On 11/1/2012 9:46 PM, Alex wrote: > Hi, > >>> You cannot query the ZEN list via the Google Servers... > > Ah, yes, of course. > >> He may not be allowed to from his own resolvers either, possibly causing >> this problem. Alex at one time you had a Spamhaus datafeed >> subscription. Some time ago your load had dropped below the daily limit > > Yes, it's been renewed, but this host may not be recorded in their > database.
If you are running a local recursing resolver, such as pdns-recursor, on this host, then the IP of this host is relevant to Spamhaus. If this host does not have a local recursing resolver, and is using external resolvers, then the IPs of those external resolvers are relevant to Spamhaus. I.e. it's the host that actually queries UDP 53 on Spamhaus systems that needs to be in their database. > It doesn't even receive all that much mail, and otherwise > has no association with the company. Anyway, they've given us a > special host to query. I'll add that and see if it helps. I believe > this could also be a firewall/domain issue, but with the hurricane > I've had to postpone the investigation for a day or two. The issue is likely that the configured DNS resolvers are public servers that have been banned by Spamhaus in the past. As others have mentioned there are many ISP type DNS resolvers that are not allowed to query Spamhaus' servers. Due to this, and DNS performance reasons in general, it is wise for anyone wishing to query the free Spamhaus servers to install a local recursing DNS daemon on the Postfix host itself. In the case of pdns-recursor, which I use, the setup is brain dead simply, takes a few minutes to install/configure. The benefits are substantial, and the resources WRT CPU/RAM are tiny. > Thanks so much for everyone's help. You're welcome "Alex". ;) Apologies if I 'leaked' any details you may not have wanted public, but since I'm maintaining your anonymity I figured this would be fine. -- Stan
