- All incoming mail to Plesk server is rejected;
- DNSBL protection using Spamhaus is enabled in Plesk:
- Plesk server is configured to use an open DNS resolver:
# cat /etc/resolv.conf
- 554 5.7.1 Service unavailable status code is returned to the sending SMTP system;
- Sending email clients may receive an NDR bounce message;
- The following lines are logged to the
Aug 12 08:19:18 ziprelay postfix/smtpd: NOQUEUE: reject: RCPT from mail-oln040092073050.outbound.protection.outlook.com[203.0.113.2]: 554 5.7.1 Service unavailable; Client host [203.0.113.2] blocked using sbl.spamhaus.org; Error: open resolver; https://www.spamhaus.org/returnc/pub/2001:db8:f61:a1ff:0:0:0:80; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<EUR04-HE1-obe.outbound.protection.outlook.com>
Your message couldn't be delivered because it's suspected of being spam For best practices when sending email, [email protected] Remote Server returned '550 5.7.514 Decision Engine classified the mail item was rejected because of IP Block (from outbound normal IP pools) -> 554 5.7.1 Service unavailable; Client host [203.0.113.2] blocked using zen.spamhaus.org'
Email messages are rejected due to the fact that Spamhaus stopped supporting public DNS resolvers and Plesk server is configured to use them. For more information on a change in Spamhaus policy, please refer here.
There are several ways of solving:
- Disable DNSBL queries on Plesk server by unchecking the Turn on spam protection based on DNS blackhole lists checkbox at Tools & Settings > Mail Server Settings.
- Configure Plesk server to use a non-public DNS resolver. To use a private DNS resolver, you would have to:
1. Set up an on-premise DNS server, or utilize a private DNS resolver service such as Azure DNS Private Resolver.
/etc/resolv.confwould then have to be edited to point the server to the new DNS resolver's IP using the format:
- Configure Plesk server to use a different DNSBL service that does not forces us to access it via non-public DNS resolvers: dnsbl.info; spamcop.net; spam.abuse.net
- Switch to using Spamhaus DQS (Data Query Service) as a way to access the DNSBL service. The drawback of this approach is that it requires you to contact Spamhaus to get an access key. More information can be found here.
- Edit the
/etc/postfix/main.cfconfiguration file as described below to introduce exclusions (specific email addresses or whole domains) to Postfix.
How to add exclusions to Postfix: