Re: mail.protection.outlook.com rejections

Tue, 01 Nov 2022 08:17:57 -0700 


thanks for the info ....

I learned something !



Happy Tuesday !!!
Thanks - paul

Paul Kudla


Scom.ca Internet Services <http://www.scom.ca>
004-1009 Byron Street South
Whitby, Ontario - Canada
L1N 4S3

Toronto 416.642.7266
Main 1.866.411.7266
Fax 1.888.892.7266
Email p...@scom.ca

On 11/1/2022 11:13 AM, Bill Cole wrote:


On 2022-11-01 at 10:16:15 UTC-0400 (Tue, 1 Nov 2022 10:16:15 -0400)
Paul Kudla <p...@scom.ca>
is rumored to have said:


well at lest this is starting to make total sense.

i was unaware of unbound dns and not really sure that would ever work on a mail 
server?

even if it does elsewhere


Unbound works perfectly as a local recursing caching resolver on a mail server.



postfix 101

postfix will always look at the resolv.conf file on a unix system.

if all you have is 127.0.0.1 (loopback) and assuming that is even attached to 
unbond dns its just an added layer that is not nessesary and in my opinion 
introduse resolving issues which you do seem to be having.


Simply not true. If you want to query a local DNS daemon, it MUST be referenced 
in resolv.conf.



my final suggestion would be to correct the resolv.conf file which is what all 
unix software goes to when using an internal dns system call.

ie the c libraries that compile postfix (and everything else) will try to use 
the internal dns function calls which would always go back to /etc/resolv.conf

resolv.conf needs to point to valid dns servers (8.8.8.8 for example)


It is very unwise to use a free public resolver (such as Google's 8.8.8.8) for 
a mail server.


or to your own bind dns server running on the system.


Or *any* capable DNS resolver. I love BIND, but unless you need to serve 
authoritative zones or do complicated selective resolution, a purpose-built 
resolver-only tool like Unbound or the PDNS Resolver is usually a better 
choice. With a resolver on the local system, a 127.0.0.1 line in resolv.conf 
would be correct.


these are the standard's on anything unix based.


BIND is not part of any standard and is no longer included as a core component 
in many unix-based systems. For example, FreeBSD no longer includes a BIND 
(local-named) service in base but does include an optional Unbound 
(local-unbound) service, fully configured, so you can have a perfectly 
functional recursing caching resolver managed as part of base without doing any 
config tuning.





























					Reply via email to