Yesterday all of a sudden I got many blacklist alerts for all my servers with a public IP address:
***** Service Monitoring on icinga2 *****
Info: CHECK_RBL WARNING - 212.103.71.210 BLACKLISTED on 1 server of 95 (bl.spamcannibal.org)
It's very unlikely that all servers are blacklisted at the same time. And as it already happened in the past (see Disable AHBL (Abuse Hosts) DNS blacklist in Spamassassin), a disabled DNSBL probably the cause.
And indeed, checking the whois of the domain reveals that the domain has expired on May 30 2019:
$ whois spamcannibal.org
Domain Name: SPAMCANNIBAL.ORG
Registry Domain ID: D98199203-LROR
Registrar WHOIS Server: whois.tucows.com
Registrar URL: http://www.tucows.com
Updated Date: 2019-05-30T02:52:25Z
Creation Date: 2003-05-26T19:20:39Z
Registry Expiry Date: 2020-05-26T19:20:39Z
Registrar Registration Expiration Date:
Registrar: Tucows Inc.
Registrar IANA ID: 69
[...]
In a browser, the appearing website is self explanatory as well:
As I'm using the check_rbl monitoring plugin, the blacklist can simply be removed or commented in the ini file containing all the blacklists.
# grep spamcannibal /usr/lib/nagios/plugins/rbl.ini
server=bl.spamcannibal.org
# sed -i "/spamcannibal/s/server/#server/" /usr/lib/nagios/plugins/rbl.ini
# grep spamcannibal /usr/lib/nagios/plugins/rbl.ini
#server=bl.spamcannibal.org
The plugin now returns OK again.
Claudio Kuenzler from Switzerland wrote on May 31st, 2019:
Draugas, check out the list of the check_rbl plugin: https://raw.githubusercontent.com/matteocorti/check_rbl/master/check_rbl.ini
Draugas from wrote on May 31st, 2019:
Can you share DNSBL list?
AWS Android Ansible Apache Apple Atlassian BSD Backup Bash Bluecoat CMS Chef Cloud Coding Consul Containers CouchDB DB DNS Database Databases Docker ELK Elasticsearch Filebeat FreeBSD Galera Git GlusterFS Grafana Graphics HAProxy HTML Hacks Hardware Icinga Influx Internet Java KVM Kibana Kodi Kubernetes LVM LXC Linux Logstash Mac Macintosh Mail MariaDB Minio MongoDB Monitoring Multimedia MySQL NFS Nagios Network Nginx OSSEC OTRS Office OpenSearch PGSQL PHP Perl Personal PostgreSQL Postgres PowerDNS Proxmox Proxy Python Rancher Rant Redis Roundcube SSL Samba Seafile Security Shell SmartOS Solaris Surveillance Systemd TLS Tomcat Ubuntu Unix VMWare VMware Varnish Virtualization Windows Wireless Wordpress Wyse ZFS Zoneminder