Recently my mail server started to deliver an increased spam volume. Inspecting the logs I found Spamhaus blacklist was no longer effective. After some tests, it turned out that the DNS used by my (virtual) server at Aruba non longer resolved Spamhaus queries correctly:
>nslookup > server dns2.technorail.com Default Server: dns2.technorail.com Address: 18.104.22.168 > 22.214.171.124.pbl.spamhaus.org Server: dns2.technorail.com Address: 126.96.36.199 *** dns2.technorail.com can't find 188.8.131.52.pbl.spamhaus.org: Non-existent domain
Now switch to my router address, which forward DNS queries to my ISP DNS (Telecom Italia):
> server 192.168.200.254 Default Server: [192.168.200.254] Address: 192.168.200.254 > 184.108.40.206.pbl.spamhaus.org Server: [192.168.200.254] Address: 192.168.200.254 Non-authoritative answer: Name: 220.127.116.11.pbl.spamhaus.org Address: 127.0.0.11
For some reason Technorail, the DNS used by Aruba, does not forward queries to Spamhaus and always returns a NXDOMAIN return code, thereby allowing all spam in. Don't know if this is a new "feature" to sell their antispam service, or just a DNS issue. By now I resolved using different DNS servers. I opened a ticket with their helpdesk, let's see what's the answer.Update: Aruba helpdesk answered that being technorail.com DNSes public, they are (now) configured not to forward queries to Spamhaus. Spamhaus itself recommends that, and ask to use your own DNSes to query its database.