MAIL: false positives from spamhouse

girish

Can you run host 195.54.250.63.zen.spamhaus.org on your server and check what it returns? Atleast here, it returns NXDOMAIN which means that the IP is not listed in SpamHaus.

chymian 0

hey @girish ,
thanks for looking into this.

host 195.54.250.63.zen.spamhaus.org 
Host 195.54.250.63.zen.spamhaus.org not found: 3(NXDOMAIN)

whenever I checked on spamhause, it was never officially listed.

girish

@chymian-0 OK, not sure why Cloudron thinks it's listed then since it is basically running the same command. So, it's always shown as blocked ? Even right now?

chymian 0

@girish
as I wrote,

temporarily it shows false positives from spamhouse, and rejects mail.
the false positive toggles.

ATM, its on green state.

I'm losing a lot of mails every day, b/c. of the broken mailsystem.
how to get that fixed asap?
this is ongoing for a while and after having asked here in the forum serveral times, does it help I finally open a bugreport?

chymian 0

ATM, I'm running a 24h script, quering spamhaus every 15 sec.
and will come back with results tomorrow

nebulon

@chymian-0 I am not sure how losing mails is related to the the rather informational report Cloudron gives on the spamhaus status.

girish

@chymian-0 You can just disable zen till the root cause is determined . https://docs.cloudron.io/email/#dnsbl

chymian

@girish
checking spamhause for 24h, there was no false-positive from the shell-script.
but during that time, cloudron reported many times, being blocked on spamhaus....

today, since more and more of the apps where reported starting (never left that state), but responding - a behavior which I have been seen growing during the last weeks, I rebooted the server, with the result, that nginx stayed down.

fiddeling & troubleshouting brought it up again.

Q: is there a way to regenerate all configs in /etc/nginx/applications/*` at once - including Dashbord?

the PreProcess: /usr/sbin/nginx -t -q -g 'daemon on; master_process on;'
was hanging, what led me to DNS

and that might be the reason for the ongoing mail-problems:
False DNS-resolution from 127.0.0.1:

nslookup heise.de
Server:         127.0.0.1
Address:        127.0.0.1#53

Non-authoritative answer:
Name:   heise.de
Address: 193.99.144.80
Name:   heise.de
Address: 2a02:2e0:3fe:1001:302::

$ nslookup 195.54.250.63.zen.spamhaus.org
Server:         127.0.0.1
Address:        127.0.0.1#53

Non-authoritative answer:
Name:   195.54.250.63.zen.spamhaus.org
Address: 127.255.255.254

$ cat /etc/resolv.conf 
#nameserver 10.11.1.1
nameserver 127.0.0.1
nameserver 8.8.8.8
nameserver 1.1.1.1
nameserver 46.105.206.200

WORKAROUND:

• for the time being, I removed DNSBL.
• I removed 127.0.0.1 from /etc/resolv.conf and it's working.

@nebulon

@chymian-0 I am not sure how losing mails is related to the the rather informational report Cloudron gives on the spamhaus status.

but it was happenening a lot, as I showed in the example the initial post.
I also could not understand, but the DNS-pbl. could explain it? right?

---

and a little OT, but you migth be interessted in:
FYI: some process in cloudron was writing uncontrolled to the log dir:

