DNSBL/RBL stopped working altogether

[DragonAss]

About 2 months ago, the DNSBL stopped working and
email accounts began getting "normal" SPAM floods.
Turning the DNSBL on/off seems to make zero difference.

Results from testing an RBL server more direcly seem okay:

[root@www ~]# dig +short 2.0.0.127.zen.spamhaus.org
127.0.0.4
127.0.0.10
127.0.0.2
[root@www ~]# dig +short 1.0.0.127.zen.spamhaus.org
[root@www ~]# dig +short TXT 2.0.0.127.zen.spamhaus.org
"http://www.spamhaus.org/query/bl?ip=127.0.0.2"
"http://www.spamhaus.org/sbl/query/SBL233"

Unfortunately, I didn't find anyone else with this issue :-/
(it's always a little more comforting when it's "not just me",
plus it means answers are being sought, perhaps found).

The RBL server version is:

 -------------------------------------------------------------------
[root@www ~]# rpm -qa | grep rbl
psa-qmail-rblsmtpd-0.88-rhel5.build1013111101.14

[root@www ~]# rpm -qi psa-qmail-rblsmtpd
Name        : psa-qmail-rblsmtpd           Relocations: (not relocatable)
Version     : 0.88                              Vendor: Parallels
Release     : rhel5.build1013111101.14      Build Date: Tue 01 Nov 2011 04:35:16 AM EDT
Install Date: Sun 20 Nov 2011 09:49:47 PM EST      Build Host: brhas5x64.plesk.ru
Group       : Applications/Mail             Source RPM: psa-qmail-rblsmtpd-0.88-rhel5.build1013111101.14.src.rpm
Size        : 38336                            License: GPL
Signature   : (none)
Packager    : Parallels <[email protected]>
URL         : http://www.parallels.com/
Summary     : SPAM blocker for QMail daemon
Description :
rblsmtpd is a generic tool to block mail from RBL-listed sites.
---------------------------------------------------------------------

Does anyone know how I can test what, if anything, the
mail server is doing with BLs along the chain of events?
... or any ideas to try?
Thanks!

 

[TonyDas]

I am running Parallels Plesk Automation, although I have pbl.spamhaus.org added, mails are not being blocked and this is confirmed by [email protected]

I do see the rbl query in tcpdump. What is needed to block mail listed in spamhaus?

 

[DragonAss]

It sounds like you do have it setup correctly. I believe you just put your spamhaus URL into the form under "Mail Server SettingsNS zones for DNSBL service" and submit. Obviously, make sure the checkbox to use DNSBL is ticked "on". That's how it used to work anyway.

Apparantly, what's needed is to make it actually work now though is: get rid of Plesk?

I'm sure there's some self-tinkering that could be done to fix it too, but doing so would probably either break Plesk or, at best, be overwritten by a future update. FWIW, spamhaus and the DNSBL in general used to work pretty damn well, until back around February-ish, when Qmail simply stopped filtering any emails based on IP [and that particular server was using a subscription to spamhaus - the party paying for it was none too happy about spending $90 for 3 months of 100% unfiltered mailboxes]. The issue wasn't with spamhaus though, it was/is Plesk's Qmail - my guess is the "mailman" file, but that's just a quick guess.

I can see now why some people say Plesk sucks. It's nice when it works but, when it doesn't, you're waiting in limbo for their fix[es]. With Redhat now getting ready to slap healthy fees into the mix (I guess they see an opportuniuty to gouge?) I'm about ready to convert far, far away from the "Open Source but my changes make it Propietary" type software. I don't mind a command line interface if it comes with the sanity of simplicity. Neither do I mind [reasonable] fees if it means issues [such as this] will get addressed.

I hope this DNSBL issue is on the radar of anyone who can make a difference.
In the meantime, though, I'm making contingency plans to migrate away.

DragonAss