On Wed, 4 May 2022 20:47:16 +0200
Arrigo Triulzi <arr...@alchemistowl.org> wrote:
> On 4 May 2022, at 20:40, li...@lazygranch.com wrote:
> >
> > Though not currently bouncing my maillog had this message
> > (sanitized because of Google):
> >
> > NOQUEUE: reject: RCPT from avasout-peh-001.plus.net[212.159.14.17]:
> > 554 5.7.1 Service unavailable; Client host [212.159.14.17] blocked
> > using zen.spamhaus.org; Error: open resolver;
> > https://www.spamhaus.org/returnc/pub/172.69.133.38;
> > from=<someper...@notme99.plus.com> to=<m...@mydomain.com> proto=ESMTP
> > helo=<avasout-peh-001.plus.net>
>
> This is because your DNS resolution is via
> open DNS such as Google’s 8.8.8.8 or Quad9’s 9.9.9.9 or Cloudflare’s
> 1.1.1.1.
>
> You can get rid of it, and use Spamhaus just fine, by installing a
> caching resolver such as unbound.
>
> Cheers,
>
> Arrigo
Quad 9 uses a number of DNS servers with different names but I guess
that isn't good enough. I had set up unbound on the VPS used for my VPN
when I set up dnscrypt. I don't recall why I pulled it. I am going to
give systemd resolved a try. I suspect if it is a good replacement for
unbound it would be praised as such. But the install is a low effort so
it is worth a shot.
Thanks to Peter for explaining when the warn_if_reject does.
