subject:"response\-policy zones from spamhaus.org"

RE: response-policy zones from spamhaus.org

2017-10-09 Thread MAYER Hans

Hi Tony, 

Many thanks for the hint. 
My mistake: no dot at the end in the domain name for the passthru statement. 

Kind regards 
Hans

-- 

-Original Message-
From: Tony Finch [mailto:d...@dotat.at] 
Sent: Monday, October 9, 2017 12:09 PM
To: MAYER Hans <hans.ma...@iiasa.ac.at>
Cc: bind-us...@isc.org
Subject: Re: response-policy zones from spamhaus.org

MAYER Hans <hans.ma...@iiasa.ac.at> wrote:
>
> I also tried to define these records in my own RPZ and hoping it has 
> higher priorities.

It should work if you put your passthru RPZ before any blocking RPZs.

A tangential aside...

The ordering in a response-policy section can affect performance, as well as 
which policies take priority. I set `qname-wait-recurse no`, and I list RPZs 
that do not require recursion (because they only contain `qname` and 
`rpz-client-ip` triggers) before RPZs with unrestricted triggers.

Tony.
--
f.anthony.n.finch  <d...@dotat.at>  http://dotat.at/  -  I xn--zr8h punycode
Fitzroy: Easterly or northeasterly 4 or 5 in southeast, otherwise variable 3 or 
4. Slight or moderate. Fair. Good.
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: response-policy zones from spamhaus.org

2017-10-09 Thread Tony Finch

MAYER Hans  wrote:
>
> I also tried to define these records in my own RPZ and hoping it has
> higher priorities.

It should work if you put your passthru RPZ before any blocking RPZs.

A tangential aside...

The ordering in a response-policy section can affect performance, as well
as which policies take priority. I set `qname-wait-recurse no`, and I list
RPZs that do not require recursion (because they only contain `qname` and
`rpz-client-ip` triggers) before RPZs with unrestricted triggers.

Tony.
-- 
f.anthony.n.finch    http://dotat.at/  -  I xn--zr8h punycode
Fitzroy: Easterly or northeasterly 4 or 5 in southeast, otherwise variable 3
or 4. Slight or moderate. Fair. Good.
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: response-policy zones from spamhaus.org

2017-10-07 Thread Sten Carlsen



On 07-10-2017 21.36, MAYER Hans wrote:
>
> Dear All, 
>
> We are using response-policy zones as a service from spamhaus.org
> This is used for web access as well as for SMTP ( incoming and outgoing ) 
> Actually this worked fine over years. 
> Now we have the situation if I dig www.airindia.in I get as result 
>
> ;; ADDITIONAL SECTION:
> bad-nameservers.rpz.spamhaus.org. 60 IN SOA need.to.know.only. 
> hostmaster.spamhaus.org. 1507403414 300 60 432000 60
>
> This indicates that it is listed in the  bad-nameservers.rpz.spamhaus.org 
> database from spamhaus.org which I have configured as a slave zone in my DNS 
> server.
> Our employees are travelling a lot and therefore it is not acceptable that 
> the Indian Airline is not reachable. 
>
> Such zones are defined as type slave. Therefore it’s not possible to update 
> such a zone. 
> I also tried to define these records in my own RPZ and hoping it has higher 
> priorities. But it isn’t. 
> Finally I tried a forward only zone for airindia.in to a server in my 
> environment which does not use RPZ. But this doesn’t work too. 
>
> Any ideas how I could shade or overwrite the content of RPZ ? 
I would look at the mail server configuration. It might be possible to
add a positive list in front of the spamhaus lookup.
>
> I am using BIND 9.11.2
>
>
> Kind regards 
> Hans
>
> — 
>
>
> ___
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
> from this list
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users

-- 
Best regards

Sten Carlsen

No improvements come from shouting:

"MALE BOVINE MANURE!!!" 

___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

response-policy zones from spamhaus.org

2017-10-07 Thread MAYER Hans



Dear All, 

We are using response-policy zones as a service from spamhaus.org
This is used for web access as well as for SMTP ( incoming and outgoing ) 
Actually this worked fine over years. 
Now we have the situation if I dig www.airindia.in I get as result 

;; ADDITIONAL SECTION:
bad-nameservers.rpz.spamhaus.org. 60 IN SOA need.to.know.only. 
hostmaster.spamhaus.org. 1507403414 300 60 432000 60

This indicates that it is listed in the  bad-nameservers.rpz.spamhaus.org 
database from spamhaus.org which I have configured as a slave zone in my DNS 
server.
Our employees are travelling a lot and therefore it is not acceptable that the 
Indian Airline is not reachable. 

Such zones are defined as type slave. Therefore it’s not possible to update 
such a zone. 
I also tried to define these records in my own RPZ and hoping it has higher 
priorities. But it isn’t. 
Finally I tried a forward only zone for airindia.in to a server in my 
environment which does not use RPZ. But this doesn’t work too. 

Any ideas how I could shade or overwrite the content of RPZ ? 

I am using BIND 9.11.2


Kind regards 
Hans

— 


___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

RE: response-policy zones from spamhaus.org

Re: response-policy zones from spamhaus.org

Re: response-policy zones from spamhaus.org

response-policy zones from spamhaus.org

4 matches

Site Navigation

Mail list logo

Footer information