On Jul 18, 2008, at 6:31, Kai Schaetzl <[EMAIL PROTECTED]> wrote:
Skip wrote on Thu, 17 Jul 2008 16:19:07 -0400:
As for too many connection per day, my domain certainly does not
generate anywhere near the 100,000 connections spamhaus considers
as the
cutoff, but I'll be my host (bluehost) does. If all they check is
originating IP address, then I'm sure I'll fall in that category.
Yeah, you actually query the resolver at your hosting provider. As do
others of his customers. That combined connection pool may well
exceed the
limits. In that case you could set up a local caching nameserver and
no
forwarders. However, this would also impact your other dns queries. It
might actually be a good idea if SA developers allowed to use a
different
resolver for SA than the system resolver.
As for the timeouts, I won't have access to that, since I am on a
shared
hosting system, but are you sure that those errors are what's being
reported by the local nameserver? I am surprised that every test
would
fail (that is, not complete) in one case, and then in the next case
all
but the spamhaus test would complete.
Intermittant problems mean that a DNS is overloaded. Could be the
typical
sign of "spamassassinating" an RBL. I'm not surprised that many of
your
open-whois.org lookups fail. It wouldn't be the first RBL that falls
apart
after it got promoted to default use in SA.
It's also possible that your forwarder DNS is sometimes overloaded.
If you
get timeouts on five RBLs and next second all of them are well and
then
again on a bunch of them I'd say that the bottleneck could actually
be the
forwarder.
Also, several of these RBL checks do not add any extra value in my
eyes.
For instance habeas and bondedsender. I would get rid at least of
these. I
have been switching off SA RBL checks on all my systems almost right
after
I started using it years ago and still do so. I also don't use any
of the
distributed fingerprint systems. I use three RBLs I trust on MTA
level for
rejection. That's *much* more efficient.
Zen should be one of them. Which Other two RBLs do you trust?
[...]
--
Sahil Tandon
