On 1/7/2023 9:06 AM, Matus UHLAR - fantomas wrote:
On Fri, 6 Jan 2023, joe a wrote:
Attempting to utilize the various block lists and find rejection messages in mail headers "blocked due to usage of an open resolver".

On 06.01.23 09:49, John Hardin wrote:
Are you forwarding your SpamAssassin DNS queries to your ISP or (e.g.) Google?

Best practice is to set up a local, non-forwarding (potentially non-forwarding only for the DNSBL domains, see my email from a week or so back) DNS server for your MTA and SpamAssassin to use (potentially your entire local network as well, but that's not relevant to your question).

DNSBL providers generally don't like requests from public DNS servers as they aggregate a lot of requests from a lot of sources.

https://cwiki.apache.org/confluence/display/SPAMASSASSIN/DnsBlocklists

Q: My queries to a DNS-blocklist were blocked. What does this mean?
...

Resolving the block might be as simple as using your own non-forwarding caching nameserver

https://cwiki.apache.org/confluence/display/SPAMASSASSIN/CachingNameserver



Thanks. I think I actually got unbound working but still was getting URIBL rejects from spamhaus.

I've disabled queries for now and will try again in a few days, thinking the "free use" limits may have been tripped.

That will give me some time to review how to disable specific checks, such as dnswl.org which caused a score of -5.0 for some obviously spammy stuff.


Reply via email to