[pfx] Re: Postfix and Spamhaus

On 2025-01-14 19:48, pgnd via Postfix-users wrote: > > "Spamhaus's initial recommendation was to disable QNAME minimization > altogether, but ISC disagrees: the correct solution is for Spamhaus to fix > its broken servers. QNAME minimization is an important privacy protection > that is ena

[pfx] Re: Postfix and Spamhaus

i am trying $ cat /etc/unbound/unbound.conf.d/spamhaus.conf server: qname-minimisation: no randy ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org

[pfx] Re: Postfix and Spamhaus

As it seems bind turns off qname minimization for queries to SH. As I can find something like this in the query log: named[4205]: success resolving '49.236.215.178.6.zen.dq.spamhaus.net/A' after disabling qname minimization due to 'ncache nxdomain So, I'd say it's not necessa

[pfx] Re: Postfix and Spamhaus

Hi Tomasz, can you explain why it's better to turn off QNAME minimization MTAs and spam checkers? Andreas Am 14.01.2025 um 18:56 schrieb Steffan Cline via Postfix-users: Just FYI, it's better to turn off QNAME minimization on DNS servers used by MTAs and spam checkers. My NSes are using 9.1

[pfx] Re: Postfix and Spamhaus

> Just FYI, it's better to turn off QNAME minimization on DNS servers used by > MTAs and spam checkers. My NSes are using 9.11 and I don't have that QNAME-minimization option available in my config however looking at tcpdump, it doesn't look as if it's minimizing it. I plan to upgrade my NS so

[pfx] Re: Postfix and Spamhaus

I removed Google DNS off of my name servers and confirmed that they're still resolving everything fine. This should eliminate the issue Wietse mentioned with too many name servers in the list. I haven't yet checked the logs today to see if I'm still getting any errors using the public mirrors.

[pfx] Re: Postfix and Spamhaus

On 2025-01-13 17:41, Steffan Cline via Postfix-users wrote: reject_rhsbl_sender mykey.dbl.dq.spamhaus.net=127.0.1.[2..99], ^ On 13.01.25 22:08, Tomasz Pala via Postfix-users wrote: BTW you can use DQS via public resolvers just fine - although it's better to use own D

[pfx] Re: Postfix and Spamhaus

Michael Grimm via Postfix-users wrote: > Tomasz Pala via Postfix-users wrote: > > [Spamhaus DQS] > >> Did you switch? How long is "mykey"? > > Mine has 27 characters. Me bad, make that 26 chars. Regards, Michael ___ Postfix-users mailing list -- p

[pfx] Re: Postfix and Spamhaus

Tomasz Pala via Postfix-users wrote: [Spamhaus DQS] > Did you switch? How long is "mykey"? Mine has 27 characters. Don't know if they all have the same size, though. Regards, Michael ___ Postfix-users mailing list -- postfix-users@postfix.org To uns

[pfx] Re: Postfix and Spamhaus

On 2025-01-14 00:02, Steffan Cline via Postfix-users wrote: > > If I take out the GoogleDNS from the name servers, would that resolve this > issue? _This_ problem? - yes, you won't have any DNS available. https://www.spamhaus.org/faqs/dnsbl-usage/#simple-command-line-test-of-your-dnsbl-resolver

[pfx] Re: Postfix and Spamhaus

Steffan Cline via Postfix-users: > Wietse, > > 127.0.0.1 was in the resolv.conf file on the NS from the start. > If I take out the GoogleDNS from the name servers, would that resolve this > issue? You need to ensure that the resolvers on your NS VMs aren't forwarding queries through someone else

[pfx] Re: Postfix and Spamhaus

Wietse, 127.0.0.1 was in the resolv.conf file on the NS from the start. If I take out the GoogleDNS from the name servers, would that resolve this issue? Someone else mentioned SH's DQS. The reason I switched to that was the open resolver error below. Jan 13 15:58:59 host1 postfix/smtpd[40647

[pfx] Re: Postfix and Spamhaus

On 2025-01-13 17:41, Steffan Cline via Postfix-users wrote: > > reject_rhsbl_sender mykey.dbl.dq.spamhaus.net=127.0.1.[2..99], >^ Let me ask you a stupid question - how long in real is "mykey" above? BTW you can use DQS via public resolvers just fine - although it's b

[pfx] Re: Postfix and Spamhaus

Steffan Cline via Postfix-users: > Wietse, > > On my mail server, this is the resolv.conf > > # cat /etc/resolv.conf > # Generated by NetworkManager > search hldns.com > nameserver 199.249.188.251 > nameserver 199.249.188.252 > nameserver 199.249.188.253 > > These are all my own name servers how

[pfx] Re: Postfix and Spamhaus

Randy, I was doing it just like that too but having issues. When I started googling errors from the maillog, I was directed to DQS so I was trying to use their instructions to get it working. Thank you, Steffan Cline stef...@hldns.com 602-793-0014 On 1/13/25

[pfx] Re: Postfix and Spamhaus

Wietse, On my mail server, this is the resolv.conf # cat /etc/resolv.conf # Generated by NetworkManager search hldns.com nameserver 199.249.188.251 nameserver 199.249.188.252 nameserver 199.249.188.253 These are all my own name servers however on my NS VMs, the resolv.conf has nameserver 127.0.0

[pfx] Re: Postfix and Spamhaus

> in either case, there's the additional choice of moving some of the SH > rules to postscreen config, e.g., > > > https://docs.spamhaus.com/datasets/docs/source/40-real-world-usage/PublicMirrors/MTAs/020-Postfix.html#using-postscreen-instead thanks. looks tasty! randy ___

[pfx] Re: Postfix and Spamhaus

fwiw, i have smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, permit_auth_destination, # reject_unauth_destination reject_rbl_client zen.spamhaus.org, reject_rhsbl_reverse_client dbl.spamhaus.org, reject_rhsbl_helo dbl.spamhaus.org, reje

[pfx] Re: Postfix and Spamhaus

Steffan Cline via Postfix-users: > I am hoping someone has already come across this issue. > I'm trying to integrate Spamhaus with my postfix set up. I've followed their > directions below. > After applying the configs, it fails. I get a series of emails similar to > shown below. What is in your