Thanks for the link, I will study that. Our local nameserver DOESN’T USE shared/open nameservers, it transmit to the good nameservers (for spamhaus, their NS).
Why being so aggressive in your response ? You probably have a incredibly knowledge you have since you’re born, but I’m not, sorry. Instead of that have constructive responses. Clear informations are sometimes hard to find. If you don’t wan to help, don’t respond. De : Reindl Harald <h.rei...@thelounge.net> Envoyé : jeudi 17 avril 2025 17:16 À : DEMBLANS Mathieu <demblan...@mipih.fr> Objet : Re: disable spamhaus request and frankly: when you outright block based on spamhaus common sense should have told you a flood of RCVD_IN_ZEN_BLOCKED_OPENDNS in SA also has an impact on your postscreen RCVD_IN_ZEN_BLOCKED_OPENDNS is *clear* https://www.hmailserver.com/forum/viewtopic.php?t=40286 your nameserver don't do recursion - it fowards query to open nameservers like Google or Cloudflare you MUST NOT USE shared nameservers on a mailserver no matter if it's directly or your own nameserver forwards anybody not kknowing this should refrain from operate mailservers Am 17.04.25 um 17:03 schrieb Reindl Harald: Am 17.04.25 um 16:48 schrieb DEMBLANS Mathieu: "so we will do less DNS requests to spamhaus servers" is nonsense when you have a LOCAL RECURSIVE CACHING NAMESEVER which you don't seems to have we do some dns caching but I'm not sure it work as expected. I have to take a look on it. what is "some"? jesus you need a caching unbound-dns which do recusrion and not ask other shared nameservers and make sure it caches some time cache-min-ttl: 60 cache-max-negative-ttl: 60 "is also nonsense because when your postscreen didn't reject because the score wasn't high enough the points of ALL DNSBL contribute to the SA score" I configure postscreen without a *weight (postscreen_dnsbl_sites = zen.spamhaus.org=127.0.0.[2..11], like explained in spamhaus documentation) so if I read well the doc, if the IP address match the spamhaus list, the smtp request is rejected. But maybe I doesn't understand well all this mecanism. Or too confident in spamhaus list. outright blocking because of a single DNSBl is dumb " with RCVD_IN_ZEN_BLOCKED_OPENDNS your postfix also don't work as expected but it don't tell you" sorry I'm not sure to understand. You mean I will not be warned if spamhaus respond with 127.255.255.x for blocking reason if I only use postscreen, right? why should postscreen warn you? postscreen has no understanding of return-codes, it only does what you told him you told him which responds should be used to block mail, not more and not less your whole idiotic setup don't work at all because the only thing you rely on (spamhaus) don't work in your setup and instead undestand and fix the problem you disabled the only part on your setup which told you about a MAJOR PROBLEM -----Message d'origine----- De : Reindl Harald <h.rei...@thelounge.net><mailto:h.rei...@thelounge.net> Envoyé : jeudi 17 avril 2025 16:06 À : DEMBLANS Mathieu <demblan...@mipih.fr><mailto:demblan...@mipih.fr> Objet : Re: disable spamhaus request Am 17.04.25 um 16:01 schrieb DEMBLANS Mathieu: We are an enterprise and use several DNS for our internal use. But that's not the subject. My original problem is that we use DNSBL on postfix side so we doesn't need it on spamassassin side. And so we will do less DNS requests to spamhaus servers. "so we will do less DNS requests to spamhaus servers" is nonsense when you have a LOCAL RECURSIVE CACHING NAMESEVER which you don't seems to have "so we doesn't need it on spamassassin side" is also nonsense because when your postscreen didn't reject because the score wasn't high enough the points of ALL DNSBL contribute to the SA score with RCVD_IN_ZEN_BLOCKED_OPENDNS your postfix also don't work as expected but it don't tell you And I googled some search to find information but didn't find any interesting. If you have some, please share. -----Message d'origine----- De : Reindl Harald <h.rei...@thelounge.net><mailto:h.rei...@thelounge.net> Envoyé : mercredi 16 avril 2025 23:35 À : DEMBLANS Mathieu <demblan...@mipih.fr><mailto:demblan...@mipih.fr>; users@spamassassin.apache.org<mailto:users@spamassassin.apache.org> Objet : Re: disable spamhaus request Am 16.04.25 um 10:18 schrieb DEMBLANS Mathieu: Hello everyone, I try to disable the dnsbl request done to spamhaus.org but the solutions I found doesn’t work. I put score RCVD_IN_ZEN_BLOCKED_OPENDNS 0 score RCVD_IN_ZEN_BLOCKED 0 score __RCVD_IN_ZEN 0 in local.cf but spamassassin still do dns request to spamhaus. Doing the same with spamcop (score RCVD_IN_BL_SPAMCOP_NET 0) works correctly. I forgot something or there is a bug ? Thanks for your help why do you use a shared DNS and don't google what RCVD_IN_ZEN_BLOCKED_OPENDNS means?
