Hello everyone,
TL;DR: make sure to whitelist mission-critical IPs when using block lists.
I am writing to report on a situation that happened last week, hoping my experience can be of use to others.
A few days ago, I noticed that I was not able to send e-mails. No domains were being recognized by the mail server.
Weird. We shall check, then.
There, I noticed that DNS was not working. I had CloudFlare's 1.1.1.1 set up. Weirder.
As some here may know, I use a OpenBSD box as a transparent bridge, with some block lists that aim to filter traffic from botnets and other not-so-desirable sources.
Now, my internal network does not use 1.1.1.1, so it was working without issue.
After some fizzling around, it ended up being that, at one point, 1.1.1.1 was on a block list, promptly downloaded and blocked by the transparent bridge. Thus, no hosts on my internal network could reach out to it.
Whitelist it, done.
Or not: this morning, Adam lets me know that MUUG is unable to send me e-mails, which are being promptly spat out by my naughty mail server. Who dares to do that to our most glorious group? Bad, bad server. No donut for you.
Now, to the fallout of the DNS issue: my server receives an e-mail, can't resolve source domain. "It must be junk", it thinks. Fail2ban pops in and bans the "offending" IP. I fixed the DNS issue... however, the fail2ban database was already full of legitimate domains it could not resolve because of said issue.
No wonder my mailbox was eerily quiet for the last few days...
Kind regards, Alberto Abrao