MAIL: false positives from spamhouse
-
Can you run
host 195.54.250.63.zen.spamhaus.org
on your server and check what it returns? Atleast here, it returns NXDOMAIN which means that the IP is not listed in SpamHaus. -
@chymian-0 OK, not sure why Cloudron thinks it's listed then since it is basically running the same command. So, it's always shown as blocked ? Even right now?
-
@girish
as I wrote,temporarily it shows false positives from spamhouse, and rejects mail.
the false positive toggles.ATM, its on green state.
I'm losing a lot of mails every day, b/c. of the broken mailsystem.
how to get that fixed asap?
this is ongoing for a while and after having asked here in the forum serveral times, does it help I finally open a bugreport? -
@chymian-0 You can just disable zen till the root cause is determined . https://docs.cloudron.io/email/#dnsbl
-
@girish
checking spamhause for 24h, there was no false-positive from the shell-script.
but during that time, cloudron reported many times, being blocked on spamhaus....today, since more and more of the apps where reported starting (never left that state), but responding - a behavior which I have been seen growing during the last weeks, I rebooted the server, with the result, that nginx stayed down.
fiddeling & troubleshouting brought it up again.
Q: is there a way to regenerate all configs in /etc/nginx/applications/*` at once - including Dashbord?
the PreProcess:
/usr/sbin/nginx -t -q -g 'daemon on; master_process on;'
was hanging, what led me to DNSand that might be the reason for the ongoing mail-problems:
False DNS-resolution from 127.0.0.1:nslookup heise.de Server: 127.0.0.1 Address: 127.0.0.1#53 Non-authoritative answer: Name: heise.de Address: 193.99.144.80 Name: heise.de Address: 2a02:2e0:3fe:1001:302:: $ nslookup 195.54.250.63.zen.spamhaus.org Server: 127.0.0.1 Address: 127.0.0.1#53 Non-authoritative answer: Name: 195.54.250.63.zen.spamhaus.org Address: 127.255.255.254 $ cat /etc/resolv.conf #nameserver 10.11.1.1 nameserver 127.0.0.1 nameserver 8.8.8.8 nameserver 1.1.1.1 nameserver 46.105.206.200
WORKAROUND:
- for the time being, I removed DNSBL.
- I removed 127.0.0.1 from
/etc/resolv.conf
and it's working.
@chymian-0 I am not sure how losing mails is related to the the rather informational report Cloudron gives on the spamhaus status.
but it was happenening a lot, as I showed in the example the initial post.
I also could not understand, but the DNS-pbl. could explain it? right?
and a little OT, but you migth be interessted in:
FYI: some process in cloudron was writing uncontrolled to the log dir:root@my //home/yellowtent/platformdata/logs $ l total 8.6M drwxr-xr-x 2 yellowtent yellowtent 4.0K May 20 03:54 - drwxr-xr-x 2 yellowtent yellowtent 4.0K Jun 12 02:04 ] drwxr-xr-x 2 yellowtent yellowtent 4.0K Jun 30 00:01 02a7c0bf-6ed1-4d8e-a982-e7fb4a856faf drwxr-xr-x 2 yellowtent yellowtent 4.0K Jun 30 00:01 03a27d2a-5afc-4bed-9913-2e7ad6fbd978 drwxr-xr-x 2 yellowtent yellowtent 4.0K Jun 30 00:01 043f7756-ebf1-42b6-a0c8-067b381f4e70 drwxr-xr-x 2 yellowtent yellowtent 4.0K Jun 30 00:01 14b68a30-a2cf-418f-a000-f290454ade2b drwxr-xr-x 2 yellowtent yellowtent 4.0K May 20 03:54 1500 drwxr-xr-x 2 yellowtent yellowtent 4.0K Jun 30 00:01 1b57863a-6bb8-43a4-ae4b-67c053a8bca9 drwxr-xr-x 2 yellowtent yellowtent 4.0K Jun 30 00:01 214b3494-371d-4518-9be3-af8707db4284 drwxr-xr-x 2 yellowtent yellowtent 4.0K Jun 30 00:01 2448078e-74a0-4365-8f19-8a74fe3ffe3e drwxr-xr-x 2 yellowtent yellowtent 4.0K Jun 30 00:01 2b183059-4830-45ba-9337-4a2d57cb92ec drwxr-xr-x 2 yellowtent yellowtent 4.0K Jun 30 00:01 2c0ba153-8fa7-4724-9d1f-e143d962e667 drwxr-xr-x 2 yellowtent yellowtent 4.0K Jun 30 00:01 32b0dfca-d9f9-4b16-8435-d60760934508 drwxr-xr-x 2 yellowtent yellowtent 4.0K Jun 30 00:01 4104600a-971f-4e3d-b88e-5b22ba439c1b drwxr-xr-x 2 yellowtent yellowtent 4.0K Jun 30 00:01 428417bb-34dd-4d29-808c-62676b7a0a5b drwxr-xr-x 2 yellowtent yellowtent 4.0K Jun 30 00:01 4771520c-f546-48ed-8cf9-86cca9a7f610 drwxr-xr-x 2 yellowtent yellowtent 4.0K Jun 30 00:01 53041f83-61d2-47d7-a089-49a67e4ca4c6 drwxr-xr-x 2 yellowtent yellowtent 4.0K Jun 30 00:01 595f0716-de2c-4148-bdaa-aa385d2886fa drwxr-xr-x 2 yellowtent yellowtent 4.0K Jun 30 00:01 5cc57177-9fd4-4053-bb54-55a4d836d874 drwxr-xr-x 2 yellowtent yellowtent 4.0K Jun 30 00:01 64b209b0-96f1-46bf-a47a-695d885bcb41 drwxr-xr-x 2 yellowtent yellowtent 4.0K Jun 30 00:01 68c74687-8b97-42d6-80c9-918d09faff0b drwxr-xr-x 2 yellowtent yellowtent 4.0K Jun 30 00:01 73c82de0-b730-42e3-a9fe-3d0aa4128a64 drwxr-xr-x 2 yellowtent yellowtent 4.0K Jun 30 00:01 80b2f436-0cba-4eff-8fdb-5492689f3129 drwxr-xr-x 2 yellowtent yellowtent 4.0K Jun 30 00:01 835e6318-0ba6-49ee-a697-849fa217e5cb drwxr-xr-x 2 yellowtent yellowtent 4.0K Jun 30 00:01 928bee35-fed7-4829-bece-ec663cab407a drwxr-xr-x 2 yellowtent yellowtent 4.0K Jun 30 00:01 978e2561-062c-4333-88d3-ec54c19bf5f7 drwxr-xr-x 2 yellowtent yellowtent 4.0K Jun 30 00:01 99ead4ac-d031-4a40-8058-5db0f5a03fbe drwxr-xr-x 2 yellowtent yellowtent 4.0K Jun 30 00:01 9b309fe6-a68b-47d5-86d7-2797aa67ccdd drwxr-xr-x 2 yellowtent yellowtent 4.0K Jun 30 00:01 a5630a10-82e7-4609-be14-6948816e0d52 drwxr-xr-x 2 yellowtent yellowtent 4.0K Jun 30 00:01 ad3f7e22-8408-443a-8193-f1e266760853 drwxr-xr-x 2 yellowtent yellowtent 4.0K