Emails rejected due to SpamHaus blacklist (zen.spamhaus.org)

Post Reply
User avatar
webxtek
Posts: 57
Joined: Wed Nov 18, 2020 7:43 pm
Been thanked: 2 times

Hi everyone,

Since yesterday, several users on my server have been complaining that they can't receive emails, although sending works fine.

After checking, Exim4 seems to be running normally. However, when I checked the mainlog, I found multiple messages like this:

Code: Select all

2025-02-26 20:36:53 H=mail-ej1-f41.google.com [209.85.218.41] X=TLS1.3:ECDHE_X25519__RSA_PSS_RSAE_SHA256__AES_128_GCM:128 CV=no F=<[email protected]> rejected RCPT <[email protected]>: Rejected because 209.85.218.41 is in a black list at zen.spamhaus.org
I manually checked, and none of these IPs appear to be blacklisted. However, every single incoming email is being filtered as blacklisted.

Is anyone else facing this issue since yesterday?
What can I do to fix it?

Thanks!
Top
User avatar
webxtek
Posts: 57
Joined: Wed Nov 18, 2020 7:43 pm
Been thanked: 2 times

Screenshot 2025-02-26 210511.png
Screenshot 2025-02-26 210511.png (6.79 KiB)
I just commented out both lines in /etc/exim4/dnsbl.conf, and that solved the issue, but it’s not an ideal fix. I’m not sure what changed to cause this behavior. Any suggestions are welcome—thank you very much! :D
Top
User avatar
isscbta
Team Member
Posts: 142
Joined: Mon Jul 19, 2021 1:41 am
Has thanked: 18 times
Been thanked: 3 times

If you see this or a similar entry in the Exim log, it means your server is affected by the issue:

Code: Select all

2025-02-26 17:19:11 H=mail-lf1-f48.google.com [123.123.123.123] X=TLS1.3:ECDHE_RSA_AES_128_GCM_SHA256:128 CV=no F=<[email protected]> rejected RCPT <[email protected]>: Rejected because 123.123.123.123 is in a black list at zen.spamhaus.org
SpamHaus has unexpectedly and without clear explanation decided to blacklist numerous IP addresses, including entire IP ranges. Since MyVesta, by default, uses their blacklist for filtering, this has caused issues with email delivery.

Until this issue is resolved at a higher level, you can temporarily bypass the SpamHaus filter by running the following command:

Code: Select all

sed -i '/zen.spamhaus.org/d' /etc/exim4/dnsbl.conf
This will disable filtering through SpamHaus, allowing emails to be sent normally.
Top
User avatar
isscbta
Team Member
Posts: 142
Joined: Mon Jul 19, 2021 1:41 am
Has thanked: 18 times
Been thanked: 3 times

Update:

We've released myVesta update - Version 0.9.9-0-12 [28-Feb-2025].
The update will remove SpamHaus DNSBL from exim4.
Top
User avatar
T4B
Posts: 169
Joined: Sat Jul 11, 2020 9:44 am
Been thanked: 5 times

hey i want to know if this removed from myvestacp it is bad for emails ? or safe to remove it and move forward ?
Top
Post Reply

Return to “Anti-spam”