Unforgiven23 Posted December 5, 2006 Share Posted December 5, 2006 First time poster here needing help with something strange going on with my mailserver. For about a 2 year period now I've been using bl.spamcop.net and sbl-xbl.spamhaus.org as dual RBL options for my company mailserver. I have had issues with Spamhaus going down from time to time and outside emails being rejected with SMTP errors. Disabling sbl-xbl.spamhaus.org let email through and I re-enabled it a few days later without issues after talking with their tech support and them stating they were having server issues. For the last 12 hours I have had to disable bl.spamcop.net because outside emails were being rejected. Here is the error message being sent back to outside sources: This is an automatically generated Delivery Status Notification Delivery to the following recipient failed permanently: xxxxx[at]domain.com Technical details of permanent failure: PERM_FAILURE: SMTP Error (state 9): 550 Requested action not taken. Is anyone else experiencing the same issues over the past 12 hours with bl.spamcop.net as a RBL? No configuration changes have been made to the server in that time. I have since restarted multiple times but anytime I enable bl.spamcop.net emails immediately start being rejected. The rejections are from multiple domains so I know it's not just a single domain that has accidentally been blacklisted. Any help is greatly appreciated! Thank You! Link to comment Share on other sites More sharing options...
GraemeL Posted December 5, 2006 Share Posted December 5, 2006 Is anyone else experiencing the same issues over the past 12 hours with bl.spamcop.net as a RBL? Not seen any problems here. The only thing that I can think of is that your DNS cache has been poisoned. Can you run one of the following commands and post the results here? Dig output would be preferred, but nslookup will do if you don't have dig. dig +trace 2.0.0.127.bl.spamcop.net nslookup -debug 2.0.0.127.bl.spamcop.net Edit to add Probably worth testing for negative results too with dig +trace 1.0.0.10.bl.spamcop.net nslookup -debug 1.0.0.10.bl.spamcop.net Link to comment Share on other sites More sharing options...
Unforgiven23 Posted December 5, 2006 Author Share Posted December 5, 2006 Not seen any problems here. The only thing that I can think of is that your DNS cache has been poisoned. Can you run one of the following commands and post the results here? Dig output would be preferred, but nslookup will do if you don't have dig. dig +trace 2.0.0.127.bl.spamcop.net nslookup -debug 2.0.0.127.bl.spamcop.net Edit to add Probably worth testing for negative results too with dig +trace 1.0.0.10.bl.spamcop.net nslookup -debug 1.0.0.10.bl.spamcop.net Response from nslookup -debug 2.0.0.127.bl.spamcop.net: ------------ Got answer: HEADER: opcode = QUERY, id = 1, rcode = NXDOMAIN header flags: response, want recursion, recursion avail. questions = 1, answers = 1, authority records = 1, additional = 0 QUESTIONS: 151.52.46.12.in-addr.arpa, type = PTR, class = IN ANSWERS: -> 151.52.46.12.in-addr.arpa canonical name = 151.128/25.52.46.12.in-addr.arpa ttl = 171174 (1 day 23 hours 32 mins 54 secs) AUTHORITY RECORDS: -> 128/25.52.46.12.in-addr.arpa ttl = 9174 (2 hours 32 mins 54 secs) primary name server = cbru.br.ns.els-gms.att.net responsible mail addr = rm-hostmaster.ems.att.com serial = 12 refresh = 83000 (23 hours 3 mins 20 secs) retry = 10000 (2 hours 46 mins 40 secs) expire = 600000 (6 days 22 hours 40 mins) default TTL = 86400 (1 day) ------------ Server: UnKnown Address: 12.46.52.151 ------------ Got answer: HEADER: opcode = QUERY, id = 2, rcode = NXDOMAIN header flags: response, auth. answer, want recursion, recursion avail. questions = 1, answers = 0, authority records = 1, additional = 0 QUESTIONS: 2.0.0.127.bl.spamcop.net.XXX.LOCAL, type = A, class = IN AUTHORITY RECORDS: -> XXX.local ttl = 3600 (1 hour) primary name server = dcmain.XXX.local responsible mail addr = hostmaster serial = 719 refresh = 900 (15 mins) retry = 600 (10 mins) expire = 86400 (1 day) default TTL = 900 (15 mins) ------------ DNS request timed out. timeout was 2 seconds. timeout (2 secs) Response from nslookup -debug 1.0.0.10.bl.spamcop.net: ------------ Got answer: HEADER: opcode = QUERY, id = 1, rcode = NXDOMAIN header flags: response, want recursion, recursion avail. questions = 1, answers = 1, authority records = 1, additional = 0 QUESTIONS: 151.52.46.12.in-addr.arpa, type = PTR, class = IN ANSWERS: -> 151.52.46.12.in-addr.arpa canonical name = 151.128/25.52.46.12.in-addr.arpa ttl = 171132 (1 day 23 hours 32 mins 12 secs) AUTHORITY RECORDS: -> 128/25.52.46.12.in-addr.arpa ttl = 9132 (2 hours 32 mins 12 secs) primary name server = cbru.br.ns.els-gms.att.net responsible mail addr = rm-hostmaster.ems.att.com serial = 12 refresh = 83000 (23 hours 3 mins 20 secs) retry = 10000 (2 hours 46 mins 40 secs) expire = 600000 (6 days 22 hours 40 mins) default TTL = 86400 (1 day) ------------ Server: UnKnown Address: 12.46.52.151 ------------ Got answer: HEADER: opcode = QUERY, id = 2, rcode = NXDOMAIN header flags: response, auth. answer, want recursion, recursion avail. questions = 1, answers = 0, authority records = 1, additional = 0 QUESTIONS: 1.0.0.10.bl.spamcop.net.XXX.LOCAL, type = A, class = IN AUTHORITY RECORDS: -> XXX.local ttl = 3600 (1 hour) primary name server = dcmain.XXX.local responsible mail addr = hostmaster serial = 719 refresh = 900 (15 mins) retry = 600 (10 mins) expire = 86400 (1 day) default TTL = 900 (15 mins) ------------ ------------ Got answer: HEADER: opcode = QUERY, id = 3, rcode = NXDOMAIN header flags: response, want recursion, recursion avail. questions = 1, answers = 0, authority records = 1, additional = 0 QUESTIONS: 1.0.0.10.bl.spamcop.net, type = A, class = IN AUTHORITY RECORDS: -> bl.spamcop.net ttl = 0 (0 secs) primary name server = bl.spamcop.net responsible mail addr = hostmaster.admin.spamcop.net serial = 1165340751 refresh = 3600 (1 hour) retry = 1800 (30 mins) expire = 3600 (1 hour) default TTL = 0 (0 secs) ------------ The thing I don't understand is that Spamhaus is working just fine and if my DNS cache would be screwed I would assume it would affect both services that are being queried. Anyhow, there's the info. Link to comment Share on other sites More sharing options...
GraemeL Posted December 5, 2006 Share Posted December 5, 2006 The thing I don't understand is that Spamhaus is working just fine and if my DNS cache would be screwed I would assume it would affect both services that are being queried. Anyhow, there's the info. Just because one domain works, doesn't mean that other domains can be broken. Something definitely looks wrong with your DNS responses for SC queries. They should look something like this... For an entry in the blocklist: nslookup -debug 2.0.0.127.bl.spamcop.net Server: 195.7.224.143 Address: 195.7.224.143#53 ------------ QUESTIONS: 2.0.0.127.bl.spamcop.net, type = A, class = IN ANSWERS: -> 2.0.0.127.bl.spamcop.net internet address = 127.0.0.2 AUTHORITY RECORDS: -> bl.spamcop.net nameserver = blns43.spamcop.net. -> bl.spamcop.net nameserver = blns45.spamcop.net. -> bl.spamcop.net nameserver = blns47.spamcop.net. -> bl.spamcop.net nameserver = blns48.spamcop.net. -> bl.spamcop.net nameserver = blns9.spamcop.net. -> bl.spamcop.net nameserver = blns33.spamcop.net. -> bl.spamcop.net nameserver = blns34.spamcop.net. -> bl.spamcop.net nameserver = blns42.spamcop.net. ADDITIONAL RECORDS: -> blns9.spamcop.net internet address = 208.39.222.110 -> blns33.spamcop.net internet address = 195.54.99.5 -> blns34.spamcop.net internet address = 192.42.113.254 -> blns42.spamcop.net internet address = 72.232.188.26 -> blns43.spamcop.net internet address = 72.232.188.18 -> blns45.spamcop.net internet address = 209.67.211.210 -> blns47.spamcop.net internet address = 209.67.211.202 -> blns48.spamcop.net internet address = 63.246.147.170 ------------ Non-authoritative answer: Name: 2.0.0.127.bl.spamcop.net Address: 127.0.0.2 For an entry not in the blocklist: nslookup -debug 3.0.0.127.bl.spamcop.net Server: 195.7.224.143 Address: 195.7.224.143#53 ------------ QUESTIONS: 3.0.0.127.bl.spamcop.net, type = A, class = IN ANSWERS: AUTHORITY RECORDS: -> bl.spamcop.net origin = bl.spamcop.net mail addr = hostmaster.admin.spamcop.net serial = 1165346152 refresh = 3600 retry = 1800 expire = 3600 minimum = 0 ADDITIONAL RECORDS: ------------ ** server can't find 3.0.0.127.bl.spamcop.net: NXDOMAIN See the difference in the authority records? You did do this from the mail server with access to internet DNS and not from a machine on the internal network that can only see internal DNS? Link to comment Share on other sites More sharing options...
