Cloudron reports blacklisting (by mistake?)
-
@girish said in Cloudron reports blacklisting (by mistake?):
I have remove the CBL check in 7.4.
Today it says I'm blocked by SpamHaus Zen.
Went to https://check.spamhaus.org/ again... "not listed". -
@girish said in Cloudron reports blacklisting (by mistake?):
@nichu42 is there anything in the logs?
tail -f /home/yellowtent/platformdata/logs/box.log
and refresh the email status page. It should have some log lines likecheckRblStatus:
.Thank you for your swift response.
I found the following:2023-03-27T02:55:00.012Z box:cloudron runSystemChecks: checking status 2023-03-27T02:55:00.038Z box:sysinfo/generic getServerIPv4: getting server IP 2023-03-27T02:55:00.043Z box:sysinfo/generic getServerIPv4: getting server IP 2023-03-27T02:55:00.239Z box:apphealthmonitor app health: 14 running / 2 stopped / 0 unresponsive 2023-03-27T02:55:01.815Z box:mail checkRblStatus: 42bit.io (ip: 88.64.0.128) is in the blacklist of {"name":"SpamHaus Zen","dns":"zen.spamhaus.org","site":"http://spamhaus.org"} 2023-03-27T02:55:01.857Z box:mail checkRblStatus: 42bit.io (error: null) (txtRecords: [["Error: open resolver; https://www.spamhaus.org/returnc/pub/162.158.133.7"]]) 2023-03-27T02:55:01.925Z box:mail checkRblStatus: 42bit.io (ip: 128.0.64.88) blacklistedServers: [{"name":"SpamHaus Zen","dns":"zen.spamhaus.org","site":"http://spamhaus.org","txtRecords":["Error: open resolver; https://www.spamhaus.org/returnc/pub/162.158.133.7"]}]) 2023-03-27T02:55:01.933Z box:sysinfo/generic getServerIPv4: getting server IP 2023-03-27T02:55:01.935Z box:sysinfo/generic getServerIPv4: getting server IP 2023-03-27T02:55:02.408Z box:mail checkRblStatus: blueplanet.social (ip: 88.64.0.128) is in the blacklist of {"name":"SpamHaus Zen","dns":"zen.spamhaus.org","site":"http://spamhaus.org"} 2023-03-27T02:55:02.408Z box:mail checkRblStatus: blueplanet.social (error: null) (txtRecords: [["Error: open resolver; https://www.spamhaus.org/returnc/pub/162.158.133.7"]]) 2023-03-27T02:55:02.409Z box:mail checkRblStatus: blueplanet.social (ip: 128.0.64.88) blacklistedServers: [{"name":"SpamHaus Zen","dns":"zen.spamhaus.org","site":"http://spamhaus.org","txtRecords":["Error: open resolver; https://www.spamhaus.org/returnc/pub/162.158.133.7"]}])
I checked the IP 162.158.133.7 mentioned there, and it belongs to Cloudflare. That is my DNS provider. I am not using any other of their services.
-
@nichu42 Quite strange, I can see here that it's not blacklisted.