Jun 30 00:01 ad6da5e4-d671-4811-9746-46d2dff659a9 drwxr-xr-x 2 yellowtent yellowtent 4.0K Jun 26 11:08 am drwxr-xr-x 2 yellowtent yellowtent 4.0K Jun 30 00:01 b3b0456d-d8bf-4716-b42c-12fa968b2dd9 drwxr-xr-x 2 yellowtent yellowtent 4.0K Jun 30 00:01 baa82cb1-8904-498d-aab1-24b0bb073f0f drwxr-xr-x 2 yellowtent yellowtent 4.0K Dec 21 2020 backup -rw-r--r-- 1 yellowtent yellowtent 611K Jul 1 11:07 box.log -rw-r--r-- 1 yellowtent yellowtent 1.8M Jun 30 00:01 box.log.1 -rw-r--r-- 1 yellowtent yellowtent 1.7M Jun 23 00:01 box.log.2 -rw-r--r-- 1 yellowtent yellowtent 4.2M Jun 16 00:01 box.log.3 drwxr-xr-x 2 yellowtent yellowtent 4.0K Jun 26 11:08 by drwxr-xr-x 2 yellowtent yellowtent 4.0K Jun 30 00:01 collectd drwxr-xr-x 2 yellowtent yellowtent 4.0K Dec 21 2020 crash drwxr-xr-x 2 yellowtent yellowtent 4.0K May 20 03:54 cross-device drwxr-xr-x 2 yellowtent yellowtent 4.0K Jun 30 00:01 d1e21cc0-e6f1-47a2-8c54-da4bd005c58b drwxr-xr-x 2 yellowtent yellowtent 4.0K Jun 30 00:01 e0a01f2c-6f6f-46d4-94dd-10f6dd0a7546 drwxr-xr-x 2 yellowtent yellowtent 4.0K Jun 30 00:01 e3a144e9-d0e1-4a10-b118-00083e670e4b drwxr-xr-x 2 yellowtent yellowtent 4.0K Jun 30 00:01 e845adb7-f322-41be-a387-7cae44a67795 drwxr-xr-x 2 yellowtent yellowtent 4.0K Jun 30 00:01 eb95f052-5e60-4153-83d5-3edd2bf4d589 drwxr-xr-x 2 yellowtent yellowtent 4.0K Jul 1 00:01 f7227508-ea11-453f-be1b-447858f40e02 drwxr-xr-x 2 yellowtent yellowtent 4.0K Jun 30 00:01 f756b221-1b93-4e5c-be4c-e68b35116d0a drwxr-xr-x 2 yellowtent yellowtent 4.0K Jun 30 00:01 ffa512b8-2af3-4737-9d3f-c36f7c50c7e2 drwxr-xr-x 2 yellowtent yellowtent 4.0K May 25 03:57 file drwxr-xr-x 2 yellowtent yellowtent 4.0K Jun 30 00:01 graphite drwxr-xr-x 2 yellowtent yellowtent 4.0K Jun 26 11:08 happy drwxr-xr-x 2 yellowtent yellowtent 4.0K Jun 26 11:08 IP drwxr-xr-x 2 yellowtent yellowtent 4.0K Jun 12 02:04 kit-00068-00068 drwxr-xr-x 2 yellowtent yellowtent 4.0K Jun 26 09:31 kit-00069-00069 drwxr-xr-x 2 yellowtent yellowtent 4.0K May 25 03:57 kit-00073-00073 drwxr-xr-x 2 yellowtent yellowtent 4.0K May 20 03:54 kit_spare_001 drwxr-xr-x 2 yellowtent yellowtent 4.0K May 25 03:57 link. drwxr-xr-x 2 yellowtent yellowtent 4.0K Jun 26 11:08 little drwxr-xr-x 2 yellowtent yellowtent 4.0K Jul 1 00:01 mail drwxr-xr-x 2 yellowtent yellowtent 4.0K Jun 25 17:31 melchizedek drwxr-xr-x 2 yellowtent yellowtent 4.0K Jun 30 00:01 mongodb drwxr-xr-x 2 yellowtent yellowtent 4.0K Jun 12 02:04 my.eb8.org drwxr-xr-x 2 yellowtent yellowtent 4.0K Jun 30 00:01 mysql drwxr-xr-x 2 yellowtent yellowtent 4.0K Jun 26 11:08 or drwxr-xr-x 2 yellowtent yellowtent 4.0K Jun 30 00:01 postgresql drwxr-xr-x 2 yellowtent yellowtent 