On Tue, Nov 11, 2008 at 6:35 AM, Peter Kirk <[EMAIL PROTECTED]> wrote: > Hi All > > I have noticed about 3 times today my exim server has used a lot on DNS, > about 2GB a time. Below are the logs from my bandwidth monitoring > > x.x.x.x b.dns.br 2135.61 MB > x.x.x.x 200.160.0.10 2135.47 MB > x.x.x.x jim1.us.archive.org 2135.32 MB > x.x.x.x ns20.ja.net 223 MB > x.x.x.x ns8.spamhaus.org 199.27 MB > > I have checked the ip addresses and it has to do with the dns > blacklisting in exim. Any ideas why it would use so much bandwidth. > > I looked more into the logs for 200.160.0.10 on our Cisco ASA and got > the following > > Nov 11 15:16:57 %ASA-6-302015: Built outbound UDP connection 17443293 > for outside:200.160.0.10/53 (200.160.0.10/53) to hsn:x.x.x.x/55074 > (x.x.x.x/55074) > Nov 11 15:16:57 %ASA-6-302015: Built outbound UDP connection 17443293 > for outside:200.160.0.10/53 (200.160.0.10/53) to hsn:x.x.x.x /55074 > (x.x.x.x /55074) > Nov 11 15:16:57 %ASA-6-302015: Built outbound UDP connection 17443293 > for outside:200.160.0.10/53 (200.160.0.10/53) to hsn:x.x.x.x /55074 > (x.x.x.x /55074) > Nov 11 15:19:01 %ASA-6-302016: Teardown UDP connection 17443293 for > outside:200.160.0.10/53 to hsn:x.x.x.x /55074 duration 0:02:03 bytes 176 > Nov 11 15:19:01 %ASA-6-302016: Teardown UDP connection 17443293 for > outside:200.160.0.10/53 to hsn:x.x.x.x /55074 duration 0:02:03 bytes 176 > Nov 11 15:19:01 %ASA-6-302016: Teardown UDP connection 17443293 for > outside:200.160.0.10/53 to hsn:x.x.x.x /55074 duration 0:02:03 bytes 176 > > Nov 11 16:05:33 %ASA-6-302015: Built outbound UDP connection 17614488 > for outside:200.160.0.10/53 (200.160.0.10/53) to hsn:x.x.x.x /55074 > (x.x.x.x /55074) > Nov 11 16:05:33 %ASA-6-302015: Built outbound UDP connection 17614488 > for outside:200.160.0.10/53 (200.160.0.10/53) to hsn:x.x.x.x /55074 > (x.x.x.x /55074) > Nov 11 16:05:33 %ASA-6-302015: Built outbound UDP connection 17614488 > for outside:200.160.0.10/53 (200.160.0.10/53) to hsn:x.x.x.x /55074 > (x.x.x.x /55074) > Nov 11 16:07:37 %ASA-6-302016: Teardown UDP connection 17614488 for > outside:200.160.0.10/53 to hsn:x.x.x.x /55074 duration 0:02:03 bytes > 2239204366 > Nov 11 16:07:37 %ASA-6-302016: Teardown UDP connection 17614488 for > outside:200.160.0.10/53 to hsn:x.x.x.x /55074 duration 0:02:03 bytes > 2239204366 > Nov 11 16:07:37 %ASA-6-302016: Teardown UDP connection 17614488 for > outside:200.160.0.10/53 to hsn:x.x.x.x /55074 duration 0:02:03 bytes > 2239204366 > > As you can see, it downloaded about 1GB at a time :-( > > Thanks for help in advance > -- > ## List details at http://lists.exim.org/mailman/listinfo/exim-users > ## Exim details at http://www.exim.org/ > ## Please use the Wiki with this list - http://wiki.exim.org/ >
What does the mail volume on this server look like? Do you use any caching resolver locally? Does the ASA perform any DNS inspection? (enabled by default) -- Brent Jones [EMAIL PROTECTED] -- ## List details at http://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