$ host 88.64.0.128.zen.spamhaus.org Host 88.64.0.128.zen.spamhaus.org not found: 3(NXDOMAIN)
But clearly on your server, it's getting some response. Can you try the above command on your server? Can you also try
host 88.64.0.128.zen.spamhaus.org 127.0.0.1
? -
@girish said in Cloudron reports blacklisting (by mistake?):
Can you try the above command on your server? Can you also try
host 88.64.0.128.zen.spamhaus.org 127.0.0.1
?Here are the results:
2023-03-27T10:16:06.927Z box:mail checkRblStatus: blueplanet.social (ip: 88.64.0.128) is in the blacklist of {"name":"Composite Blocking List","dns":"cbl.abuseat.org","site":"http://www.abuseat.org"} 2023-03-27T10:16:06.958Z box:mail checkRblStatus: blueplanet.social (error: null) (txtRecords: [["Error: open resolver; https://www.spamhaus.org/returnc/pub/162.158.133.32"]]) 2023-03-27T10:16:07.234Z box:mail checkRblStatus: 42bit.io (ip: 88.64.0.128) is in the blacklist of {"name":"SpamHaus Zen","dns":"zen.spamhaus.org","site":"http://spamhaus.org"} 2023-03-27T10:16:07.235Z box:mail checkRblStatus: blueplanet.social (ip: 88.64.0.128) is in the blacklist of {"name":"SpamHaus Zen","dns":"zen.spamhaus.org","site":"http://spamhaus.org"} 2023-03-27T10:16:07.256Z box:mail checkRblStatus: 42bit.io (error: queryTxt ENOTFOUND 88.64.0.128.zen.spamhaus.org) (txtRecords: undefined) 2023-03-27T10:16:07.270Z box:mail checkRblStatus: blueplanet.social (error: null) (txtRecords: [["Error: open resolver; https://www.spamhaus.org/returnc/pub/162.158.133.7"]]) 2023-03-27T10:16:07.306Z box:mail checkRblStatus: 42bit.io (ip: 128.0.64.88) blacklistedServers: [{"name":"SpamHaus Zen","dns":"zen.spamhaus.org","site":"http://spamhaus.org","txtRecords":"No txt record"}]) 2023-03-27T10:16:07.548Z box:mail checkRblStatus: blueplanet.social (ip: 128.0.64.88) blacklistedServers: [{"name":"Composite Blocking List","dns":"cbl.abuseat.org","site":"http://www.abuseat.org","txtRecords":["Error: open resolver; https://www.spamhaus.org/returnc/pub/162.158.133.32"]},{"name":"SpamHaus Zen","dns":"zen.spamhaus.org","site":"http://spamhaus.org","txtRecords":["Error: open resolver; https://www.spamhaus.org/returnc/pub/162.158.133.7"]}])
Using domain server: Name: 127.0.0.1 Address: 127.0.0.1#53 Aliases: 88.64.0.128.zen.spamhaus.org has address 127.255.255.254
-
I've no idea if this is the case here, but just in case it helps: in the past I've been on blacklists, not because my actual IP is blacklisted, but because the range it is within is blacklisted.
Microsoft in particular seem to be annoying in this regard (in my experience to date).
-
@nichu42 Strange, I have tried this on multiple servers now and the same spamhaus servers says it's not listed. But on your server, it says it is listed. Crazy. Just to rule out some obvious caching issues, can you please run those
host
commands again aftersystemctl restart unbound
? -
-
@girish said in Cloudron reports blacklisting (by mistake?):
@nichu42 Strange, I have tried this on multiple servers now and the same spamhaus servers says it's not listed. But on your server, it says it is listed. Crazy. Just to rule out some obvious caching issues, can you please run those
host
commands again aftersystemctl restart unbound
?Done.
Before the restart:2023-03-28T07:23:37.382Z box:mail checkRblStatus: blueplanet.social (ip: 88.64.0.128) is in the blacklist of {"name":"Composite Blocking List","dns":"cbl.abuseat.org","site":"http://www.abuseat.org"} 2023-03-28T07:23:37.405Z box:mail checkRblStatus: blueplanet.social (error: queryTxt ENOTFOUND 88.64.0.128.cbl.abuseat.org) (txtRecords: undefined) 2023-03-28T07:23:37.429Z box:mail checkRblStatus: 42bit.io (ip: 88.64.0.128) is in the blacklist of {"name":"Composite Blocking List","dns":"cbl.abuseat.org","site":"http://www.abuseat.org"} 2023-03-28T07:23:37.430Z box:mail checkRblStatus: 42bit.io (error: queryTxt ENOTFOUND 88.64.0.128.cbl.abuseat.org) (txtRecords: undefined) 2023-03-28T07:23:38.235Z box:mail checkRblStatus: blueplanet.social (ip: 128.0.64.88) blacklistedServers: [{"name":"Composite Blocking List","dns":"cbl.abuseat.org","site":"http://www.abuseat.org","txtRecords":"No txt record"}]) 2023-03-28T07:23:38.241Z box:mail checkRblStatus: 42bit.io (ip: 128.0.64.88) blacklistedServers: [{"name":"Composite Blocking List","dns":"cbl.abuseat.org","site":"http://www.abuseat.org","txtRecords":"No txt record"}]) Using domain server: Name: 127.0.0.1 Address: 127.0.0.1#53 Aliases: 88.64.0.128.zen.spamhaus.org has address 127.255.255.254 Host 88.64.0.128.zen.spamhaus.org not found: 3(NXDOMAIN)
After the unbound restart (ALMOST identical):
2023-03-28T07:25:51.522Z box:mail checkRblStatus: blueplanet.social (ip: 88.64.0.128) is in the blacklist of {"name":"SpamHaus Zen","dns":"zen.spamhaus.org","site":"http://spamhaus.org"} 2023-03-28T07:25:51.543Z box:mail checkRblStatus: blueplanet.social (error: null) (txtRecords: [["Error: open resolver; https://www.spamhaus.org/returnc/pub/2400:cb00:65:1024::a29e:8507"]]) 2023-03-28T07:25:51.584Z box:mail checkRblStatus: blueplanet.social (ip: 128.0.64.88) blacklistedServers: [{"name":"SpamHaus Zen","dns":"zen.spamhaus.org","site":"http://spamhaus.org","txtRecords":["Error: open resolver; https://www.spamhaus.org/returnc/pub/2400:cb00:65:1024::a29e:8507"]}]) 2023-03-28T07:25:51.586Z box:mail checkRblStatus: 42bit.io (ip: 88.64.0.128) is in the blacklist of {"name":"SpamHaus Zen","dns":"zen.spamhaus.org","site":"http://spamhaus.org"} 2023-03-28T07:25:51.587Z box:mail checkRblStatus: 42bit.io (error: null) (txtRecords: [["Error: open resolver; https://www.spamhaus.org/returnc/pub/2400:cb00:65:1024::a29e:8507"]]) 2023-03-28T07:25:51.588Z box:mail checkRblStatus: 42bit.io (ip: 128.0.64.88) blacklistedServers: [{"name":"SpamHaus Zen","dns":"zen.spamhaus.org","site":"http://spamhaus.org","txtRecords":["Error: open resolver; https://www.spamhaus.org/returnc/pub/2400:cb00:65:1024::a29e:8507"]}]) Using domain server: Name: 127.0.0.1 Address: 127.0.0.1#53 Aliases: 88.64.0.128.zen.spamhaus.org has address 127.255.255.254 Host 88.64.0.128.zen.spamhaus.org not found: 3(NXDOMAIN)
The refreshed Cloudron e-mail setup page shows the following after unbound restart:
This server's IP 128.0.64.88 is blacklisted in the following servers - Composite Blocking List, SpamHaus Zen
BTW: I was the one with the unbound issue (https://forum.cloudron.io/topic/8864/dns-resolving-problem) - could this be connected?
-
@girish said in Cloudron reports blacklisting (by mistake?):
@nichu42 just following up on this, did this get sorted out? If not, can you send us a mail to support@cloudron.io ?
Thanks for following up. It's still happening with 7.4.0.
I will open a support ticket once I'm back from vacation. -
The situation here is that unbound is configured to forward things to Google DNS. But this makes RBL fails. This is because some RBL servers block queries from public DNS servers.
The thread at https://www.mail-archive.com/unbound-users@lists.nlnetlabs.nl/msg01112.html is an interesting read, which addresses exactly this problem.
-
@girish
Thanks for the clarification. I guess we can close this thread, since the solution will be troubleshooting the original unbound / DNS issue on my server (https://forum.cloudron.io/topic/8864/dns-resolving-problem). I have just replied to your e-mail.Right now, numerous DNS queries are failing again, which leads to many missing posts or media on my public Mastodon instance.
-
-