root@my //home/yellowtent/platformdata/logs
$ l
total 8.6M
drwxr-xr-x 2 yellowtent yellowtent 4.0K May 20 03:54 -
drwxr-xr-x 2 yellowtent yellowtent 4.0K Jun 12 02:04 ]
drwxr-xr-x 2 yellowtent yellowtent 4.0K Jun 30 00:01 02a7c0bf-6ed1-4d8e-a982-e7fb4a856faf
drwxr-xr-x 2 yellowtent yellowtent 4.0K Jun 30 00:01 03a27d2a-5afc-4bed-9913-2e7ad6fbd978
drwxr-xr-x 2 yellowtent yellowtent 4.0K Jun 30 00:01 043f7756-ebf1-42b6-a0c8-067b381f4e70
drwxr-xr-x 2 yellowtent yellowtent 4.0K Jun 30 00:01 14b68a30-a2cf-418f-a000-f290454ade2b
drwxr-xr-x 2 yellowtent yellowtent 4.0K May 20 03:54 1500
drwxr-xr-x 2 yellowtent yellowtent 4.0K Jun 30 00:01 1b57863a-6bb8-43a4-ae4b-67c053a8bca9
drwxr-xr-x 2 yellowtent yellowtent 4.0K Jun 30 00:01 214b3494-371d-4518-9be3-af8707db4284
drwxr-xr-x 2 yellowtent yellowtent 4.0K Jun 30 00:01 2448078e-74a0-4365-8f19-8a74fe3ffe3e
drwxr-xr-x 2 yellowtent yellowtent 4.0K Jun 30 00:01 2b183059-4830-45ba-9337-4a2d57cb92ec
drwxr-xr-x 2 yellowtent yellowtent 4.0K Jun 30 00:01 2c0ba153-8fa7-4724-9d1f-e143d962e667
drwxr-xr-x 2 yellowtent yellowtent 4.0K Jun 30 00:01 32b0dfca-d9f9-4b16-8435-d60760934508
drwxr-xr-x 2 yellowtent yellowtent 4.0K Jun 30 00:01 4104600a-971f-4e3d-b88e-5b22ba439c1b
drwxr-xr-x 2 yellowtent yellowtent 4.0K Jun 30 00:01 428417bb-34dd-4d29-808c-62676b7a0a5b
drwxr-xr-x 2 yellowtent yellowtent 4.0K Jun 30 00:01 4771520c-f546-48ed-8cf9-86cca9a7f610
drwxr-xr-x 2 yellowtent yellowtent 4.0K Jun 30 00:01 53041f83-61d2-47d7-a089-49a67e4ca4c6
drwxr-xr-x 2 yellowtent yellowtent 4.0K Jun 30 00:01 595f0716-de2c-4148-bdaa-aa385d2886fa
drwxr-xr-x 2 yellowtent yellowtent 4.0K Jun 30 00:01 5cc57177-9fd4-4053-bb54-55a4d836d874
drwxr-xr-x 2 yellowtent yellowtent 4.0K Jun 30 00:01 64b209b0-96f1-46bf-a47a-695d885bcb41
drwxr-xr-x 2 yellowtent yellowtent 4.0K Jun 30 00:01 68c74687-8b97-42d6-80c9-918d09faff0b
drwxr-xr-x 2 yellowtent yellowtent 4.0K Jun 30 00:01 73c82de0-b730-42e3-a9fe-3d0aa4128a64
drwxr-xr-x 2 yellowtent yellowtent 4.0K Jun 30 00:01 80b2f436-0cba-4eff-8fdb-5492689f3129
drwxr-xr-x 2 yellowtent yellowtent 4.0K Jun 30 00:01 835e6318-0ba6-49ee-a697-849fa217e5cb
drwxr-xr-x 2 yellowtent yellowtent 4.0K Jun 30 00:01 928bee35-fed7-4829-bece-ec663cab407a
drwxr-xr-x 2 yellowtent yellowtent 4.0K Jun 30 00:01 978e2561-062c-4333-88d3-ec54c19bf5f7
drwxr-xr-x 2 yellowtent yellowtent 4.0K Jun 30 00:01 99ead4ac-d031-4a40-8058-5db0f5a03fbe
drwxr-xr-x 2 yellowtent yellowtent 4.0K Jun 30 00:01 9b309fe6-a68b-47d5-86d7-2797aa67ccdd
drwxr-xr-x 2 yellowtent yellowtent 4.0K Jun 30 00:01 a5630a10-82e7-4609-be14-6948816e0d52
drwxr-xr-x 2 yellowtent yellowtent 4.0K Jun 30 00:01 ad3f7e22-8408-443a-8193-f1e266760853
drwxr-xr-x 2 yellowtent yellowtent 4.0K Jun 30 00:01 ad6da5e4-d671-4811-9746-46d2dff659a9
