On 18 Aug 2016, at 15:08, Jerry Malcolm wrote:
On 8/18/2016 1:50 PM, li...@rhsoft.net wrote:
Am 18.08.2016 um 20:48 schrieb Jerry Malcolm:
This is encouraging. I looked up how to set recursion in Bind. It
looks like it's just requires adding a field to the options:
|allow-recursion { any; }; |But it lists other options such as
allow-query, allow-query-cache, etc. Is recursion the only one that
might be affecting SA? Or should I enable other options?
sorry but *no*
it means nothing else than *remove* any forwaridng statements
the stuff above is just to limit which clients are allowed to make
recursive queries
Hmm. I do not have any forwarding statements. Is there a way via
command line (e.g. nslookup, etc) that I can determine if BIND is
recursing or forwarding?
If BIND is forwarding to a server that can't do DNSBL lookups (which are
a critical piece of SA catching the spam you shared) then "nslookup
2.0.0.127.zen.spamhaus.org" will return no records. If it is recursing
(and your server isn't handling a large volume of mail) then you should
get back 3 address records pointing to 127.0.0.2, 127.0.0.4, and
127.0.0.10
I assume that might be in the SA report header. But see my previous
response that I can't seem to ever get report headers... Yuck...
In a report header you'd see something like URIBL_BLOCKED.
