On 9/18/2015 4:25 PM, Matus UHLAR - fantomas wrote:
On 16.09.15 09:50, Bowie Bailey wrote:
The SA config is probably a better solution than the bind exemptions.
I would say just the opposite. For example, MTA at SMTP level can look up
RBLs, and SA would benefit from having records in local cac
On 16.09.15 09:50, Bowie Bailey wrote:
The SA config is probably a better solution than the bind exemptions.
I would say just the opposite. For example, MTA at SMTP level can look up
RBLs, and SA would benefit from having records in local cache.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ;
Reindl Harald skrev den 2015-09-16 15:35:
"cache-min-ttl" is AFAIK a unbound-only feature because it violates
RFC's but in case of a mailserver it's your decision and if you don#t
set it for days normally not a problem
so configure unbound to listing only on 127.0.0.2 and in named.conf use
fo
The SA config is probably a better solution than the bind exemptions.
As was pointed out elsewhere in this thread, URIBL is not the only
DNS-based blacklist that enforces usage limits and it may not be as easy
to tell that you are being blocked with some of the others.
If you add in the 'dns_
Am 16.09.2015 um 15:22 schrieb Marc Richter:
All this is true.
As you already pointed out in a previous post, resolving is quite slow
on that host. I have no influence on the networking arround that box. So
I did not want other things starting to go slow by this.
well, and there unbound with
All this is true.
As you already pointed out in a previous post, resolving is quite slow
on that host. I have no influence on the networking arround that box. So
I did not want other things starting to go slow by this.
But you convinced me - I now also thing that the other way bears too
much
Am 16.09.2015 um 13:38 schrieb Marc Richter:
Am 16.09.2015 um 11:41 schrieb Axb:
Although, the intended setup with exemptions by defining empty
forwarders for DNSBL zones was not my idea - this scenario is described
on the SA wiki as a working solution:
http://wiki.apache.org/spamassassin/Cach
Hi Axb,
Am 16.09.2015 um 11:41 schrieb Axb:
Although, the intended setup with exemptions by defining empty
forwarders for DNSBL zones was not my idea - this scenario is described
on the SA wiki as a working solution:
http://wiki.apache.org/spamassassin/CachingNameserver#Non-forwarding
This seem
Hi Axb,
yes, I did c&p the config block from the wiki 1:1 into my BIND setup.
I have added that zone - exemption you suggested into my config.
I'll wait for a few spams to arrive to see the results.
Thank you for sharing your thoughts.
Best regards,
Marc
Am 16.09.2015 um 11:41 schrieb Axb:
O
Am 16.09.2015 um 11:36 schrieb Marc Richter:
I am - it's the very same setup you describe like I'm using. The only
difference is that I do not rely on a dedicated DNS resolver I setup
myself, but the centralized nameserver of my ISP, which works exactly
like any nameserver I'd setup myself.
no
Hi Adam,
that's a great workarround and perfectly fits my needs! Thank you for
that! :)
I'll use this if I cannot find out why my exemptions do not work in a
reasonable amount of time.
Best regards,
Marc
Am 15.09.2015 um 20:14 schrieb Adam Major:
Hi.
If you don't want change DNS resolver
On 09/16/2015 11:36 AM, Marc Richter wrote:
if you are trying to insult people at all costs
really?
you would recognize it when i intend to do so
Please read your previous reply again. You will find that you used a
very harsh tone against someone who comes here asking questions in a
reasonab
Hi Bowie,
thanks for your reply.
I would suggest temporarily removing the forward completely as a test
and see if this fixes the problem. If so, then your exemptions are not
working correctly. If not, then double-check that you are actually
using the local server and not still querying the IS
if you are trying to insult people at all costs
really?
you would recognize it when i intend to do so
Please read your previous reply again. You will find that you used a
very harsh tone against someone who comes here asking questions in a
reasonable and moderate tone. Yes - maybe I *am* do
Hi Dave,
you are right: That is a measurement of "how fast is my ISP's cache?".
But literally, that's all I want:
I do not want "better" DNS results than I got from my ISPs DNS servers
so far. I'd like to keep up the benefit of using a large DNS cache,
without blocking these resources on my ho
Hi.
If you don't want change DNS resolver for all DNS queries from your
server you can add in SA config line:
dns_server x.y.z.k:53
where z.y.z.k is IP DNS server using to resolve only by SA.
Then in resolv.conf you can use different (ex. ISP) DNS server.
More info:
http://spamassassin.apac
On 9/15/2015 6:51 AM, Marc Richter wrote:
Hi everyone,
I recently read the following in all my filtered Mail:
0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was blocked.
See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block
for more information.
So I read what's writ
However you did not empty your ISP's dns server cache.
That 2 msec response time is from his cache, the 543 msec for
your server is when it's not in your server's cache.
So you're not making a fair comparison.
A response from a cache is always going to be faster, that's why people
use caching
Marc Richter skrev den 2015-09-15 13:23:
That's 271 times faster than root-servers's lookup.
hmm
maybe your server is heavy loaded of spam ?, and your isp is not ?
lets check this so:
dig +trace uribl.com
show me how it is for you
note +trace do not care of forwards at all
what version o
Yes
Am 15.09.2015 um 13:30 schrieb Axb:
On 09/15/2015 01:23 PM, Marc Richter wrote:
Also, you shouldn't make assumptions without measuring something:
1. without forwarding:
;; Query time: 543 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
2. with forwarding to my ISP's servers:
;; Query time: 2 ms
Marc Richter skrev den 2015-09-15 12:51:
But even the IP of my server was sending just 2 requests for incomming
spam since I have integrated BIND, these messages contain this
ADMINISTRATOR NOTICE also. How can I hit the free usage limit by just
2 requests?
https://www.google.dk/search?q=dnswal
Am 15.09.2015 um 13:23 schrieb Marc Richter:
if you are trying to insult people at all costs
really?
you would recognize it when i intend to do so
*any* expierienced mailadmin out there has a local recursion nameserver
on his MTA or at least somewhere in his LAN to use a central local cache
On 09/15/2015 01:23 PM, Marc Richter wrote:
Also, you shouldn't make assumptions without measuring something:
1. without forwarding:
;; Query time: 543 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
2. with forwarding to my ISP's servers:
;; Query time: 2 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
Tha
Hey Reindl,
if you are trying to insult people at all costs, you should read and
understand their posts in full before doing so at least, to not look
like a jackass additional to an impolite person.
What I wrote is:
>> ... but created the exemptions as listed at the very bottom of that
>> si
On 09/15/2015 12:51 PM, Marc Richter wrote:
Hi everyone,
I recently read the following in all my filtered Mail:
0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was blocked.
See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block
for more information.
So I read what's wr
Am 15.09.2015 um 12:51 schrieb Marc Richter:
I recently read the following in all my filtered Mail:
0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was blocked.
See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block
for more information.
So I read what's written there
Hi everyone,
I recently read the following in all my filtered Mail:
0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was blocked.
See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block
for more information.
So I read what's written there and setup a local DNS server, as
27 matches
Mail list logo
