False positive on SpamHaus
-
@potemkin_ai @DualOSWinWiz one caveat I rediscovered recently (sorry, I forgot this entirely) is this file : https://git.cloudron.io/platform/box/-/blob/master/setup/start/unbound/prefer-ip4.conf?ref_type=heads
We do spamhaus queries via unbound. If your server has IPv6, then older version of unbound might use IPv6 and SpamHaus often fails those queries. From ubuntu 24, there is a flag to tell unbound to prefer ipv4 instead of the ipv6 . Does this situation apply to either of you ? i.e do you have ubuntu < 24 and ipv6 ? if so, this might be the issue
@girish i have 24.04 and ipv6 is disabled
-
@potemkin_ai @DualOSWinWiz one caveat I rediscovered recently (sorry, I forgot this entirely) is this file : https://git.cloudron.io/platform/box/-/blob/master/setup/start/unbound/prefer-ip4.conf?ref_type=heads
We do spamhaus queries via unbound. If your server has IPv6, then older version of unbound might use IPv6 and SpamHaus often fails those queries. From ubuntu 24, there is a flag to tell unbound to prefer ipv4 instead of the ipv6 . Does this situation apply to either of you ? i.e do you have ubuntu < 24 and ipv6 ? if so, this might be the issue
@girish already
-
@girish finally i figured out the problem it was Unifiy Gateway (it was Using content filtering in order to moderate the traffic and using dns once i turned off that for all turned green and so far since last 3 hours its green.
@DualOSWinWiz would you mind elaborating how it affected you?
-
so their is a separate feature in Unify gateway to filter content with options None, Work and Family i selected work. the problem was if you select either of Family or Work firewall was migrating traffic to be on open resolver regardless of Network settings. i turned off that feature and it worked out.
-
@DualOSWinWiz , thank you!
@girish , do you have some considerations, based on the information I've provided earlier? -
J jdaviescoates referenced this topic on
-
@jdaviescoates said in URGENT:
In a post on an originally unrelated thread about IPv6 issues @Gengar posted this link https://www.spamhaus.com/resource-center/successfully-accessing-spamhauss-free-block-lists-using-a-public-dns/ which I think explains what's going on with all these false positive spamhaus issues people are having:
The TL;DR seems to be: fill in this form https://www.spamhaus.com/free-trial/sign-up-for-a-free-data-query-service-account/
-
@jdaviescoates said in URGENT:
In a post on an originally unrelated thread about IPv6 issues @Gengar posted this link https://www.spamhaus.com/resource-center/successfully-accessing-spamhauss-free-block-lists-using-a-public-dns/ which I think explains what's going on with all these false positive spamhaus issues people are having:
The TL;DR seems to be: fill in this form https://www.spamhaus.com/free-trial/sign-up-for-a-free-data-query-service-account/
@jdaviescoates thank you! I will keep that as a final resort!
@girish , I would much appreciate any additional information to work-out those false positive alerts as they shall be handled - as I highlighted earlier, Ubuntu update doesn't seem to be relevant...
-
P potemkin_ai referenced this topic on
-
J joseph has marked this topic as solved on
-
Those are two different issues actually.
-
J joseph has marked this topic as unsolved on
-
This particular issue is due to the system's configuration which prevents correct spam resolution. Might be the root cause is one, but we can't be sure on that.
-
OK, I don't really understand the difference entirely, but maybe others can help out. Will leave this as unsolved.
-
P potemkin_ai referenced this topic on
-
J joseph has marked this topic as solved on
-
Since the update to 8.3.2 (on Ubuntu 24) I am seeing these false positives as well. Nothing has changed with the network settings or DNS. I know it is ultimately just a cosmetic problem, but it would be nice to be able to deactivate this check as it serves no real purpose in my opinion.
-
Since the update to 8.3.2 (on Ubuntu 24) I am seeing these false positives as well. Nothing has changed with the network settings or DNS. I know it is ultimately just a cosmetic problem, but it would be nice to be able to deactivate this check as it serves no real purpose in my opinion.
@ccfu I can not agree on deactivate - the purpose is very useful. I would rather have it working properly!
-
@ccfu I can not agree on deactivate - the purpose is very useful. I would rather have it working properly!
If it worked properly that would of course be better
If only one blocklist is being checked (Spamhaus) its purpose is, in my view, rather limited. In any case a failed check due to a connection error should not cause a notification that the mailboxes are not set up correctly and these mailboxes to be showing as red in the list.
Edit: Connection errors happen with correct configuration when an ISP's DNS gets temporarily blocked by the DNSBL server. That seems to be my issue at the moment. In such cases I would like to be able to deactivate the check (even temporarily, for example 24 or 48 hours).
-
Im having the same false positive issue. Do I have to read through this whole thread and the other one or is there a simple fix/do I just need to wait for an update?
-
-
I have a task to make this check more "stable" for next release. Currently, it just shows the message on a single failure . I will fix the code to make it show when the error is more persistent (i.e over several failures or something like that).
@girish That would be a big help for sure, but would it not make more sense to differentiate between connection failure and actual confirmed presence on the blocklist?
At the moment it seems to check every 30 minutes and if the DNS server has been blocked (e.g. for overuse of queries) this is likely to persist for 24 - 48 hours at least.
