Adding the local domain to names without trailing dots is a "feature" of the
system resolver library (glibc or equivalent). Since spamdyke implements its
own DNS code that never appends the local domain name, trailing dots are
unnecessary. It'd probably be a good idea to update spamdyke to automatically
remove trailing dots for this kind of situation -- I'll do that in the next
version.
However, the number of DNS queries may be even higher than you think, depending
on your configuration. If you haven't used any of the DNS tuning options in
spamdyke's configuration file and your server has only one nameserver listed in
/etc/resolv.conf, each RBL query will send 3 queries (for A, CNAME and TXT
records), not 1. If you have 6 RBLs configured, each incoming connection is
sending 18 queries (simultaneously). If no responses are received, it will
resend the unanswered queries 2 more times within 30 seconds before it gives up.
If you have multiple nameservers in /etc/resolv.conf, the number of queries
will go up. By default, spamdyke will send its first queries only to the first
nameserver. All the subsequent retries will go to all of the nameservers. So
with 6 RBLs and 3 nameservers, spamdyke could send as many as 126 queries
before it gives up (just for RBLs, per incoming connection).
You can see the details of exactly what spamdyke is doing by running the
"./configure" script with the "--with-excessive-output" option, recompiling and
installing the new binary. After that, spamdyke will log all of its DNS
activity when its "log-level" option is set to "excessive". Or if you prefer
not to flood your syslog with spamdyke messages, you can capture a few incoming
connections to files using the "full-log-dir" option -- full log files always
contain the "excessive" log messages, even if they're not sent to the syslog.
Most of the time spamdyke doesn't send anywhere near that number of packets
because most nameservers will send back a "no data" response for names that
don't exist. It also stops querying RBLs when it receives any positive
responses. Even so, it's easy to see why running a caching nameserver on your
mail server is a very good idea. Options are available to control almost
everything about spamdyke's DNS behavior -- all of the excruciating details are
here:
http://www.spamdyke.org/documentation/README.html#DNS_QUERIES
-- Sam Clippinger
On Jan 23, 2013, at 7:44 PM, Dossy Shiobara wrote:
> Upon closer inspection (and addition of logging statements) it appears
> to work if I remove the trailing "." -- looks like the funky DNS
> resolver in spamdyke/dns.c doesn't do the right thing in this case?
>
> With 6 dns-blacklist-entry lines, and a "search" entry in resolv.conf
> containing my domain name, each email's RBL check potentially results in
> 12 DNS queries -- instead of 6.
>
>
> On 1/23/13 8:18 PM, Dossy Shiobara wrote:
>> Did spamdyke's RBL filter stop working in 4.3.1? I have this in my
>> spamdyke.conf --
>>
>> dns-blacklist-entry=b.barracudacentral.org.
>>
>> (yes, with the trailing "." at the end, so that it won't try
>> unnecessarily resolving using the "search" domain list from resolv.conf)
>>
>> Yet, I see:
>>
>> Jan 23 20:14:39 ecwav spamdyke[1073]:
>> DEBUG(filter_dns_rbl()@filter.c:1684): checking DNS RBL(s); ip:
>> 123.26.252.105
>> Jan 23 20:14:52 ecwav spamdyke[31407]:
>> DEBUG(find_username()@spamdyke.c:194): searching for username between
>> positions 11 and 34: MAIL FROM:<[email protected]>^M
>>
>> $ dnstxt 105.252.26.123.b.barracudacentral.org
>> http://www.barracudanetworks.com/reputation/?pr=1&ip=123.26.252.105
>>
>> So, there's definitely an RBL entry, yet filter_dns_rbl() isn't seeing it?
>>
>
> --
> Dossy Shiobara | "He realized the fastest way to change
> [email protected] | is to laugh at your own folly -- then you
> http://panoptic.com/ | can let go and quickly move on." (p. 70)
> * WordPress * jQuery * MySQL * Security * Business Continuity *
>
> _______________________________________________
> spamdyke-users mailing list
> [email protected]
> http://www.spamdyke.org/mailman/listinfo/spamdyke-users
_______________________________________________
spamdyke-users mailing list
[email protected]
http://www.spamdyke.org/mailman/listinfo/spamdyke-users
