On 18 Nov 2019, at 15:38, Gregory Heytings wrote:
replace the contents of /etc/resolv.conf by:
nameserver 8.8.8.8
nameserver 8.8.4.4
your problem will likely be solved.
Note that doing this (using Google's public DNS service) will kill the
effectiveness of DNSBLs and of anti-spam tools like SpamAssassin that
use DNSBLs for scoring. The most common effectiveness problem people
report to us on the Apache SpamAssassin project is the de facto non-use
of the many DNSBLs (including URIBLs and RHSBLs) SA normally uses,
resulting from the use of shared public and ISP DNS resolvers.
Generally, a mail server should have a caching recursive resolver
running locally: either on the same machine or the same truly local
network. If you have to cross a router and/or a WAN link of some sort
for every DNS lookup, performance will suffer (in addition to the issue
with DNSBLs.) If you use one of the shared resolvers that hijack
NXDOMAIN results or otherwise bowdlerize DNS to suit web browsing,
security is at risk.
Between some distributions adopting Unbound and others changing their
standard BIND configs to be simple caching resolvers, the excuses for
not running a local caching recursive resolver on a mail server have
become quite weak.
--
Bill Cole
b...@scconsult.com or billc...@apache.org
(AKA @grumpybozo and many *@billmail.scconsult.com addresses)