4.0K Jun 30 00:01 redis-03a27d2a-5afc-4bed-9913-2e7ad6fbd978 drwxr-xr-x 2 yellowtent yellowtent 4.0K Jun 30 00:01 redis-14b68a30-a2cf-418f-a000-f290454ade2b drwxr-xr-x 2 yellowtent yellowtent 4.0K Jun 30 00:01 redis-32b0dfca-d9f9-4b16-8435-d60760934508 drwxr-xr-x 2 yellowtent yellowtent 4.0K Jun 30 00:01 redis-4104600a-971f-4e3d-b88e-5b22ba439c1b drwxr-xr-x 2 yellowtent yellowtent 4.0K Jun 30 00:01 redis-428417bb-34dd-4d29-808c-62676b7a0a5b drwxr-xr-x 2 yellowtent yellowtent 4.0K Jun 30 00:01 redis-53041f83-61d2-47d7-a089-49a67e4ca4c6 drwxr-xr-x 2 yellowtent yellowtent 4.0K Jun 30 00:01 redis-64b209b0-96f1-46bf-a47a-695d885bcb41 drwxr-xr-x 2 yellowtent yellowtent 4.0K Jun 30 00:01 redis-73c82de0-b730-42e3-a9fe-3d0aa4128a64 drwxr-xr-x 2 yellowtent yellowtent 4.0K Jun 30 00:01 redis-80b2f436-0cba-4eff-8fdb-5492689f3129 drwxr-xr-x 2 yellowtent yellowtent 4.0K Jun 30 00:01 redis-ad3f7e22-8408-443a-8193-f1e266760853 drwxr-xr-x 2 yellowtent yellowtent 4.0K Jun 30 00:01 redis-f7227508-ea11-453f-be1b-447858f40e02 drwxr-xr-x 2 yellowtent yellowtent 4.0K May 11 02:19 r--p drwxr-xr-x 2 yellowtent yellowtent 4.0K Jun 30 00:01 sftp srwxr-xr-x 1 yellowtent yellowtent 0 Jul 1 09:45 syslog.sock drwxr-xr-x 2 yellowtent yellowtent 4.0K Jul 1 08:10 tasks drwxr-xr-x 2 yellowtent yellowtent 4.0K Jun 25 17:31 the drwxr-xr-x 2 yellowtent yellowtent 4.0K Jun 12 02:04 to drwxr-xr-x 2 yellowtent yellowtent 4.0K May 20 03:54 try drwxr-xr-x 2 yellowtent yellowtent 4.0K Jun 30 00:01 turn drwxr-xr-x 2 yellowtent yellowtent 4.0K Jun 30 00:01 updater drwxr-xr-x 2 yellowtent yellowtent 4.0K May 25 03:57 Will
HINT: some unambiguous words (melchizedek) I used recently in a
Open WebUI
chat… -
So what you see here is the result of the rbl check at https://git.cloudron.io/cloudron/box/-/blob/master/src/mail.js?ref_type=heads#L492
This is only for information here and even if that reports wrongly, it is not related to the actual mail server itself. So it is unclear why you would lose emails if indeed your server is not on a blocklist. Can you double check that this is really the case and then we have to see if we have a bug in the display of the status.
-
@chymian said in MAIL: false positives from spamhouse:
cloudron server is malfunctioning and loosing data every day. pls help to find the issue!
Please be more precise, because this is a rather serious allegation.
-
@nebulon , thanks for reply.
in the first post, I copied a undeliverable testmail from spamhoaus to cloudron, b/c it was denieing the reception.here a little oversight:
and they all look similar…
all these hosts are N.O.T. blacklisted. I checked.
also, false positives…