The DNSBL AHBL (Abusive Hosts Blocking Lists) is no longer offer their service.

jorgedlcruz · Post by **jorgedlcruz** » Wed Jan 07, 2015 3:47 am

An important announcement, AHBL is down now, so customers please don't use it, you can see the official note - http://www.ahbl.org/content/changes-ahbl.
The rhsbl.ahbl.org, dnsbl.ahbl.org, and ircbl.ahbl.org are not working anymore. This means that these services will return positive responses for any queries. More info here - http://www.ahbl.org/content/last-notice ... es-jan-1st
See here a Community Forum - http://community.zimbra.com/collaborati ... 71/1581468
So if you are using it, please remove it from your Zimbra servers.
Spamassasin have a proper autoupdate the scores and list, and should be comment the AHBL. Check it, and if you have problems with the autoupdate, please run it manually:
/opt/zimbra/libexec/zmsaupdate
If you have 8.0.6 or previous, we have a bug and you need to take a look here - https://bugzilla.zimbra.com/show_bug.cgi?id=85462
In case that you have any trouble, please edit the 50_scores.cf file and comment the lines from AHBL.
We can confirm that in 8.6, 8.5.1, 8.5 and 8.0.9 and 8.0.8 you should be able to launch this command, and see AHBL disabled:
In Zimbra 8.0.x
root@zimbra-sn-u12-01:/home/oper# more /opt/zimbra/conf/spamassassin/50_scores.cf | grep AHBL
# AHBL is closing down. disabling early. (Axb-2014-03-28)
#score DNS_FROM_AHBL_RHSBL 0 2.438 0 2.699 # n=0 n=2

In Zimbra 8.x
more /opt/zimbra/data/spamassassin/rules/50_scores.cf | grep AHBL
# AHBL is closing down. disabling early. (Axb-2014-03-28)
#score DNS_FROM_AHBL_RHSBL 0 2.438 0 2.699 # n=0 n=2

Best regards

chertel · Post by **chertel** » Thu Jan 08, 2015 9:21 am

Hi Jorge,

please note that it is not sufficient to avoid using the AHBL blacklist in the MTA configuration of Zimbra.
The blacklist is enabled by default in the SpamAssassin configuration delivered with Zimbra, which is why ALL incoming mails will get additional spam points (see mail headers, e. g.: DNS_FROM_AHBL_RHSBL=2.699).

It is necessary to disable the use of this blacklist in the SpamAssassin configuration by adding the following to /opt/zimbra/conf/spamassassin/local.cf:

# disable AHBL, see http://www.ahbl.org/content/changes-ahbl
score DNS_FROM_AHBL_RHSBL 0

Afterwards, restart Zimbra services (maybe there is shortcut to only restart SpamAssassin, but I haven't found it yet):

zmcontrol restart

Best regards,
Christian Hertel

jorgedlcruz · Post by **jorgedlcruz** » Thu Jan 08, 2015 9:30 am

Hi Christian,
I've opened a Bug case for this - https://bugzilla.zimbra.com/show_bug.cgi?id=97212
Thank you very much for your info.

msquadrat · Post by **msquadrat** » Thu Jan 08, 2015 9:32 am

I think this update is already distributed via the SpamAssassin update mechanism. Depending on your version of Zimbra this should be updated automatically via /opt/zimbra/libexec/zmsaupdate

chertel · Post by **chertel** » Thu Jan 08, 2015 9:43 am

Hmmm...as of the time of this comment, it was still enabled (Servers are running Zimbra 8.0.7) and leading to false-positives.

jorgedlcruz · Post by **jorgedlcruz** » Thu Jan 08, 2015 9:57 am

Hi chertel,
Should came down with an autoupdate, check it here you should have something like this:
root@zimbra-sn-u12-01:/home/oper# more /opt/zimbra/conf/spamassassin/50_scores.cf | grep AHBL
# AHBL is closing down. disabling early. (Axb-2014-03-28)
#score DNS_FROM_AHBL_RHSBL 0 2.438 0 2.699 # n=0 n=2
Do you have your Zimbra Server connection to Internet?
Best regards

chertel · Post by **chertel** » Thu Jan 08, 2015 10:02 am

Hi Jorge,

no, I don't have that line on our servers (and yes, the servers have internet connection):

# more /opt/zimbra/conf/spamassassin/50_scores.cf | grep AHBL
score DNS_FROM_AHBL_RHSBL 0 2.438 0 2.699 # n=0 n=2

Maybe that autoupdate was added in later versions of Zimbra than 8.0.7 ?

Btw.: Your announcement also claims that the AHBL operators have whitelisted everything. In fact, the opposite is the case. See:
http://www.ahbl.org/content/last-notice ... es-jan-1st ("This means that these services will return positive responses for any queries.").

Best regards,
Christian

chertel · Post by **chertel** » Thu Jan 08, 2015 10:06 am

Ah, just get that from your bug report:

"All the servers I've looked at from 8.0.8-8.6.0 have this disabled"

Looks like that auto-update was added in Zimbra 8.0.8

msquadrat · Post by **msquadrat** » Thu Jan 08, 2015 10:11 am

The SpamAssassin auto update was added for 8.0.5. From the Release Notes:

82201

A new cronjob has been created to run nightly to check if

automated updates to spam assassin are available. The

command is zmsaupdate. Two LC keys are configured:

Ã¢â‚¬Â¢ antispam_enable_rule_updates. If TRUE, rule updates for

spamassassin are automatic.

Ã¢â‚¬Â¢ antispam_enable_restarts: If TRUE. AMAVIS restarts

automatically IF there was a successful rule update.

jorgedlcruz · Post by **jorgedlcruz** » Thu Jan 08, 2015 10:15 am

Hi chertel,
Please launch the command that Malte told:
/opt/zimbra/libexec/zmsaupdate
And then check again the scores
root@zimbra-sn-u12-01:/home/oper# more /opt/zimbra/conf/spamassassin/50_scores.cf | grep AHBL
# AHBL is closing down. disabling early. (Axb-2014-03-28)
#score DNS_FROM_AHBL_RHSBL 0 2.438 0 2.699 # n=0 n=2
Do your server have access to Internet?