drwxr-xr-x 2 yellowtent yellowtent 4.0K Jun 26 11:08 am
drwxr-xr-x 2 yellowtent yellowtent 4.0K Jun 30 00:01 b3b0456d-d8bf-4716-b42c-12fa968b2dd9
drwxr-xr-x 2 yellowtent yellowtent 4.0K Jun 30 00:01 baa82cb1-8904-498d-aab1-24b0bb073f0f
drwxr-xr-x 2 yellowtent yellowtent 4.0K Dec 21  2020 backup
-rw-r--r-- 1 yellowtent yellowtent 611K Jul  1 11:07 box.log
-rw-r--r-- 1 yellowtent yellowtent 1.8M Jun 30 00:01 box.log.1
-rw-r--r-- 1 yellowtent yellowtent 1.7M Jun 23 00:01 box.log.2
-rw-r--r-- 1 yellowtent yellowtent 4.2M Jun 16 00:01 box.log.3
drwxr-xr-x 2 yellowtent yellowtent 4.0K Jun 26 11:08 by
drwxr-xr-x 2 yellowtent yellowtent 4.0K Jun 30 00:01 collectd
drwxr-xr-x 2 yellowtent yellowtent 4.0K Dec 21  2020 crash
drwxr-xr-x 2 yellowtent yellowtent 4.0K May 20 03:54 cross-device
drwxr-xr-x 2 yellowtent yellowtent 4.0K Jun 30 00:01 d1e21cc0-e6f1-47a2-8c54-da4bd005c58b
drwxr-xr-x 2 yellowtent yellowtent 4.0K Jun 30 00:01 e0a01f2c-6f6f-46d4-94dd-10f6dd0a7546
drwxr-xr-x 2 yellowtent yellowtent 4.0K Jun 30 00:01 e3a144e9-d0e1-4a10-b118-00083e670e4b
drwxr-xr-x 2 yellowtent yellowtent 4.0K Jun 30 00:01 e845adb7-f322-41be-a387-7cae44a67795
drwxr-xr-x 2 yellowtent yellowtent 4.0K Jun 30 00:01 eb95f052-5e60-4153-83d5-3edd2bf4d589
drwxr-xr-x 2 yellowtent yellowtent 4.0K Jul  1 00:01 f7227508-ea11-453f-be1b-447858f40e02
drwxr-xr-x 2 yellowtent yellowtent 4.0K Jun 30 00:01 f756b221-1b93-4e5c-be4c-e68b35116d0a
drwxr-xr-x 2 yellowtent yellowtent 4.0K Jun 30 00:01 ffa512b8-2af3-4737-9d3f-c36f7c50c7e2
drwxr-xr-x 2 yellowtent yellowtent 4.0K May 25 03:57 file
drwxr-xr-x 2 yellowtent yellowtent 4.0K Jun 30 00:01 graphite
drwxr-xr-x 2 yellowtent yellowtent 4.0K Jun 26 11:08 happy
drwxr-xr-x 2 yellowtent yellowtent 4.0K Jun 26 11:08 IP
drwxr-xr-x 2 yellowtent yellowtent 4.0K Jun 12 02:04 kit-00068-00068
drwxr-xr-x 2 yellowtent yellowtent 4.0K Jun 26 09:31 kit-00069-00069
drwxr-xr-x 2 yellowtent yellowtent 4.0K May 25 03:57 kit-00073-00073
drwxr-xr-x 2 yellowtent yellowtent 4.0K May 20 03:54 kit_spare_001
drwxr-xr-x 2 yellowtent yellowtent 4.0K May 25 03:57 link.
drwxr-xr-x 2 yellowtent yellowtent 4.0K Jun 26 11:08 little
drwxr-xr-x 2 yellowtent yellowtent 4.0K Jul  1 00:01 mail
drwxr-xr-x 2 yellowtent yellowtent 4.0K Jun 25 17:31 melchizedek
drwxr-xr-x 2 yellowtent yellowtent 4.0K Jun 30 00:01 mongodb
drwxr-xr-x 2 yellowtent yellowtent 4.0K Jun 12 02:04 my.eb8.org
drwxr-xr-x 2 yellowtent yellowtent 4.0K Jun 30 00:01 mysql
drwxr-xr-x 2 yellowtent yellowtent 4.0K Jun 26 11:08 or
drwxr-xr-x 2 yellowtent yellowtent 4.0K Jun 30 00:01 postgresql
drwxr-xr-x 2 yellowtent yellowtent 4.0K Jun 30 00:01 redis-03a27d2a-5afc-4bed-9913-2e7ad6fbd978
drwxr-xr-x 2 yellowtent yellowtent 4.0K Jun 30 00:01 redis-14b68a30-a2cf-418f-a000-f290454ade2b
