.102] blocked using zen.spamhaus.org; from=<Info@constructhomes.com.au> to=<signs@<redacted>.com.au> proto=ESMTP helo=<AUS01-SY4-obe.outbound.protection.outlook.com>
Jul 29 12:50:28 mail postfix/smtpd[21942]: disconnect from mail-sy4aus01on2102.outbound.protection.outlook.com[40.107.107.102] ehlo=2 starttls=1 mail=1 rcpt=0/1 quit=1 commands=5/6

[casperklein]

however I searched the spamhaus database with the IPs and none of them are listed.

I noticed in the past, that some IP addresses are only listed for a very short time.

changing ENABLE_DNSBL to 0 has no affect

That's the way to go. Did you restart the container afterwards (docker-compose down/up)?

You can also set LOG_LEVEL=debug to get more output on start and verify, if ENABLE_DNSBL is enabled or not.

[hydazz]

I noticed in the past, that some IP addresses are only listed for a very short time.

i thought that this was the case, however I checked the blacklist right after the email was rejected, and it said there were no issues

Did you restart the container afterwards (docker-compose down/up)?

I use unraid, which recreates the container when you update the template, note that the logs above were generated with 'ENABLE_DNSBL=0' - and the container had definitely been recreated.

I have deleted the mail-state folder and disabled it to see if it fixes the issue. I will have to monitor the logs to see if emails are still being rejected. i don't see any reason that changing the value of ENABLE_DNSBL requires recreating the mail-state folder

I also sorta want to use DNSBL...

[casperklein]

i don't see any reason that changing the value of ENABLE_DNSBL requires recreating the mail-state folder

Why do you think, that deleting the mail-state folder is required?

What does grep DNS /etc/dms-settings return inside the container?

[polarathene]

changing ENABLE_DNSBL to 0 has no affect

According to tests, that should prevent such a block from zen.spamhaus.org as it would no longer be included in Postfix main.cf settings smtpd_recipient_restrictions, postscreen_dnsbl_action, postscreen_dnsbl_sites:

https://github.com/docker-mailserver/docker-mailserver/blob/11f8cc7ee90d7bb0365cc69966a39b6cd0bf94bd/test/mail_dnsbl.bats#L42-L56

And you can see that the ENV is configured to apply those changes (and is disabled by default):

https://github.com/docker-mailserver/docker-mailserver/blob/11f8cc7ee90d7bb0365cc69966a39b6cd0bf94bd/target/scripts/start-mailserver.sh#L205

https://github.com/docker-mailserver/docker-mailserver/blob/9d5a9a16a0956c650d524207a89872a38d0f7191/target/scripts/startup/setup-stack.sh#L1516-L1524

note that the logs above were generated with 'ENABLE_DNSBL=0' - and the container had definitely been recreated.

That seems unlikely given the above?

Next time you encounter this issue, docker exec -it <dms container name> <command> (or whatever unraid supports to access a shell in the container). Where <command> is the grep suggestion from @casperklein and other commands check the mentioned Postfix settings postconf <setting>.

---

For reference feature was originally added via this PR (Dec 2021, Released in v10.5.0 March 2022).

(everything used to work but something changed, when? I don't know)

What version are you running? Did you update roughly around when the issue started happening?

[hydazz]

thanks for the suggestions, @polarathene

changing ENABLE_DNSBL to 0 has no affect

after investigating with grep DNS /etc/dms-settings changes only apply when the container is recreated, not restarted. when I opened mailserver.env ENABLE_DNSBL was set to 0 and as the last time I modified the file was a while ago, I assumed that the container would have been recreated by then (I tinker with docker a lot).

For reference feature was originally added via https://github.com/docker-mailserver/docker-mailserver/pull/2342 (Dec 2021, Released in v10.5.0 March 2022).

When this feature was introduced I enabled it and had no delivery problems (that were bought to my attention by clients trying to email me). I've been running v11.1.0 since it was released and don't believe its causing this issue. (this container has no control over spamhaus, which is the culprit here).

