Today suddenly all incoming mails ware rejected by my mailserver. People contacted me with information, that they received undelivered notification with status of:
5.7.1 Service unavailable; Client host [SENDER IP] blocked using sbl-xbl.spamhaus.org; Error: open resolver;
Now what the heck is open resolver? At first I thought that my perfectly set up MTA suddenly became open relay. Or was listed at blacklists - hence spamhaus. But after reading carefully log on my server, this was something other than standard rejection log:
After some research it is now clear, that years free spamhaus service for rejecting spam IP and compromised hosts is no longer free. In fact they dropped all requests to their services like sbl-xbl.spamhaus.org or zen.spamhaus.org made from public DNS servers like Cloudflare. Instead you need to register for API Key here: https://www.spamhaus.com/free-trial/sign-up-for-a-free-data-query-service-account/ and it should work for non commercial MTAs. If using it comercially they can issue a quote for subscription. Querying spamhaus is then made via API.spamhaus.org.
As they wrote you can register or ditch spamhaus from MTA config. I now choose option 2. Despite it is written that only cloudflare users are blocked, I don't want to switch to Google or other public DNS as Cloudflare are working the best for me.