drwxr-xr-x 2 yellowtent yellowtent 4.0K Jun 30 00:01 redis-32b0dfca-d9f9-4b16-8435-d60760934508
drwxr-xr-x 2 yellowtent yellowtent 4.0K Jun 30 00:01 redis-4104600a-971f-4e3d-b88e-5b22ba439c1b
drwxr-xr-x 2 yellowtent yellowtent 4.0K Jun 30 00:01 redis-428417bb-34dd-4d29-808c-62676b7a0a5b
drwxr-xr-x 2 yellowtent yellowtent 4.0K Jun 30 00:01 redis-53041f83-61d2-47d7-a089-49a67e4ca4c6
drwxr-xr-x 2 yellowtent yellowtent 4.0K Jun 30 00:01 redis-64b209b0-96f1-46bf-a47a-695d885bcb41
drwxr-xr-x 2 yellowtent yellowtent 4.0K Jun 30 00:01 redis-73c82de0-b730-42e3-a9fe-3d0aa4128a64
drwxr-xr-x 2 yellowtent yellowtent 4.0K Jun 30 00:01 redis-80b2f436-0cba-4eff-8fdb-5492689f3129
drwxr-xr-x 2 yellowtent yellowtent 4.0K Jun 30 00:01 redis-ad3f7e22-8408-443a-8193-f1e266760853
drwxr-xr-x 2 yellowtent yellowtent 4.0K Jun 30 00:01 redis-f7227508-ea11-453f-be1b-447858f40e02
drwxr-xr-x 2 yellowtent yellowtent 4.0K May 11 02:19 r--p
drwxr-xr-x 2 yellowtent yellowtent 4.0K Jun 30 00:01 sftp
srwxr-xr-x 1 yellowtent yellowtent    0 Jul  1 09:45 syslog.sock
drwxr-xr-x 2 yellowtent yellowtent 4.0K Jul  1 08:10 tasks
drwxr-xr-x 2 yellowtent yellowtent 4.0K Jun 25 17:31 the
drwxr-xr-x 2 yellowtent yellowtent 4.0K Jun 12 02:04 to
drwxr-xr-x 2 yellowtent yellowtent 4.0K May 20 03:54 try
drwxr-xr-x 2 yellowtent yellowtent 4.0K Jun 30 00:01 turn
drwxr-xr-x 2 yellowtent yellowtent 4.0K Jun 30 00:01 updater
drwxr-xr-x 2 yellowtent yellowtent 4.0K May 25 03:57 Will

HINT: some unambiguous words (melchizedek) I used recently in a Open WebUI chat…

chymian

and even so, the DNSLB is removed, it still reports false positive:

as of now…

I'm out of ideas

chymian

@girish & @nebulon any ideas?
cloudron server is malfunctioning and loosing data every day. pls help to find the issue!

nebulon

So what you see here is the result of the rbl check at https://git.cloudron.io/cloudron/box/-/blob/master/src/mail.js?ref_type=heads#L492

This is only for information here and even if that reports wrongly, it is not related to the actual mail server itself. So it is unclear why you would lose emails if indeed your server is not on a blocklist. Can you double check that this is really the case and then we have to see if we have a bug in the display of the status.

necrevistonnezr

@chymian said in MAIL: false positives from spamhouse:

cloudron server is malfunctioning and loosing data every day. pls help to find the issue!

Please be more precise, because this is a rather serious allegation.

chymian

@nebulon , thanks for reply.
in the first post, I copied a undeliverable testmail from spamhoaus to cloudron, b/c it was denieing the reception.

here a little oversight:

and they all look similar…

all these hosts are N.O.T. blacklisted. I checked.
also, false positives…