One of our clients have said that when they try send attachments they receive the following:

The following message to <signs@domain.com.au> was undeliverable.
The reason for the problem:
5.1.0 - Unknown address error 554-'5.7.1 Service unavailable: Client host [139.138.45.76] blocked using zen.spamhaus.org'

Sending attachments is definitely unrelated to the spamhaus IP blocklist, however they have stated that this has been the case for a week or so. we receive some emails, and some get blocked by spamhaus.

Just now, as I was writing this, I had been monitoring the logs and another email had been rejected by spamhaus (I had re-enabled it)

Jul 30 12:24:46 mail postfix/postscreen[5042]: CONNECT from [104.223.127.45]:45844 to [192.168.1.2]:25
Jul 30 12:24:46 mail postfix/dnsblog[5046]: addr 104.223.127.45 listed by domain zen.spamhaus.org as 127.255.255.254
Jul 30 12:24:46 mail postfix/dnsblog[5045]: addr 104.223.127.45 listed by domain list.dnswl.org as 127.0.0.255
... (imap client logs in)
Jul 30 12:24:52 mail postfix/postscreen[5042]: DNSBL rank 3 for [104.223.127.45]:45844
Jul 30 12:24:52 mail postfix/tlsproxy[5069]: CONNECT from [104.223.127.45]:45844
Jul 30 12:24:53 mail postfix/tlsproxy[5069]: Anonymous TLS connection established from [104.223.127.45]:45844: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
Jul 30 12:24:53 mail postfix/postscreen[5042]: NOQUEUE: reject: RCPT from [104.223.127.45]:45844: 550 5.7.1 Service unavailable; client [104.223.127.45] blocked using zen.spamhaus.org; from=<karlie@seowebmasternet.co>, to=<info@domain.com.au>, proto=ESMTP, helo=<reptile.seowebmasternet.co>
Jul 30 12:24:54 mail postfix/postscreen[5042]: DISCONNECT [104.223.127.45]:45844

and literally, the second the email was rejected I checked the IP here and it said 104.223.127.45 has no issues. Now this is a spam email, and info@domain.com.au is not an actual user that exists. but that is not the reason it was rejected.

so I'm lost... I receive 50+ spam emails per day and the easy way, of just disabling it is not optimal for me. i also want to track down the issue present

[polarathene]

Just now, as I was writing this, I had been monitoring the logs and another email had been rejected by spamhaus (I had re-enabled it)

Perhaps you should focus on what few emails are not being blocked? Do those which are not blocked qualify for being checked against the DNSBL? Otherwise it sounds like anything that is checked is being blocked. Perhaps the request is failing somewhere along the way and to be safe choosing to reject?

I receive 50+ spam emails per day and the easy way, of just disabling it is not optimal for me.

There's an active PR wanting to add a new restriction, the author stated it was helpful for reducing spam. Might be worth seeing how well that works for you?

In the PR comment that I linked, I reference the check_client_access restriction which is an allowlist that could be used to bypass the DNSBL if you have certain client details where that's acceptable? (example shown here)

check_client_access could likewise be used with ENABLE_DNSBL=1 if the majority of spam received would not match your any of the allowed clients.

[theoneandonly-vector]

I have the latest docker-container and I use "ENABLE_DNSBL=0" but it just keepa running after recreating the docker

[theoneandonly-vector]

I dsiabled the service manually temporary using the config inside the container..

[casperklein]

I have the latest docker-container and I use "ENABLE_DNSBL=0" but it just keepa running after recreating the docker

How did you ensure, the container was really recreated? I bet it was not.

Instead of "recreating" it, you might try to completely destroy and create the container.

[theoneandonly-vector]

yes, I am sure:

docker-compose up -d --force-recreate

[casperklein]

And grep DNS /etc/dms-settings confirms, ENABLE_DNSBL is 0 + Mails are still rejected due DNS BL entrys?

