Re: DNS RBL error

Mon, 19 Apr 2010 18:53:44 -0700 

On 4/19/2010 8:22 PM, Steve wrote:


-------- Original-Nachricht --------

Datum: Mon, 19 Apr 2010 21:03:51 -0400
Von: donovan jeffrey j<dono...@beth.k12.pa.us>
An: Ralf Hildebrandt<ralf.hildebra...@charite.de>
CC: Postfix users<postfix-users@postfix.org>
Betreff: Re: DNS RBL error




On Apr 19, 2010, at 3:07 PM, Ralf Hildebrandt wrote:


Rather test with:
2.0.0.127.zen.spamhaus.org

which should return:
2.0.0.127.zen.spamhaus.org has address 127.0.0.2
2.0.0.127.zen.spamhaus.org has address 127.0.0.4
2.0.0.127.zen.spamhaus.org has address 127.0.0.10


yes this is working now.

question on my setup. my primary MX server sits inside my network, with a
NATed IP. my postfix config references only the inside network.
should i move this MX server outside and use it's public address in the
config ? inbound mail gets checked and relayed to a content filter on another
server.

mynetworks = 127.0.0.1/32,192.168.0.10/32,10.135.0.0/16

or am i fine leaving it behind the NAT ?
to help fix the dns problem i want to run a cache only dns on the primary
mx. Not sure i wanted that inside or outside. i'm leaning to outside.
tips flames welcome


You can run that caching DNS where ever you want as long as you secure that 
DNS. If you use BIND and are using forwarders to your ISP name servers then 
that caching will not necessarily help much if your ISP's NS are the problem.

If this would be the case then instruct your BIND to forward queries for 
spamhaus.org directly to their name servers instead going over your ISP's name 
servers. Something like that here below might be helpful to you:
------------------------------------------
zone "spamhaus.org" in {
   type forward;
   allow-query { 127.0.0.1; };
   forwarders {
     82.94.216.239;   // ns8.spamhaus.org
     194.82.174.6;    // ns20.ja.net
     149.20.58.65;    // ns.dns-oarc.net
     194.109.9.101;   // ns3.xs4all.nl
     207.241.224.5;   // ns2.spamhaus.org
     192.150.94.200;  // ns3.spamhaus.org
     195.169.124.71;  // ns3.surfnet.nl
};
------------------------------------------




Much simpler to just turn off forwarding for that zone.  Bind 
can figure it out itself without you having to update manually.

zone "spamhaus.org" in {
        type forward;
        forwarders {};
};

  -- Noel Jones























					Reply via email to