> On 19 Oct 2018, at 03:41, gustavo <g...@zumbi.xyz> wrote:
>
>
> Hi
> We have a low-traffic email server, receiving around 800 emails/day and
> sending about the same
> number of emails/day.
> Since some time ago SpamHaus blocks our dns requests, if I check spamhaus'
> website, the limits for the free service are well above our
> usage. Any clue what may be happening?
> if i run this query for example
>
> dig +short TXT 35.191.45.200.zen.spamhaus.org it will timeout
>
> I can perform queries to the ns servers serving spamhaus.org (dig ns
> spamhaus.org) but not to any of the *.gns.spamhaus.org
>
>
> more information about the server
> - dns queries time out over ipv4 and/or ipv6 - vps hosted
> in hetzner (AS24940) - the server is not
> blacklisted by spamhaus or any other rbl - server runs unbound to cache dns
> queries - server hosts mailman for private lists and a bot that bounces
> emails you sent back
> to you
As you are aware, your queries are coming from Hetzner’s IP ranges. After many
discussions with Hetzner, queries coming from Hetzner IP ranges are ignored by
the Spamhaus public mirror infrastructure. This move was made by Spamhaus due
to concerns with respect to misuse of the free public mirror service through
Hetzner’s recursive DNS resolvers. This is not a problem unique to Hetzner nor
is it Hetzner’s fault. Put simply, a minority of users funnel large volumes of
queries through an ISP’s DNS resolvers thus anonymising queries to the free
service. This abuse of a free service is not sustainable.
To work around this, you may sign up for the Data Query Service using the form
found at <https://www.spamhaustech.com/dqs/
<https://www.spamhaustech.com/dqs/>>. We are providing the Datafeed Query
Service (DQS) free of charge to Hetzner customers under the same conditions as
for the public mirror service which you were using previously. Please note the
criteria for using the DQS service for free:
https://www.spamhaus.org/organization/dnsblusage/
<https://www.spamhaus.org/organization/dnsblusage/>.
Once you have applied for DQS you will receive an email from Spamhaus’
automated systems which gives you login details to the Spamhaus portal. The
portal includes details with respect to minor modifications you need to make to
your MTA configurations to use DQS.
Once a year you will need to renew the subscription — but simply replying to
the automated email should result in trouble free renewal.
For information, the DQS is somewhat better than the service available through
the Spamhaus public mirror service as updates are pushed to the service in real
time. Also, the DQS gives you access to the Zero Reputation Domain (ZRD)
dataset. More on ZRD can be found at
https://www.spamhaustech.com/download-centre/files/ZRD-factsheet-001.pdf
<https://www.spamhaustech.com/download-centre/files/ZRD-factsheet-001.pdf>
HTH
Simon
[Disclosure: I work for Spamhaus Technology]
_______________________________________________
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
