ix.dnsbl.manitu.net has shut down

[xudonax]

Contribution guidelines

• I've read the contribution guidelines and wholeheartedly agree

I've found a bug and checked that ...

• ... I understand that not following the below instructions will result in immediate closure and/or deletion of my issue.
• ... I have understood that this bug report is dedicated for bugs, and not for support-related inquiries.
• ... I have understood that answers are voluntary and community-driven, and not commercial support.
• ... I have verified that my issue has not been already answered in the past. I also checked previous issues.

Description

The DNSBL at ix.dnsbl.manitu.net has shut down, see https://www.nixspam.net/

Logs:

not applicable

Steps to reproduce:

1. Install mailcow
2. Check data/conf/postfix.main.cf
3. See ix.dnsbl.manitu.net listed in the postscreen_dnbl_sites around line 210

Which branch are you using?

master

Which architecture are you using?

x86

Operating System:

Rocky Linux 9.5

Server/VM specifications:

Intel Xeon E5-4640 0 (32) @ 2.800GHz

Is Apparmor, SELinux or similar active?

yes

Virtualization technology:

No

Docker version:

26.1.4

docker-compose version or docker compose version:

2.27.1

mailcow version:

2025-01a

Reverse proxy:

Traefik

Logs of git diff:

Only certs differ

Logs of iptables -L -vn:

not applicable

Logs of ip6tables -L -vn:

not applicable

Logs of iptables -L -vn -t nat:

not applicable

Logs of ip6tables -L -vn -t nat:

not applicable

DNS check:

not applicable

[patschi]

This blocklist was already removed in PR #6260 and is part of update 2025-01a. The update.sh script has also been modified to remove the blocklist from /opt/mailcow-dockerized/data/conf/postfix/dns_blocklists.cf (and has been in my setup during update).

Have you properly updated using update.sh and double-checked dns_blocklists.cf?

[rtfm98]

I updated mailcow to 2025-01a today (using update.sh) and can confirm that this blacklist still is part of postfix' main.cf:

root@host:/opt/mailcow-dockerized# grep -rin "ix.dnsbl.manitu.net" .
./data/conf/postfix/main.cf:185:  ix.dnsbl.manitu.net*2
./update_diffs/diff_before_update_2023-09-30-20-25-17:18:+  ix.dnsbl.manitu.net*2
./update_diffs/diff_before_update_2023-08-03-19-12-13:18:+  ix.dnsbl.manitu.net*2

I can't find the entry in dns_blocklists.cf, but in data/conf/postfix/main.cf:

# DO NOT EDIT ANYTHING BELOW #
# Overrides #

postscreen_dnsbl_sites = wl.mailspike.net=127.0.0.[18;19;20]*-2
  hostkarma.junkemailfilter.com=127.0.0.1*-2
  list.dnswl.org=127.0.[0..255].0*-2
  (...)
  ix.dnsbl.manitu.net*2
  bl.spamcop.net*2
  (...)

[patschi]

This is weird. Because postscreen_dnsbl_sites is only set in dns_blacklist.conf and not main.cf:
https://github.com/search?q=repo%3Amailcow%2Fmailcow-dockerized%20postscreen_dnsbl_sites&type=code

It is only here:

mailcow-dockerized/data/Dockerfiles/postfix/postfix.sh

Lines 396 to 418 in 120366f

	if [ ! -f /opt/postfix/conf/dns_blocklists.cf ]; then
	cat <<EOF > /opt/postfix/conf/dns_blocklists.cf
	# This file can be edited.
	# Delete this file and restart postfix container to revert any changes.
	postscreen_dnsbl_sites = wl.mailspike.net=127.0.0.[18;19;20]*-2
	hostkarma.junkemailfilter.com=127.0.0.1*-2
	list.dnswl.org=127.0.[0..255].0*-2
	list.dnswl.org=127.0.[0..255].1*-4
	list.dnswl.org=127.0.[0..255].2*-6
	list.dnswl.org=127.0.[0..255].3*-8
	bl.spamcop.net*2
	bl.suomispam.net*2
	hostkarma.junkemailfilter.com=127.0.0.2*3
	hostkarma.junkemailfilter.com=127.0.0.4*2
	hostkarma.junkemailfilter.com=127.0.1.2*1
	backscatter.spameatingmonkey.net*2
	bl.ipv6.spameatingmonkey.net*2
	bl.spameatingmonkey.net*2
	b.barracudacentral.org=127.0.0.2*7
	bl.mailspike.net=127.0.0.2*5
	bl.mailspike.net=127.0.0.[10;11;12]*4
	EOF
	fi

My setup is also quite "old" and updating for like past 4 years or so and don't have this set in main.cf.

[ngrie]

Had the same issue (ix.dnsbl.manitu.net still being present in main.cf) after upgrading Mailcow today. But, after another restart of Mailcow, the entry is gone.

From looking into the postfix.sh, I think it is because of the order of those two lines:

mailcow-dockerized/data/Dockerfiles/postfix/postfix.sh

Lines 419 to 422 in 120366f

	DNSBL_CONFIG=$(grep -v '^#' /opt/postfix/conf/dns_blocklists.cf | grep '\S')
	# Remove discontinued Nixspam DNSBL from existing dns_blocklists.cf
	sed -i '/ix\.dnsbl\.manitu\.net\*2/d' /opt/postfix/conf/dns_blocklists.cf

DNSBL_CONFIG variable is created before the line is removed.

[patschi]

Good catch! I actually ran the update twice because of adjusting the new FTS, so that could explain why I'm missing the entries. That might be worth a PR.

[xudonax]

Have you properly updated using update.sh and double-checked dns_blocklists.cf?

Yes, and it was still there.

This is weird. Because postscreen_dnsbl_sites is only set in dns_blacklist.conf and not main.cf:
https://github.com/search?q=repo%3Amailcow%2Fmailcow-dockerized%20postscreen_dnsbl_sites&type=code

This might be a "recent" change, seeing how my installation is easily four years old.

I updated mailcow to 2025-01a today (using update.sh) and can confirm that this blacklist still is part of postfix' main.cf:

Had the same issue (ix.dnsbl.manitu.net still being present in main.cf) after upgrading Mailcow today. But, after another restart of Mailcow, the entry is gone.

Happy I'm not the only one tbho

[Areafo]

Ok, so what we have to do? Still running update again and it is fixed?

[patschi]

Ok, so what we have to do? Still running update again and it is fixed?

Restarting postfix should be sufficient as well I think. Not tested:

cd /opt/mailcow-dockerized/

grep -i "ix\.dnsbl\.manitu\.net" data/conf/postfix/main.cf # Test if line present

docker compose restart postfix-mailcow # Restart postfix

grep -i "ix\.dnsbl\.manitu\.net" data/conf/postfix/main.cf # Test if line still present

[mrschyte]

Ok, so what we have to do? Still running update again and it is fixed?

Restarting postfix should be sufficient as well I think. Not tested:

cd /opt/mailcow-dockerized/

grep -i "ix\.dnsbl\.manitu\.net" data/conf/postfix/main.cf # Test if line present

docker compose restart postfix-mailcow # Restart postfix

grep -i "ix\.dnsbl\.manitu\.net" data/conf/postfix/main.cf # Test if line still present

Thanks, this resolved the issue for me.

[crpb]

fyi, rspamd edit: rspamd/rspamd#5300 thats the correct one ^_^