Re: Trying to understand this DNSBL blocking issue

On 05/03/2022 19:26, Gerben Wierda wrote: On 5 Mar 2022, at 18:23, Matus UHLAR - fantomas wrote: On 05.03.22 12:43, Gerben Wierda wrote: A forward zone without a forward address gives SERVFAIL But I was able to use forward-zone: name: "spamhaus.org" forward-addr: 127.0.0.1@10

Re: Trying to understand this DNSBL blocking issue

> On 5 Mar 2022, at 18:23, Matus UHLAR - fantomas wrote: > > On 05.03.22 12:43, Gerben Wierda wrote: >> A forward zone without a forward address gives SERVFAIL >> >> But I was able to use >> >> forward-zone: >> name: "spamhaus.org" >> forward-addr: 127.0.0.1@1053 # do not resolve spam

Re: Trying to understand this DNSBL blocking issue

On 05.03.22 12:43, Gerben Wierda wrote: A forward zone without a forward address gives SERVFAIL But I was able to use forward-zone: name: "spamhaus.org" forward-addr: 127.0.0.1@1053 # do not resolve spamhaus via public DNS resolvers Because I have a second non-forwarding unbou

Re: Trying to understand this DNSBL blocking issue

A forward zone without a forward address gives SERVFAIL But I was able to use forward-zone: name: "spamhaus.org" forward-addr: 127.0.0.1@1053 # do not resolve spamhaus via public DNS resolvers Because I have a second non-forwarding unbound running on port 1053 for rspamd alread

Re: Trying to understand this DNSBL blocking issue

> On 4 Mar 2022, at 11:01 pm, Noel Jones wrote: > > think you configure unbound with another forward-zone: name: > “zen.spamhaus.org” and then don’t list any forwarding addresses. That should > turn off forwarding for that zone. > > A forum for your OS or for unbound will probably give an aut

Re: Trying to understand this DNSBL blocking issue

I think you configure unbound with another forward-zone: name: “zen.spamhaus.org” and then don’t list any forwarding addresses. That should turn off forwarding for that zone. A forum for your OS or for unbound will probably give an authoritative answer — Noel Jones > On Mar 4, 2022, at 7:3

Re: Trying to understand this DNSBL blocking issue

I am already running my own unbound resolver. Van I configure my unbound in such a way that it forwards everything to 9.9.9.9 (which is my setting so I can use its blocking) except DNS queries for spamhaus.org ? If not, I need some way to tell postfix to use another resolv

Re: Trying to understand this DNSBL blocking issue

On 4 Mar 2022, at 19:13, Bastian Blank wrote: > > On Fri, Mar 04, 2022 at 06:58:33PM +0100, Gerben Wierda wrote: >> Feb 27 06:02:19 mail postfix/dnsblog[46930]: addr 113.197.35.193 listed by >> domain zen.spamhaus.org as 127.255.255.254 >> The 254 response means: the query comes form an open re

Re: Trying to understand this DNSBL blocking issue

On 3/4/2022 11:58 AM, Gerben Wierda wrote: Feb 27 06:02:19 mail postfix/dnsblog[46930]: addr 113.197.35.193 listed by domain zen.spamhaus.org as *127.255.255.254* This query was made on 27 Feb via a public DNS nameserver that is blocked by spamhaus. Mar 04 18:4

Re: Trying to understand this DNSBL blocking issue

On Fri, Mar 04, 2022 at 06:58:33PM +0100, Gerben Wierda wrote: > Feb 27 06:02:19 mail postfix/dnsblog[46930]: addr 113.197.35.193 listed by > domain zen.spamhaus.org as 127.255.255.254 > The 254 response means: the query comes form an open resolver so we’re not > going to reply properly. The mail

Trying to understand this DNSBL blocking issue

From main.cf: postscreen_dnsbl_sites = zen.spamhaus.org=127.0.0.[2..11] postscreen_dnsbl_action = drop I am trying to understand the behaviour from the log. The first is this one: Feb 27 06:02:19 mail postfix/postscreen[46928]: CONNECT from [113.197.35.193]:49976 to [192.168.2.66]:25 Feb 27 06: