On 1/1/23 12:33, Bill Cole wrote:
also, private IP ranges should be excluded from checking in DNS lists.
Yes, but non sequitur...
... as your server connects to 192.168.1.160, I assume that servers
sees your address to be from private range too.
Nope, the connecting address is shown in the error message's Spamhaus
URL: 172.71.117.8. A Cloudflare address (!)
From what I can tell with a little bit of testing, spamhaus is
reporting the IP address of the DNS server that contacted the spamhaus
RBL. That RBL is not used with an IP address, it is a domain name lookup.
Try one of the following commands out on a *NIX system with either
"host" or "nslookup" installed. It looks up a TXT record for
mehl-family.fr (the OP's sender address domain) on the same RBL the OP
uses. The lookup is sent to 1.1.1.1, which is cloudflare's public DNS
resolver:
host -t TXT mehl-family.fr.dbl.spamhaus.org 1.1.1.1
nslookup -type=TXT mehl-family.fr.dbl.spamhaus.org 1.1.1.1
Unless the Raspberry Pi is located in cloudflare's network, which I
suspect is not actually possible for most people, it means that
192.168.1.160 is using cloudflare for DNS.
I tried the above commands to 8.8.8.8 instead of 1.1.1.1, and it didn't
report "public resolver" which I found a little bit strange. So the OP
could probably use 8.8.8.8 and 8.8.4.4 for DNS, but that's not a good
idea long term. They really need to install unbound or bind9 on the
mailserver and use 127.0.0.1 for DNS.
Not sure if this applies or not: It is generally not a good idea to run
a public mailserver on a typical home ISP or many small business ISP
connections. These networks are very often on public blocklists used
all over the Internet, which means that a large percentage of the mail
that gets sent by a server in one of these ISP networks will be denied.
Thanks,
Shawn
