Results tagged “Spamhaus.org” from Bill's Words

I’m in the middle of moving our home internet connection over from Comcast (a cable modem) to AT&T (DSL). I know, I know, but I’m pinching pennies these days and the difference between $60/month and $30/month is enough to make me do this move.

Anyway, part of the move involved changing the E-mail configuration of the MacOS X Server box. I figured, correctly, that in order to get E-mail out of our domain, I would need to relay all outgoing E-mail via AT&T’s server, which is still named mail.sbcglobal.yahoo.com. (I have yet to find a benefit to AT&T’s partnership with Yahoo. Maybe for some it’s a good thing, but for me, it’s just one additional layer of crap to deal with.) Eventually, I discover that the mail server requires authentication, and I’m not PostFix-savvy enough to make it do that yet. So I decide to switch back to the Comcast connection.

Later that evening, I’m talking to Mom and realize that I forgot to set the relay server to smtp.comcast.net. I fire up Server Admin and change the setting, then tail the log and note that things seem to be OK.

Except for one thing: this message suddenly started appearing, November 1st by the looks of it:

SPAMHAUS BLOCKLIST ADDRESS IS WRONG MUST FIX

Now, I’m not exactly sure what this means. Am I doing something wrong? Is my address being blocked because it’s “wrong?” Is there something wrong in my configuration? And, if nothing changed otherwise, what’s going on?

So I did the first and best thing a sysadmin can do in a case like this: I Googled the message. (Sorry, Google, but you’re so dominant in the field that you’ve been Xeroxed and Kleenex’d into history.) Nothing came back. Uh oh.

I couldn’t see anything was particularly wrong, so I went to bed.

Less than 24 hours pass and my mom’s on the phone, trying to tell me that E-mail isn’t working right. Well, she’s trying to tell me, anyway, because my cell phone is off at home, recharging after a night of vibrating to tell me that I had a voicemail. And she’s trying to call me on the house phone, but because we’re hanging out elsewhere… anyway, I get the message at 10:00 last night and look at what’s going on.

I then do the next best thing a sysadmin can do when stuck on a problem like this: I Google it again. But this time, I get a hit. Unfortunately, that guy doesn’t explain what’s going on in plain enough English (his post is a little bit ranty, but technically correct) and I’m stuck guessing what I’ve done wrong.

For those of you who are arriving at this post via Google, here it is in plain English:

The message means that your server is attempting to query the Spamhaus server at an incorrect Spamhaus server address. The proper server address is zen.spamhaus.org. For those of you who are running MacOS X Server, use Server Admin to change the server listed in Mail>Settings>Relay>Use these junk mail rejection servers to “zen.spamhaus.org”. If I remember correctly, MacOS X Server comes configured with “bl-xbl.spamhaus.org” in the list and that’s wrong, which is what is causing this error.

The symptom of this problem is, other than the message in your logs, that your users will not be able to receive any mail from any other SMTP server in the world.

And this is why GMail is handy. You can use GMail, whose servers should never be blacklisted, blocked, or otherwise untrusted, to send E-mail to yourself in your domain and watch the logs. When I saw Google’s servers get blacklisted, I knew the problem was mine.

OK, now back to our story. That wasn’t the end of the problems. While my users (as I like to call my family) could now receive E-mails from other domains, I started to see messages that looked like this:

(host something.com[IP.IP.IP.IP] refused to talk to me: 554
impinc01.yourhostingaccount.com NO UCE error: R6.1: IP.IP.IP.IP
is on the Spamhaus blacklist. Please visit: http://www.spamhaus.org)

Wha…?! Now, I knew something was up because, indeed, as I tried to send E-mail from myself to my GMail account, I was the one who was blacklisted. But I knew my server should never be talking directly to the other SMTP servers of the world, such as those at Google and AOL. I knew my server should be talking to the Comcast relay server, so something was screwy.

First, I verified that smtp.comcast.net was indeed listed as the server in “Relay outgoing mail through host:”. And it was. So I looked in my PostFix configuration file, main.cf, to find this line:

relayhost=

Ooops. So there’s the problem! Server Admin didn’t properly update the main.cf file, so I hand massaged it and reloaded PostFix. (“sudo postfix reload” for those of you who might want to know how to do that.) As soon as I did that, my server started to relay things properly and E-mail once again flowed out of the domain to the rest of the world.

Now I tested everything, again, using my GMail account to send and receive E-mails. Again, I think GMail is an invaluable tool, because it’s not Hotmail (lots of spam looks like it originates from Hotmail) or another E-mail service. And I think Google is the most invaluable troubleshooting tool that I have in my arsenal.

As an aside, Spamhaus should change their outgoing error message from the rather cryptic statement in all caps shown above to something more meaningful, like “YOU ARE USING THE WRONG ADDRESS. See http://www.spamhaus.org/wrongaddress.” That would have been infinitely more useful.

Hope that helps someone who had similar problems.