[polarathene]

You could also confirm that inside the container echo $ENABLE_DNSBL is reporting 0 (the /etc/dms-settings line should confirm the same, but just in-case :sweat_smile: ).

We're not able to assist if your container is not correctly detecting the ENV change set to 0 from these two checks, that would mean something is wrong on your end. Your best bet would then be to follow my earlier advice as an alternative.

[chascode]

I have the same problem and ENABLE_DNSBL is set to 0.

# echo $ENABLE_DNSBL
0

When I send mail to my server from both Hotmail and Yahoo accounts they always bounce with a message similar to, "Remote server returned message detected as spam - blocked using zen.spamhaus.org"

[polarathene]

I have the same problem and ENABLE_DNSBL is set to 0.

You need to confirm storage too:

Related logic in scripts

https://github.com/docker-mailserver/docker-mailserver/blob/0b8b77ad886903824a84e161463c4ee27220e139/target/scripts/startup/setup-stack.sh#L44-L60 https://github.com/docker-mailserver/docker-mailserver/blob/0b8b77ad886903824a84e161463c4ee27220e139/target/scripts/start-mailserver.sh#L205 https://github.com/docker-mailserver/docker-mailserver/blob/0b8b77ad886903824a84e161463c4ee27220e139/target/scripts/startup/setup-stack.sh#L1076-L1087 https://github.com/docker-mailserver/docker-mailserver/blob/0b8b77ad886903824a84e161463c4ee27220e139/target/scripts/startup/setup-stack.sh#L268-L271 https://github.com/docker-mailserver/docker-mailserver/blob/0b8b77ad886903824a84e161463c4ee27220e139/target/scripts/startup/setup-stack.sh#L401-L403

Run these commands in the container:

• postconf smtpd_recipient_restrictions
• postconf postscreen_dnsbl_sites
• grep ENABLE_DNSBL /etc/dms-settings
• grep ENABLE_DNSBL /root/.bashrc

The first two should not have any mention of zen.spamhaus.org, and the last two confirm that ENABLE_DNSBL as 0 is processed correctly during startup scripts.

[chascode]

Output of postconf smtpd_recipient_restrictions:

smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination, check_policy_service unix:private/policyd-spf, reject_unauth_pipelining, reject_invalid_helo_hostname, reject_non_fqdn_helo_hostname, reject_unknown_recipient_domain, check_policy_service inet:localhost:65265, reject_rbl_client zen.spamhaus.org

Output of postconf postscreen_dnsbl_sites:

postscreen_dnsbl_sites = zen.spamhaus.org*3 bl.mailspike.net b.barracudacentral.org*2 bl.spameatingmonkey.net dnsbl.sorbs.net psbl.surriel.com list.dnswl.org=127.0.[0..255].0*-2 list.dnswl.org=127.0.[0..255].1*-3 list.dnswl.org=127.0.[0..255].[2..3]*-4

Output of grep ENABLE_DNSBL /etc/dms-settings:

grep: /etc/dms-settings: No such file or directory

No output of command grep ENABLE_DNSBL /root/.bashrc.

The first two both mention zen.spamhaus.org and I think the last two are confirming that ENABLE_DNSBL as 0 is not being processed correctly during startup scripts.

[chascode]

Sorry to have wasted your time as I wasn't using the latest version.

I pulled the latest image, recreated the container and can confirm that ENABLE_DNSBL is working as expected.

Thanks.

[hydazz]

Should be noted that with DNSBL enabled these emails should not be being blocked, they are not listed in the DNSBL

[github-actions[bot]]

This issue has become stale because it has been open for 20 days without activity. This issue will be closed in 10 days automatically unless:

• a maintainer removes the meta/stale label or adds the stale-bot/ignore label
• new activity occurs, such as a new comment

[github-actions[bot]]

This issue was closed due to inactivity.