Skip to content
  • Solutions
    By Role
    • For Developers
    • For Content Managers
    • For Agencies
    • For IT Admins
    • For Web Hosters
    • For Developers
    • For Content Managers
    • For Agencies
    • For IT Admins
    • For Web Hosters
    By Infrastructure
    • Overview
    • AWS
    • Microsoft Azure
    • Alibaba Cloud
    • Google Cloud Platform
    • Vultr
    • Overview
    • AWS
    • Microsoft Azure
    • Alibaba Cloud
    • Google Cloud Platform
    • Vultr
    • Digital Ocean
    • Linode
    • Upcloud
    • Oracle
    • OVH
    • Digital Ocean
    • Linode
    • Upcloud
    • Oracle
    • OVH
  • Product
    • Plesk Features
    • Plesk Editions
    • What’s new
    • Pricing
    • Roadmap
    • Lifecycle Policy
    • Extensions Catalogue
  • Pricing
  • Extensions
    Featured Extensions
    • SocialBee
    • WP Toolkit
    • Sitejet Builder for Plesk
    • SEO Toolkit
    • Joomla! Toolkit
    • Premium Email
    • Email Security
    • SocialBee
    • WP Toolkit
    • Sitejet Builder for Plesk
    • SEO Toolkit
    • Joomla! Toolkit
    • Premium Email
    • Email Security
    Bundles and packs:
    • Business and Collaboration Edition
    • WP pack
    • Hosting pack
    • Power pack
    • Language pack
    • Business and Collaboration Edition
    • WP pack
    • Hosting pack
    • Power pack
    • Language pack

    See all Extensions

  • For Partners
    • Plesk Contributor Program
    • Plesk Partner Program
    • Affiliate program
    • Plesk University
  • Help Center
    • Documentation
    • Professional Services
    • Support
    • Contact Us
    • Wiki
    • Forum
  • Plesk 360 login
  • Free Trial
  • Pricing
  • Solutions
    • By Role
      • For Developers
      • For Content Managers
      • For Agencies
      • For IT Admins
      • For Web Hosters
    • By Infrastructure
      • Overview
      • Plesk on Amazon Web Services (AWS & Lightsail)
      • Microsoft Azure
      • Alibaba Cloud
      • Google Cloud Platform
      • Vultr
      • DigitalOcean
      • Linode
      • UpCloud
      • Oracle
      • OVH
  • Products
  • Pricing
  • Extensions
    • Featured Extensions
      • SocialBee
      • WP Toolkit
      • Sitejet Builder for Plesk
      • SEO Toolkit
      • Joomla! Toolkit
      • Premium Email
      • Email Security
    • Bundles and packs:
      • Business and Collaboration Edition
      • WP pack
      • Hosting pack
      • Power pack
      • Language pack
      • See all Extensions
  • For Partners
    • Plesk Contributor Program
    • Plesk Partner Program
    • Affiliate Program
    • Plesk University
  • Help Center
    • Documentation
    • Professional Services
    • Support
    • Contact Us
    • Wiki
    • Forum
  • Plesk 360 login
  • Free Trial
  • Pricing
  • Solutions
    • By Role
      • For Developers
      • For Content Managers
      • For Agencies
      • For IT Admins
      • For Web Hosters
    • By Infrastructure
      • Overview
      • Plesk on Amazon Web Services (AWS & Lightsail)
      • Microsoft Azure
      • Alibaba Cloud
      • Google Cloud Platform
      • Vultr
      • DigitalOcean
      • Linode
      • UpCloud
      • Oracle
      • OVH
  • Products
  • Pricing
  • Extensions
    • Featured Extensions
      • SocialBee
      • WP Toolkit
      • Sitejet Builder for Plesk
      • SEO Toolkit
      • Joomla! Toolkit
      • Premium Email
      • Email Security
    • Bundles and packs:
      • Business and Collaboration Edition
      • WP pack
      • Hosting pack
      • Power pack
      • Language pack
      • See all Extensions
  • For Partners
    • Plesk Contributor Program
    • Plesk Partner Program
    • Affiliate Program
    • Plesk University
  • Help Center
    • Documentation
    • Professional Services
    • Support
    • Contact Us
    • Wiki
    • Forum
  • Plesk 360 login
  • Free Trial
Plesk 360 login
Free Trial

Knowledge Base

Incoming mail to Plesk server is rejected by Spamhaus BL: Error: open resolver

 
azurebest practicesdnsdomainsemail

Symptoms

  • All incoming mail to Plesk server is rejected;
  • DNSBL protection using Spamhaus is enabled in Plesk:
    spamhausbl_enabled.png
  • Plesk server is configured to use an open DNS resolver:

    # cat /etc/resolv.conf
    nameserver 1.1.1.1
    nameserver 8.8.8.8

  • 554 5.7.1 Service unavailable status code is returned to the sending SMTP system;
  • Sending email clients may receive an NDR bounce message;
  • The following lines are logged to the /var/log/maillog file:

