On 1/7/2023 9:06 AM, Matus UHLAR - fantomas wrote:
On Fri, 6 Jan 2023, joe a wrote:
Attempting to utilize the various block lists and find rejection
messages in mail headers "blocked due to usage of an open resolver".
On 06.01.23 09:49, John Hardin wrote:
Are you forwarding your SpamAssassin DNS queries to your ISP or (e.g.)
Google?
Best practice is to set up a local, non-forwarding (potentially
non-forwarding only for the DNSBL domains, see my email from a week or
so back) DNS server for your MTA and SpamAssassin to use (potentially
your entire local network as well, but that's not relevant to your
question).
DNSBL providers generally don't like requests from public DNS servers
as they aggregate a lot of requests from a lot of sources.
https://cwiki.apache.org/confluence/display/SPAMASSASSIN/DnsBlocklists
Q: My queries to a DNS-blocklist were blocked. What does this mean?
...
Resolving the block might be as simple as using your own non-forwarding
caching nameserver
https://cwiki.apache.org/confluence/display/SPAMASSASSIN/CachingNameserver
Thanks. I think I actually got unbound working but still was getting
URIBL rejects from spamhaus.
I've disabled queries for now and will try again in a few days, thinking
the "free use" limits may have been tripped.
That will give me some time to review how to disable specific checks,
such as dnswl.org which caused a score of -5.0 for some obviously spammy
stuff.