StevenUnderwood Posted December 5, 2006 Share Posted December 5, 2006 See the difference in the authority records? You did do this from the mail server with access to internet DNS and not from a machine on the internal network that can only see internal DNS? Just because the authority records are not there does not mean it should not resolve. My lookup, using our internal DNS still returns Name: 2.0.0.127.bl.spamcop.net Address: 127.0.0.2 Microsoft Windows XP [Version 5.1.2600] © Copyright 1985-2001 Microsoft Corp. C:\>nslookup -debug 2.0.0.127.bl.spamcop.net ------------ Got answer: HEADER: opcode = QUERY, id = 1, rcode = NOERROR header flags: response, auth. answer, want recursion, recursion avail. questions = 1, answers = 1, authority records = 0, additional = 0 QUESTIONS: 11.75.1.10.in-addr.arpa, type = PTR, class = IN ANSWERS: -> 11.75.1.10.in-addr.arpa name = kopdc01.kopin.com ttl = 1200 (20 mins) ------------ Server: kopdc01.kopin.com Address: 10.1.75.11 ------------ Got answer: HEADER: opcode = QUERY, id = 2, rcode = NXDOMAIN header flags: response, auth. answer, want recursion, recursion avail. questions = 1, answers = 0, authority records = 1, additional = 0 QUESTIONS: 2.0.0.127.bl.spamcop.net.kopin.com, type = A, class = IN AUTHORITY RECORDS: -> kopin.com ttl = 3600 (1 hour) primary name server = kopdc01.kopin.com responsible mail addr = hostmaster.kopin.com serial = 5448 refresh = 900 (15 mins) retry = 600 (10 mins) expire = 86400 (1 day) default TTL = 900 (15 mins) ------------ ------------ Got answer: HEADER: opcode = QUERY, id = 3, rcode = NOERROR header flags: response, auth. answer questions = 1, answers = 1, authority records = 0, additional = 0 QUESTIONS: 2.0.0.127.bl.spamcop.net, type = A, class = IN ANSWERS: -> 2.0.0.127.bl.spamcop.net internet address = 127.0.0.2 ttl = 2100 (35 mins) ------------ Name: 2.0.0.127.bl.spamcop.net Address: 127.0.0.2 C:\> Link to comment Share on other sites More sharing options...
Wazoo Posted December 5, 2006 Share Posted December 5, 2006 I'll ask the stupid question ..... if the 'connection' isn't made, don't most DNSBL check tools default to the mode "item not listed" ...????? (which would then also seem to indicate that the e-mail would pass ...) Link to comment Share on other sites More sharing options...
Telarin Posted December 5, 2006 Share Posted December 5, 2006 Wazoo: That would be the default behavior for most DNSBL check tools that I've used. Unforgiven23: what mail server software/DNSBL check tools and versions are you using? Link to comment Share on other sites More sharing options...
GraemeL Posted December 5, 2006 Share Posted December 5, 2006 I'll ask the stupid question ..... if the 'connection' isn't made, don't most DNSBL check tools default to the mode "item not listed" ...????? (which would then also seem to indicate that the e-mail would pass ...) The default in sendmail is to ignore lookups that time out. It can be set to issue a 450 temporary failure by adding an extra argument to the configuration line though. Never worked with an MTA that will issue a 5xx error on a timeout for a dnsbl lookup. Link to comment Share on other sites More sharing options...