    Aug 12 08:19:18 ziprelay postfix/smtpd[20247]: NOQUEUE: reject: RCPT from mail-oln040092073050.outbound.protection.outlook.com[203.0.113.2]: 554 5.7.1 Service unavailable; Client host [203.0.113.2] blocked using sbl.spamhaus.org; Error: open resolver; https://www.spamhaus.org/returnc/pub/2001:db8:f61:a1ff:0:0:0:80; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<EUR04-HE1-obe.outbound.protection.outlook.com>

    Your message couldn't be delivered because it's suspected of being spam For best practices when sending email, [email protected] Remote Server returned '550 5.7.514 Decision Engine classified the mail item was rejected because of IP Block (from outbound normal IP pools) -> 554 5.7.1 Service unavailable; Client host [203.0.113.2] blocked using zen.spamhaus.org'

Cause

Email messages are rejected due to the fact that Spamhaus stopped supporting public DNS resolvers and Plesk server is configured to use them. For more information on a change in Spamhaus policy, please refer here.

Resolution

There are several ways of solving:

  1. Disable DNSBL queries on Plesk server by unchecking the Turn on spam protection based on DNS blackhole lists checkbox at Tools & Settings > Mail Server Settings.
  2. Configure Plesk server to use a non-public DNS resolver. To use a private DNS resolver, you would have to:

    1. Set up an on-premise DNS server, or utilize a private DNS resolver service such as Azure DNS Private Resolver.
    2./etc/resolv.conf would then have to be edited to point the server to the new DNS resolver's IP using the format:

    nameserver 192.0.2.2

  3. Configure Plesk server to use a different DNSBL service that does not forces us to access it via non-public DNS resolvers: dnsbl.info; spamcop.net; spam.abuse.net
  4. Switch to using Spamhaus DQS (Data Query Service) as a way to access the DNSBL service. The drawback of this approach is that it requires you to contact Spamhaus to get an access key. More information can be found here.
  5. Edit the /etc/postfix/main.cf configuration file as described below to introduce exclusions (specific email addresses or whole domains) to Postfix.

    How to add exclusions to Postfix:

    1. Create the /etc/postfix/rbl_override file:

      # touch /etc/postfix/rbl_override

    2. Edit /etc/postfix/rbl_override file and add domains  - one per line:

      # vi /etc/postfix/rbl_override
      gmail.com OK
      outlook.com OK

    3. Convert the file into a lookup table:

      # postmap /etc/postfix/rbl_override

    4. Alter the Postfix configuration file /etc/postfix/main.cf in regard to the following directive:

      smtpd_client_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_rbl_client sbl.spamhaus.org

      It should look like:

      smtpd_client_restrictions = permit_mynetworks, permit_sasl_authenticated, check_client_access hash:/etc/postfix/rbl_override, reject_rbl…

Tweet
Share
Share
Email
0 Shares
Read the full article
Related Posts

DNS_PROBE_FINISHED_NXDOMAIN: What Is It And How To Fix The Problem

Read More »

Exploring Plesk’s Added Value Solutions So Far in 2023

Read More »

Unveiling Sitejet Builder: The Perfect Match for Your Effortless Website Creation Needs

Read More »
Knowledge Base

Email header analysis reports SPF failed for localhost IP on mail sent from Plesk hosted mailbox: SPF Authentication : SPF Failed for IP – 127.0.0.1

Read More »

Websites on Plesk server are slow or show error 500 or PHP mail cannot be sent: ap_pass_brigade failed

Read More »

Unable to send mail from Plesk server: deferred (delivery temporarily suspended: connect to 127.0.0.1[127.0.0.1]:10024: Connection refused)

Read More »

Mail delivery does not work: do not list domain in BOTH mydestination and virtual_mailbox_domains

Read More »

Hosting Wiki

  • RESTful Web Service
  • Server Redundancy
  • Cloud Service Architecture
  • Virtualizor
  • QMAIL
  • Sendmail
  • Postfix
  • On-Demand Services
  • Bare Metal Server
  • Denial of Service
  • Red Hat Virtualization
  • Virtuozzo
  • Oracle VM Server
  • Citrix Hypervisor
  • Server Virtualization Software
  • Windows Server
  • Linux
  • Virtualization
  • JavaScript
  • Domain
  • VirtualMin
  • Plesk
  • Web Server
  • Static DNS
  • DNS Server
  • DNS Forwarding
  • Reverse DNS
  • IPv6
  • IPv4
  • SIP
  • UDP/IP
  • Email Autoresponder
  • Mailing Lists
  • Email Alias
  • Email Virus Protection
  • Email Forwarding
  • Webmail
  • SpamAssassin
  • SPAM filter
  • SPAM
  • TCP/IP
  • HTTP
  • SMTP
X-twitter Linkedin Youtube Reddit Github
  • Product
  • Login
  • Pricing
  • Editions
  • For Partners
  • Partner Program
  • Contributor Program
  • Affiliate Program
  • Plesk University
  • Company
  • Blog
  • Careers
  • Events
  • About Plesk
  • Our Brand
  • Resources
  • User and Admin guides
  • Help Center
  • Migrate to Plesk
  • Contact Us
  • Hosting Wiki
  • Forum
  • Legal
  • Legal
  • Privacy Policy
  • Imprint

© 2025 WebPros International GmbH

Part of the WebPros®  Family