• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion

DNS zones for DNSBL service

S

SHGreg

Guest
Whenever I enter something in this field, such as 'zen.spamhaus.org', Plesk users are blocked from sending emails because they have a dynamic IP (as most broadband users do). Why is Plesk blocking my authenticated SMTP users?

It seems like it is checking the DNSBL list and rejecting users before checking for a username and password. Surely this is the wrong way around? If a user successfully authenticates, why check their IP with the list? They have already been authorized which should override any result from the list.
 
I have the same experience on our Box, would be nice to get this fixed, i think it has to do with the order in the server_args at /etc/xinetd.d/smtp_psa


update: since 8.3.0 we have the choice to use message subission which runs on Port 587 and there is not the rblsmtpd check
 
Whenever I enter something in this field, such as 'zen.spamhaus.org', Plesk users are blocked from sending emails because they have a dynamic IP (as most broadband users do). Why is Plesk blocking my authenticated SMTP users?

It seems like it is checking the DNSBL list and rejecting users before checking for a username and password. Surely this is the wrong way around? If a user successfully authenticates, why check their IP with the list? They have already been authorized which should override any result from the list.

i have the same problem and i want to desable DNSBL lists, can some one tell me how to do this ?

thanks for advanced
 
What exactly does this port 587 option do? If I enable this option, any user that has problems sending mail through regular port 25 can change to port 587 and bypass the blacklist checks? Wouldnt this open the server up to more spam?
 
What exactly does this port 587 option do? If I enable this option, any user that has problems sending mail through regular port 25 can change to port 587 and bypass the blacklist checks? Wouldnt this open the server up to more spam?

This option declare additional smtp port(587) for end-user's mail clients with mandatory smtp authorization and without any additional prechecks like blacklisting.
 
@AlfonsoO
under Plesk > Server > Mail > Checkbox "Switch on spam protection based on DNS blackhole lists"

@SHGreg
runs on Port 587 with smtp_auth and without blacklist checks...


/etc/xinetd.d/submission_psa / Port 587
server_args = -Rt0 /var/qmail/bin/qmail-smtpd /var/qmail/bin/smtp_auth /var/qmail/bin/true /var/qmail/bin/cmd5checkpw /var/qmail/bin/true

/etc/xinetd.d/smtp_psa / Port 25
server_args = -Rt0 /usr/sbin/rblsmtpd -r dnsbl-1.uceprotect.net -r ix.dnsbl.manitu.net /var/qmail/bin/relaylock /var/qmail/bin/qmail-smtpd /var/qmail/bin/smtp_auth /var/qmail/bin/true /var/qmail/bin/cmd5checkpw /var/qmail/bin/true
 
Great, I got it all working with any users having problems simply switching to port 587 :) What lists are people using? So far I have

'zen.spamhaus.org;combined.njabl.org;list.dsbl.org'
 
Thanks for the link, I've already taken a look at that site. I'm wondering what list combinations are working best for everyone?
 
i think it is up to everyone to figure out the best combination in depence of Country and so on.... even the order of the RBLs will effect it. Unfortunately Plesk brings no statistics for it.

I have done the following, i instaled manually the rblsmtpd with syslog support and got a script with Stats Output per RBL like
bl.spamcop.net: 5400 blocked
dnsbl-1.uceprotect.net: 3401 blocked
ix.dnsbl.manitu.net: 524 blocked

in this case you can start play around which RBL will serve you as best and to find out in which order you should have the RBL`s. It makes no sence for example to have the RBL with the most hits as the last entry... it should be the first entry.

and so on....

with best regards
Brujo
 
Brujo-

I'd liek to setup port 587 as you described above, but I don't quite follow the directions you gave SHGreg above. For example, am I supposed to create a submission_psa file? (there currently isn't one on my server). Would you mind going into a bit more detail? Thank you.

Geoff
 
@gtowle

the submission_psa should be automatically created after you select the Checkbox at your Plesk Controlpanel.

under Plesk > Server > Mail > Checkbox "Enable message submission"

Brujo
 
I've clicked on the enable message submission button, the submission_psa file has been created, port 587 is open, but zen.spamhaus.org is still blocking outgoing mail from dynamic IP's.

I do a telnet 64.129.137.75 587 I get
rblsmtpd: 68.32.44.90 pid 8442: 451 http://www.spamhaus.org/query/bl?ip=68.32.44.90
220 rblsmtpd.local

I've restarted qmail and xinetd from the command line.

What could I be missing? Also, outgoing mail from webmail doesn't get sent. Is there any way to get webmail to work from a dynamic IP?

TIA
 
Also, outgoing mail from webmail doesn't get sent. Is there any way to get webmail to work from a dynamic IP?

TIA

Please ignore this part of my previous post. I figured this one out. Webmail works fine from dynamic IP.
 
Sorry for reviving an old thread, but this is what came up for me when I searched having had this problem with some customers not being able to send emails.

Turns out the issue is with using zen.spamhaus.org - zen includes the SBL, XBL and PBL lists into one, but if you read the fine print at the end of the PBL page, you'll see the problem:

"Caution: Because the PBL lists normal customer IP space, do not use PBL on smarthosts or SMTP AUTH outbound servers for your own customers (or you risk blocking your own customers if their dynamic IPs are in the PBL). Do not use PBL in filters that do any ‘deep parsing’ of Received headers, or for other than checking IP addresses that hand off to your mailservers."

Hope that helps someone,
-Erich
 
Could someone give a short HowTo again how to switch the port - why isnt this problem solved in 9.x ?
 
You don't have to switch anything ! Both ports are open by default !!!

Just have your users change the SMTP port from 25 to 587 in their mail client.

By the way, poeple shouldn't use your server to send out emails. They should only use their ISP smtp...
 
Back
Top