Email server setup Spamhaus etc

4 posts / 0 new
Last post
#1 Thu, 05/16/2019 - 23:18
drguild

Email server setup Spamhaus etc

On my server spamhaus is rejecting emails as I have my Static IP in the headers.

What is the best to do a fix this so my email server properly sends mail out to various mail servers.

Return-Path: <>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on server.revnet
X-Spam-Level:
X-Spam-Status: No, score=0.0 required=5.0 tests=NO_RELAYS,URIBL_BLOCKED autolearn=ham version=3.3.1
X-Original-To: email@my-server
Delivered-To: email@myip.isp
Received: by (myip.isp) (Postfix) id B23612017E2; Thu, 16 May 2019 18:24:12 +0800 (AWST)
Date: Thu, 16 May 2019 18:24:12 +0800 (AWST)
From: MAILER-DAEMON@myip.isp (Mail Delivery System)
Subject: Undelivered Mail Returned to Sender
To: email@my-server
Auto-Submitted: auto-replied
MIME-Version: 1.0
Content-Type: multipart/report; report-type=delivery-status; boundary="706802017E1.1558002252/myip.isp"
Content-Transfer-Encoding: 8bit
Message-Id: <20190516102412.B23612017E2@myip.isp>
Message contents
This is the mail system at host myip.isp.

I'm sorry to have to inform you that your message could not
be delivered to one or more recipients. It's attached below.

For further assistance, please send mail to postmaster.

If you do so, please include this problem report. You can
delete your own text from the attached returned message.

                   The mail system

<email@hotmail.com>: host
    hotmail-com.olc.protection.outlook.com[104.47.14.33] said: 550 5.7.1
    Service unavailable, Client host [MyIP] blocked using Spamhaus.
    To request removal from this list see
    https://www.spamhaus.org/query/ip/[MyIP] (AS3130).
    [VI1EUR04FT030.eop-eur04.prod.protection.outlook.com] (in reply to MAIL
    FROM command)

Spamhaus comes back with:

MyIP is not listed in the SBL
MyIP is listed in the PBL, in the following records: PBL111780
MyIP is not listed in the XBL
Ref: PBL111780

IP/24 is listed on the Policy Block List (PBL)

Outbound Email Policy of The Spamhaus Project for this IP range:

This IP address range has been identified by Spamhaus as not meeting our policy for IP addresses permitted to deliver unauthenticated 'direct-to-mx' email to PBL users.

Important: If you are using any normal email software (such as Outlook, Entourage, Thunderbird, Apple Mail, etc.) and you are being blocked by this Spamhaus PBL listing when you try to send email, the reason is simply that you need to turn on "SMTP Authentication" in your email program settings. For help with SMTP Authentication or ways to quickly fix this problem click here.

See also: http://www.spamhaus.org/faq/section/Spamhaus%20PBL

Removal Procedure

If you are not using normal email software but instead are running a mail server and you are the owner of a Static IP address in the range IP/24 and you have a legitimate reason for operating a mail server on this IP, you can automatically remove (suppress) your static IP address from the PBL database.

So whats the best way to configure virtualmin mail servers to be compatible with mail servers while still keeping domain and local emails working?

I assume its something to do with this setting:

Use SASL SMTP authentication? No

I also read there seems to be a bug when turning it on.

Thu, 05/16/2019 - 23:27
andreychek

Howdy,

It looks like your server's IP is listed in the SpamHaus PBL database.

The SpamHaus PBL is essentially a list of dynamic IP addresses... the recommendation is to obtain a static IP on a business class network, rather than using a dynamic IP.

If you are using a static IP, you'd need to contact SpamHaus and get your IP de-listed.

If you are using a dynamic IP, you'd ideally want to switch to a static one. However, you could also relay all your email through your provider rather than sending it directly from your server.

This URL here contains more info on all that:

https://www.spamhaus.org/faq/section/Spamhaus%20PBL#183

Thu, 05/16/2019 - 23:39
drguild

I am on a static IP.

I updated my post as you were replying and noticed 'Use SASL SMTP authentication' was off in the settings but require at the top is on. I don't know if turning that on will fix it as mentioned in the Spamhaus, have turned the option on. I don't have a hotmail / outlook to test. I also read about a possible config bug with having the option on I linked in the first post which seems people are saying is still ongoing.

Fri, 05/17/2019 - 22:29
drguild

For now I have added my IP to Spamhaus for removal which is fine foe now though I want to look at a more proper solution.

I need to work out SMTP authentication for the longer term as these ip removals only last a year and andreychek even your links to the documentation state smtp authentication signatures are what is needed.

So any advice on this is appreciated.