All mails rejected by Spamhaus; Error: open resolver

Bartosz Maciejewski

Sep 7, 2022 — 2 min read

Today suddenly all incoming mails ware rejected by my mailserver. People contacted me with information, that they received undelivered notification with status of:

  5.7.1 Service unavailable; Client host [SENDER IP] blocked using

    sbl-xbl.spamhaus.org; Error: open resolver;

Now what the heck is open resolver? At first I thought that my perfectly set up MTA suddenly became open relay. Or was listed at blacklists - hence spamhaus. But after reading carefully log on my server, this was something other than standard rejection log:

Sep  7 17:05:21 claptrap postfix/smtpd[4285]: NOQUEUE: reject: RCPT from mail.netbsd.org[199.233.217.200]: 554 5.7.1 Service unavailable; Client host [199.233.217.200] blocked using sbl-xbl.spamhaus.org; Error: open resolver; https://www.spamhaus.org/returnc/pub/162.158.101.79; from=<bounces-netbsd-users-owner-***@NetBSD.org> to=<***@***> proto=ESMTP helo=<mail.netbsd.org>
Sep  7 17:05:21 claptrap postfix/smtpd[4285]: using backwards-compatible default setting smtpd_relay_before_recipient_restrictions=no to reject recipient "***@***" from client "mail.netbsd.org[199.233.217.200]"
Sep  7 17:05:21 claptrap postfix/smtpd[4285]: disconnect from mail.netbsd.org[199.233.217.200] ehlo=1 mail=1 rcpt=0/1 data=0/1 rset=1 quit=1 commands=4/6

Example of log

After some research it is now clear, that years free spamhaus service for rejecting spam IP and compromised hosts is no longer free. In fact they dropped all requests to their services like sbl-xbl.spamhaus.org or zen.spamhaus.org made from public DNS servers like Cloudflare. Instead you need to register for API Key here: https://www.spamhaus.com/free-trial/sign-up-for-a-free-data-query-service-account/ and it should work for non commercial MTAs. If using it comercially they can issue a quote for subscription. Querying spamhaus is then made via API.spamhaus.org.

As they wrote you can register or ditch spamhaus from MTA config. I now choose option 2. Despite it is written that only cloudflare users are blocked, I don't want to switch to Google or other public DNS as Cloudflare are working the best for me.

Source from Cisco 3750 switch appears as name of the month (?) in Graylog 6.0

I've just installed a new SIEM based on Graylog 6.0 to collect all my logs from my home network. Both my APs and TrueNAS send logs over UDP just fine. After adding my switch - Cisco Catalyst 3750-X - I noticed that the logs were being collected

Change Alexa location for weather alerts.

It was something that drove me crazy for a very long time. A long time ago, when there was no Amazon in Poland and Amazon was giving away free stuff like e-books or games, you had to have a US address to get it. Even if it was completely digital.

The ultimate solution for controlling everything with this smart switch!

The problem I had was that over the years I had changed a lot of things to smart things in such a way that they could not be controlled directly. These include wall lights in the living room, light bulbs on the patio and the front gate. I just received

Fun with smart knob TS004F (TuYa ERS-10TZBVK-AA) in Home Assistant

I recently have bought this little knob below. 13.28€ 10% de réduction|Zigbee Commutateur de bouton intelligent sans fil pour la maison intelligente, contrôleur de bouton de commutation à distance, fonctionne avec Zigéquation Gateway, Smart Life Andrea | AliExpressAchetez malin, vivez mieux! Aliexpress.comaliexpress.com It comes with battery already

Read more

Source from Cisco 3750 switch appears as name of the month (?) in Graylog 6.0

Change Alexa location for weather alerts.

The ultimate solution for controlling everything with this smart switch!

Fun with smart knob TS004F (TuYa ERS-10TZBVK-AA) in Home Assistant