0

I am facing the following problem: My websites have contact forms. People reach out to me via contact form. I receive 1 email after every contact form sent. Since about 1 week Ms Outlook is marking my own emails (sent from my websites) as spam.

The headers of those emails have:

tests=ALL_TRUSTED,DKIM_SIGNED,
    DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FORGED_REPLYTO,URIBL_BLOCKED autolearn=no

The main purpose of this question: To get out of URIBL_BLOCKED list and have spamassassin to not add the URIBL_BLOCKED header.

Here follows my troubleshooting:

My resolve.conf had:

# cat /etc/resolv.conf
; generated by /usr/sbin/dhclient-script
search localdomain
nameserver 62.149.128.4
nameserver 62.149.132.4
nameserver 2001:4860:4860::8888

I was told that the reason of is probably a DNS issue. Many blacklisting services don’t allow queries from freely available DNS servers, and that may include the DNS my VPS provider uses.

For e-mail servers I was suggested to use my own recursive resolver. For example Unbound.

This is why I decided to opt for Unbound.

I installed Unbound. Its configuration is:

]# cat /etc/unbound/unbound.conf | egrep -v "^\s*(#|$)"
server:
        verbosity: 1
        statistics-interval: 0
        statistics-cumulative: no
        extended-statistics: yes
        num-threads: 4
         interface: 0.0.0.0
        interface-automatic: no
         port: 53
        so-reuseport: yes
        ip-transparent: yes
         cache-max-ttl: 86400
         do-ip4: yes
         do-udp: yes
         do-tcp: yes
         access-control: 0.0.0.0/0 refuse
         access-control: 127.0.0.0/8 allow
        chroot: ""
        username: "unbound"
        directory: "/etc/unbound"
        log-time-ascii: yes
        pidfile: "/var/run/unbound/unbound.pid"
         hide-version: yes
        harden-glue: yes
        harden-dnssec-stripped: yes
        harden-below-nxdomain: yes
        harden-referral-path: yes
        unwanted-reply-threshold: 10000000
        prefetch: yes
        prefetch-key: yes
        rrset-roundrobin: yes
        minimal-responses: yes
        module-config: "ipsecmod validator iterator"
        trust-anchor-signaling: yes
        trusted-keys-file: /etc/unbound/keys.d/*.key
        auto-trust-anchor-file: "/var/lib/unbound/root.key"
        val-clean-additional: yes
        val-permissive-mode: no
        val-log-level: 1
        include: /etc/unbound/local.d/*.conf
        ipsecmod-enabled: no
        ipsecmod-hook: "/usr/libexec/ipsec/_unbound-hook"
python:
remote-control:
        server-key-file: "/etc/unbound/unbound_server.key"
        server-cert-file: "/etc/unbound/unbound_server.pem"
        control-key-file: "/etc/unbound/unbound_control.key"
        control-cert-file: "/etc/unbound/unbound_control.pem"
include: /etc/unbound/conf.d/*.conf

The /etc/resolv.conf now looks like:

# cat /etc/resolv.conf
; generated by /usr/sbin/dhclient-script
search localdomain
;nameserver 62.149.128.4
;nameserver 62.149.132.4
;nameserver 2001:4860:4860::8888
nameserver ::1
nameserver 127.0.0.1
options trust-ad

Connection Test before installing Unbound:

dig ubuntu.com @localhost -> 135 msec
# host -tA 2.0.0.127.multi.uribl.com

Connection Test afer installing Unbound:

dig ubuntu.com @localhost -> 0 msec
# host -tA 2.0.0.127.multi.uribl.com

Blacklist query before installing Unboud:

2.0.0.127.multi.uribl.com has address 127.0.0.1

Blacklist query after installing Unboud:

2.0.0.127.multi.uribl.com has address 127.0.0.14

When I run spamd retstart I get:

# spamd retstart
server socket setup failed, retry 1: spamd: could not create IO::Socket::IP socket on [127.0.0.1]:783: Address already in use
server socket setup failed, retry 2: spamd: could not create IO::Socket::IP socket on [127.0.0.1]:783: Address already in use
server socket setup failed, retry 3: spamd: could not create IO::Socket::IP socket on [127.0.0.1]:783: Address already in use
server socket setup failed, retry 4: spamd: could not create IO::Socket::IP socket on [127.0.0.1]:783: Address already in use
server socket setup failed, retry 5: spamd: could not create IO::Socket::IP socket on [127.0.0.1]:783: Address already in use
server socket setup failed, retry 6: spamd: could not create IO::Socket::IP socket on [127.0.0.1]:783: Address already in use
server socket setup failed, retry 7: spamd: could not create IO::Socket::IP socket on [127.0.0.1]:783: Address already in use
server socket setup failed, retry 8: spamd: could not create IO::Socket::IP socket on [127.0.0.1]:783: Address already in use
server socket setup failed, retry 9: spamd: could not create IO::Socket::IP socket on [127.0.0.1]:783: Address already in use
spamd: could not create IO::Socket::IP socket on [127.0.0.1]:783: Address already in use

I then rebooted the whole VPS machine and re-run:

host -tA 2.0.0.127.multi.uribl.com
2.0.0.127.multi.uribl.com has address 127.0.0.1

# unbound-control dump_cache logs:

[1651605758] unbound-control[12193:0] warning: control-enable is 'no' in the config file.
[1651605758] unbound-control[12193:0] error: connect: Connection refused for 127.0.0.1

Other logs:

# netstat -antup |grep unbound
tcp        0      0 0.0.0.0:53              0.0.0.0:*               LISTEN      12181/unbound
udp        0      0 0.0.0.0:53              0.0.0.0:*                           12181/unbound
udp        0      0 0.0.0.0:53              0.0.0.0:*                           12181/unbound
udp        0      0 0.0.0.0:53              0.0.0.0:*                           12181/unbound
udp        0      0 0.0.0.0:53              0.0.0.0:*                           12181/unbound
udp        0      0 0.0.0.0:53              0.0.0.0:*                           11927/unbound
udp        0      0 0.0.0.0:53              0.0.0.0:*                           11927/unbound
udp        0      0 0.0.0.0:53              0.0.0.0:*                           11927/unbound
udp        0      0 0.0.0.0:53              0.0.0.0:*                           11927/unbound

Any idea what else I can do to get unlisted from uribl?

