Resolved DNS blackhole lists: "Yellow listed" is blocked / Searching for recommended lists

[King555]

On Sunday I enabled the DNS blackhole lists in the server-wide e-mail settings in Plesk. Before that I googled for recommendations for good lists.

I ended up with this: zen.spamhaus.org;hostkarma.junkemailfilter.com;db.wpbl.info;psbl.surriel.com

About 30 hours later I realized that not a single mail arrived. I disabled the lists and checked the maillog.

All mails were blocked by hostkarma.junkemailfilter.com and it always says "Yellow listed".

Here is a part of such an entry in the log:
postfix/smtpd[494]: NOQUEUE: reject: RCPT from XXXXXXXXXXXXX: 554 5.7.1 Service unavailable; Client host [XXXXXXXXXXX] blocked using hostkarma.junkemailfilter.com; Yellow listed XXXXXXXXXX See Spam DNS Lists - Computer Tyme Support Wiki

Now I have two questions:
1. Doesn't "yellow listed" mean that this sender should not be blocked? If yes, why is it still blocked? Does this have to do something with Plesk or only the mail server? How can I avoid using lists which block everything? Is there something I should watch out for (regarding compatibility with my system)? I mean, blocking everything cannot be the intended function, this lists seems not to work with Plesk or my mail server.
2. I'm searching for a new recommendation which lists to use. Any ideas?

 

[King555]

Meanwhile I found another recommendation and although some spam mails still come through, it seems to work properly. My current list: zen.spamhaus.org;bl.spamcop.net;b.barracudacentral.org

But I'm still wondering why the "yellow listed" IPs are completely blocked. If someone could tell me that...

 

[King555]

Sorry for pushing this thread again, but it seems that the DNSBL feature does not work at all!

Currently I get a lot of spam and today I checked whether two sender IPs are on blacklists. And they are! But they are not blocked. Why?

For example, two different mail senders are on the blacklists "Spamhaus ZEN" and "SPAMCOP" according to mxtoolbox.com (but not on "BARRACUDA"). Why are they not blocked?

EDIT: Maybe I found the solution for the Spamhaus problem: Blacklisting for spam protection does not work

EDIT #2: Or maybe not... I found out that I do not use the Google nameservers, but those of my provider (Hetzner in Germany). The command in the linked article (dig +short TXT 2.0.0.127.zen.spamhaus.org) gives no result (no output at all).

 

[IgorG]

but it seems that the DNSBL feature does not work at all!

Important - PLEASE FOLLOW THIS INSTRUCTION IF YOU BELIEVE THAT FOUND A BUG!

Dear Pleskians, Please, click Submit Report button and use the template in this special forum subsection if you really believe you discovered a new bug and need to report it to the Plesk developers. It does allow us to handle and resolve your requests much more efficiently. Please be careful...

talk.plesk.com

 

[King555]

Meanwhile both problems are solved/answered:

1.) The hostkarma DNSBL (regarding the "yellow listed" problem) seems to make also problems without Plesk and also with other MTAs, if I understand these two links correctly:

Postfix Germany - hostkarma yellow list wird geblockt

hostkarma yellow list wird geblockt. Hallo! Ich nutze die Blacklist von hostkarma: $ postconf -n smtpd_recipient_restrictions smtpd_recipient_restrictions =...

postfix.1071664.n5.nabble.com

[bug] Hostkarma 'Yellow' listed domains/ips are incorrectly blocked! · Issue #99 · baruwaproject/baruwa2

The hostkarma blocklist has a 'yellow' listing, which means there is no information being kept for the domain or ip ranges. However: Baruwa seems to reject e-mail when a domain is yellow listed, wh...

github.com

Which means the solution is to not use that DNSBL!

2.) Regarding the not answering zen.spamhaus.org DNSBL I found out that the nameservers of "Hetzner" are also blocked by Spamhaus, which means you have to use another nameserver in general or only for this purpose (via "unbound"). I use OpenDNS now, but Cloudflare seems also OK.