Recently, nerd.dk stopped responding to DNS calls related to RBL lookups using their "countries" database.  


For example, if you were trying to block Russian (ru) IPs, you would add the following to 

System Setup > Mail Relay > IP Controls > RBL Servers:
ru.countries.nerd.dk


If you have a many of these country-based RBL servers, this can lead to DNS timeouts, and that cause mail relays sending you mail to drop the connection:


In Logs > Mail, you may see something like:


Jan  9 08:10:08 mx2 postfix/smtpd[73163]: warning: 218.39.240.54.ru.countries.nerd.dk: RBL lookup error: Host or domain name not found. Name service error for name=218.39.240.54.ru.countries.nerd.dk type=A: Host not found, try again


Jan  9 08:10:23 mx2 postfix/smtpd[73163]: warning: 218.39.240.54.ua.countries.nerd.dk: RBL lookup error: Host or domain name not found. Name service error for name=218.39.240.54.ua.countries.nerd.dk type=A: Host not found, try again


Jan  9 08:10:38 mx2 postfix/smtpd[73163]: warning: 218.39.240.54.jp.countries.nerd.dk: RBL lookup error: Host or domain name not found. Name service error for name=218.39.240.54.jp.countries.nerd.dk type=A: Host not found, try again


Jan  9 08:10:54 mx2 postfix/smtpd[73163]: warning: 218.39.240.54.hk.countries.nerd.dk: RBL lookup error: Host or domain name not found. Name service error for name=218.39.240.54.hk.countries.nerd.dk type=A: Host not found, try again

....

Jan  9 08:12:54 mx2 postfix/smtpd[73163]: warning: 218.39.240.54.et.countries.nerd.dk: RBL lookup error: Host or domain name not found. Name service error for name=218.39.240.54.et.countries.nerd.dk type=A: Host not found, try again

Jan  9 08:12:54 mx2 postfix/smtpd[73163]: 6A9201E0F5B: client=a39-218.smtp-out.amazonses.com[54.240.39.218]

===> the DNS checks against the RBL timing out


===> then the mail relay drops the connection before any data is sent

Jan  9 08:12:54 mx2 postfix/smtpd[73163]: lost connection after RCPT from a39-218.smtp-out.amazonses.com[54.240.39.218]

Jan  9 08:12:54 mx2 postfix/smtpd[73163]: disconnect from a39-218.smtp-out.amazonses.com[54.240.39.218] ehlo=2 starttls=1 mail=1 rcpt=1 commands=5


To fix:

  1. Remove the RBLs that end in .countries.nerk.dk from System Setup > Mail Relay > IP Controls > RBL Servers 
  2. Instead, use Filter Rules > Geoblocking to block by Country (it uses the same countries.nerd.dk database, but doesn't use DNS).  ==> Note:  unlike using RBLs, By using Geoblocking, you can exempt by sending IP / sending domain / sending email address.