On 10/13/2017 08:45 AM, AJ Weber wrote:
On 10/13/2017 9:23 AM, Reindl Harald wrote:
next time make a notice in your first post that you don#t have a
serious mailserver but "maybe because I have a DHCP address from a
major ISP and that's a problem"
OK, I can do that, but there isn't anything in the troubleshooting for
DNSBL regarding how your IP address is assigned. It just recommends
that you use your own, caching DNS server. If that is important, maybe
it should be mentioned in the docs?
Am 13.10.2017 um 15:20 schrieb AJ Weber:
I put the following in my local.cf. This does not work?
dns_available yes
# - REDIRECT DNS LOOKUPS TO LOCAL "unbound" service to avoid RBL bans
dns_server 127.0.0.1
then your machine is *not* using 127.0.0.1 as the only DNS server
So does this "dns_server" directive in my local.cf file work as
expected? If so, my SA *is* using 127.0.0.1 as the only DNS server.
It should. Do a test dig @127.0.0.1 to make sure unbound is resolving
properly. I am trying to do a test query from my mail servers to
multi.uribl.com and not getting any response right now. I have tried
from multiple locations on the Internet so I could show you exactly how
to tell you when you are blocked.
According to the SA rules, if you get back a response with xxx.xxx.xxx.1
then your query volume is too high and you hit URIBL_BLOCKED. The way
to resolve this is to run your own local DNS that does it's own full
recursive lookup and does not forward to any other DNS server.
Forwarding to other DNS servers combines your queries with potentially
other queries to the RBL and you don't want that. You want your DNS
queries to be independent from any other so they are as few as possible
to stay under free usage limits.
If you are sure your DNS queries are isolated (not forwarding) and you
still hit URIBL_BLOCKED, then your only option is to disable those RBLs
by scoring them as 0.
--
David Jones
