Fixing "550 5.7.1 Service Unavailable – Client Host Blocked Using Spamhaus"

Table of Contents: Check If Your IP is Blacklisted Identify Why Your IP is Blacklisted Remove Your IP from Spamhaus Secure Your Mail Server to Prevent Future Blacklisting Test Email Deliverability Summary

Check If Your IP is Blacklisted

Use one of the following methods to confirm if your IP is blacklisted:

Check via Spamhaus Website

1. Visit: Spamhaus IP Lookup
2. Enter your server's public IP address (not your local network IP).
3. Click "Lookup" to see if your IP is blacklisted.

If your IP is listed, you'll see details about which list it's on and why it was blocked.

Check via Command Line (Linux/Mac)

Query Spamhaus's DNSBL directly. Replace YOUR.IP.ADDRESS.HERE with your actual IP:

dig +short YOUR.IP.ADDRESS.HERE.zen.spamhaus.org

• If the command returns no output, your IP is NOT listed.
• If it returns an IP address (like 127.0.0.2), your server is blacklisted. The returned code indicates which specific Spamhaus list you're on.

Identify Why Your IP is Blacklisted

Spamhaus maintains several blocklists. The lookup results will show which one you're on:

Remove Your IP from Spamhaus

If your IP is blacklisted, follow these steps in order to request removal.

1. Fix the Root Cause First

Do not request removal before fixing the problem, or you'll be re-listed quickly.

• Scan for malware: Check your server for unauthorized scripts or compromised user accounts.
• Stop outgoing spam: Check mail logs (/var/log/mail.log or /var/log/exim/mainlog) for suspicious sending activity.
• Secure web applications: Ensure contact forms, WordPress sites, etc., are not being abused by spammers.

2. Request Delisting from Spamhaus

1. Visit: Spamhaus Block Removal Center
2. Enter your server's IP address.
3. Click the appropriate removal link (e.g., "Remove an IP from the PBL").
4. Follow the instructions. For SBL/XBL listings, you may need to explain what the problem was and the steps you took to fix it.

Spamhaus usually processes removal requests within a few minutes to 24 hours.

Secure Your Mail Server to Prevent Future Blacklisting

Check for and Close Open Mail Relays

An open relay allows anyone on the internet to send emails through your server, which spammers love.

Quick test:

telnet yourserver.com 25
HELO test
MAIL FROM:<spammer@example.com>
RCPT TO:<victim@external-domain.com>

If the server accepts the RCPT TO for an external domain without authentication, it's an open relay.

For Postfix (Edit /etc/postfix/main.cf):

smtpd_recipient_restrictions = 
    permit_mynetworks,
    permit_sasl_authenticated,
    reject_unauth_destination

Restart Postfix:

sudo systemctl restart postfix

Set Up SPF, DKIM, and DMARC

These DNS records authenticate your emails, greatly improving deliverability and trust.

SPF Record (DNS TXT Record)
Example for a server that only sends mail from its own IP and MX records:

v=spf1 mx a ip4:YOUR_SERVER_IP ~all

DKIM (For Postfix with OpenDKIM)
Generate keys and configure OpenDKIM, then add the public key to DNS:

default._domainkey.yourdomain.com TXT "v=DKIM1; k=rsa; p=YOUR_LONG_PUBLIC_KEY_HERE"

DMARC Record (DNS TXT Record)
Start with a monitoring policy:

_dmarc.yourdomain.com TXT "v=DMARC1; p=none; rua=mailto:reports@yourdomain.com"

Implement Email Sending Rate Limits

Bursts of emails look like spam. Limit outbound sending in Postfix (main.cf):

smtpd_client_message_rate_limit = 100
default_destination_rate_delay = 1s
default_destination_recipient_limit = 50

Restart: sudo systemctl restart postfix

Test Email Deliverability

Once delisted, verify your fixes work.

1. Send a test email to an external address (e.g., Gmail):

   echo "Deliverability test" | mail -s "Test from Server" your@gmail.com

2. Check your mail logs for success or new errors:

   sudo tail -f /var/log/mail.log

3. Use an online tool like Mail-Tester.com to get a detailed spam score and configuration report.

Summary

By following these steps, your emails should be delivered without Spamhaus blocking your server!