Please help

UDPATE: After waiting about 12 hours from the last change I did in the server, the test result from the test is:

# host -tTXT 2.0.0.127.multi.uribl.com
2.0.0.127.multi.uribl.com descriptive text "127.0.0.1 -> Query Refused. See http://uribl.com/refused.shtml for more information [Your DNS IP: 62.149.128.122]"


nslookup -q=txt 2.0.0.127.multi.uribl.com
Server:         62.149.128.4
Address:        62.149.128.4#53

    Non-authoritative answer:
    2.0.0.127.multi.uribl.com       text = "127.0.0.1 -> Query Refused. See http://uribl.com/refused.shtml for more information [Your DNS IP: 62.149.128.123]"
    
    Authoritative answers can be found from:

So it looks like I am not in that list anymore.... however Spamassassin is still firing the URIBL_BLOCKED rule

As suggested in the comments, I fixed the resolv.conf file: New resolv.conf:

#options trust-ad
#; generated by /usr/sbin/dhclient-script
#search localdomain
#nameserver 62.149.128.4
#nameserver 62.149.132.4
#nameserver 2001:4860:4860::8888
nameserver ::1
nameserver 127.0.0.1
options trust-ad
Pikk
  • 329
  • 1
  • 4
  • 17
  • you seems really to mix up things and have a [x and y problem](https://faq-database.de/doku.php?id=en:x-and-y-problem) in my mind, please update the question and share the original, business related question or issue. – djdomi May 03 '22 at 19:42
  • Thank you @djdomi you're right. I edited the question and highlighed the main problem I am trying to resolve. – Pikk May 03 '22 at 19:48
  • To be honestly with you - I assume that you are not a Business-Administrator, which leads to the first fact: Your question would be off-Topic for Serverfault.com - Second fact: in my understanding of your question, you have an [X-And-Y-Issue](https://faq-database.de/doku.php?id=en:x-and-y-problem) in here. The Reason in my human opinion is, Fact three: It seems you don't know how [Blacklists](https://en.wikipedia.org/wiki/Wikipedia:Spam_blacklist) work. So far, so Good and Bad - However, please verify your domain at [MX Tool Box](https://mxtoolbox.com/) which help you to understand the issue. – djdomi May 04 '22 at 08:22
  • And to Continue on the Point - I assume, that your E-Mail server does not query localhost for DNS querys. This is what you can test with `nslookup -q=txt 2.0.0.127.multi.uribl.com` and provide the output - remember, within the spamd.conf you can specify `dns_server 127.0.0.1` for forcing this. - The [Manual for Spamassassin](https://spamassassin.apache.org/full/3.4.x/doc/Mail_SpamAssassin_Conf.html) is the source of the second part of this comment. – djdomi May 04 '22 at 08:33
  • The result is similar to the `host` command. Today tests with both `nslookup` and `host` give refused (which is probably ok). I added the output below in the question. – Pikk May 04 '22 at 08:35
  • No its a different! - Your query will goto 62.149.128.4 instead 127.0.0.1 - so there is a other DNS configured in the system. – djdomi May 04 '22 at 08:38
  • How can I find that? If I `ss -antpl | grep 53` I see only `unbound` listed – Pikk May 04 '22 at 08:46
  • Please refrain from personal attacks. Please consider that if a person doesn't understand it may be due to the lack of quality in explanation. Or lack of explanation. – Pikk May 04 '22 at 09:25
  • your /etc/resolve.conf seems that you have used `;nameserver 62.149.128.4` instead `#nameserver 62.149.128.4` - /etc/resolve.conf use a top down reading, and " ; " is a separator and not a commentator - or in words told: use hashtag instead semicolon - fix this please. – djdomi May 04 '22 at 09:26
  • Thank you for your kind reply. I fixed the `resolv.conf` file and added it to the question in the bottom. Also I run `spamd restart` and `systemctl restart unbound`. ` nslookup -q=txt 2.0.0.127.multi.uribl.com` now says `Server: 127.0.0.1` `Address: 127.0.0.1#53` `2.0.0.127.multi.uribl.com text = "permanent testpoint"` - however still Spamassassin is adding the same list to the headers. – Pikk May 04 '22 at 09:46
  • Remind, that spamd needs to be restarted to catch the new configuration - in your case, just reboot the complete server. – djdomi May 04 '22 at 14:53
  • Thanks... I noticed each time I reboot the server the resolv.conf gets overwritten with the original values `;generated by /usr/sbin/dhclient-script` - do you think it's better if I open another question for that issue? I have no idea why it's being overwritten, and why it gets specifically those IP addresses as DNS... maybe it acts as a DHCP client and populates the resolv.conf from the info it gets from the DHCP server. – Pikk May 04 '22 at 16:42
  • Let us [continue this discussion in chat](https://chat.stackexchange.com/rooms/136043/discussion-between-djdomi-and-pikk). – djdomi May 04 '22 at 16:46

0 Answers0