Skip wrote on Thu, 17 Jul 2008 16:19:07 -0400: > As for too many connection per day, my domain certainly does not > generate anywhere near the 100,000 connections spamhaus considers as the > cutoff, but I'll be my host (bluehost) does. If all they check is > originating IP address, then I'm sure I'll fall in that category.
Yeah, you actually query the resolver at your hosting provider. As do others of his customers. That combined connection pool may well exceed the limits. In that case you could set up a local caching nameserver and no forwarders. However, this would also impact your other dns queries. It might actually be a good idea if SA developers allowed to use a different resolver for SA than the system resolver. > > As for the timeouts, I won't have access to that, since I am on a shared > hosting system, but are you sure that those errors are what's being > reported by the local nameserver? I am surprised that every test would > fail (that is, not complete) in one case, and then in the next case all > but the spamhaus test would complete. Intermittant problems mean that a DNS is overloaded. Could be the typical sign of "spamassassinating" an RBL. I'm not surprised that many of your open-whois.org lookups fail. It wouldn't be the first RBL that falls apart after it got promoted to default use in SA. It's also possible that your forwarder DNS is sometimes overloaded. If you get timeouts on five RBLs and next second all of them are well and then again on a bunch of them I'd say that the bottleneck could actually be the forwarder. Also, several of these RBL checks do not add any extra value in my eyes. For instance habeas and bondedsender. I would get rid at least of these. I have been switching off SA RBL checks on all my systems almost right after I started using it years ago and still do so. I also don't use any of the distributed fingerprint systems. I use three RBLs I trust on MTA level for rejection. That's *much* more efficient. In SA I use only the other network checks for SURBL etc. as these *are* effective. (Although looking at the hit count all but one have declined in accurateness from last year.) Kai -- Kai Schätzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com