Unforgiven23 Posted December 5, 2006 Author Share Posted December 5, 2006 Wazoo: That would be the default behavior for most DNSBL check tools that I've used. Unforgiven23: what mail server software/DNSBL check tools and versions are you using? I'm using ISMail EP version 3.3.877 by InstantServers. Just because one domain works, doesn't mean that other domains can be broken. Something definitely looks wrong with your DNS responses for SC queries. They should look something like this... For an entry in the blocklist: nslookup -debug 2.0.0.127.bl.spamcop.net Server: 195.7.224.143 Address: 195.7.224.143#53 ------------ QUESTIONS: 2.0.0.127.bl.spamcop.net, type = A, class = IN ANSWERS: -> 2.0.0.127.bl.spamcop.net internet address = 127.0.0.2 AUTHORITY RECORDS: -> bl.spamcop.net nameserver = blns43.spamcop.net. -> bl.spamcop.net nameserver = blns45.spamcop.net. -> bl.spamcop.net nameserver = blns47.spamcop.net. -> bl.spamcop.net nameserver = blns48.spamcop.net. -> bl.spamcop.net nameserver = blns9.spamcop.net. -> bl.spamcop.net nameserver = blns33.spamcop.net. -> bl.spamcop.net nameserver = blns34.spamcop.net. -> bl.spamcop.net nameserver = blns42.spamcop.net. ADDITIONAL RECORDS: -> blns9.spamcop.net internet address = 208.39.222.110 -> blns33.spamcop.net internet address = 195.54.99.5 -> blns34.spamcop.net internet address = 192.42.113.254 -> blns42.spamcop.net internet address = 72.232.188.26 -> blns43.spamcop.net internet address = 72.232.188.18 -> blns45.spamcop.net internet address = 209.67.211.210 -> blns47.spamcop.net internet address = 209.67.211.202 -> blns48.spamcop.net internet address = 63.246.147.170 ------------ Non-authoritative answer: Name: 2.0.0.127.bl.spamcop.net Address: 127.0.0.2 For an entry not in the blocklist: nslookup -debug 3.0.0.127.bl.spamcop.net Server: 195.7.224.143 Address: 195.7.224.143#53 ------------ QUESTIONS: 3.0.0.127.bl.spamcop.net, type = A, class = IN ANSWERS: AUTHORITY RECORDS: -> bl.spamcop.net origin = bl.spamcop.net mail addr = hostmaster.admin.spamcop.net serial = 1165346152 refresh = 3600 retry = 1800 expire = 3600 minimum = 0 ADDITIONAL RECORDS: ------------ ** server can't find 3.0.0.127.bl.spamcop.net: NXDOMAIN See the difference in the authority records? You did do this from the mail server with access to internet DNS and not from a machine on the internal network that can only see internal DNS? I ran the commands directly from the mailserver that uses our internal DNS server first then uses the DNS servers given to us directly by the ISP. Link to comment Share on other sites More sharing options...
Unforgiven23 Posted December 7, 2006 Author Share Posted December 7, 2006 Just to update, I found my resolution to be 2 fold.... 1) Gmail has some servers that are blacklisted by Spamcop as well as other providers thus some email being rejected due to 550 errors. 2) There was an issue with the DNS server I had setup in the mail server configuration. In my server software it asks for 2 DNS servers for resolution. Well I was using 2 root servers such as a.root-servers.org and b.root-servers.org and one of them was having an issue apparently. What I did was just change them to different servers and that solved any remaining issues I had. This was just a problem that was multi-pronged and was a real pain to figure out. Yesterday I tried using different blacklisting services other than Spamhaus and I got similar results. I guess using Gmail for my testing account was a stupid idea, but upon further research Gmail has been blacklisted by a few providers and thus some of my issues. The strange thing is that some Gmail would go through, some would not, which lead me to believe that it was the actual RBL that I was using. Anyhow, thanks for the help and please mark this issue resolved. Thank You! Link to comment Share on other sites More sharing options...
Wazoo Posted December 7, 2006 Share Posted December 7, 2006 Thanks for the follow-up, details, and background. Much appreciated. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.