On Thu, 25 Sep 2014, Deeztek Support wrote:
On 9/25/2014 1:25 PM, John Hardin wrote:.
While your Postfix may be doing DNS blocklist checks on the sending MTA,
I sincerely doubt that Postfix is parsing message bodies to pull out URI
domains and checking them. That's what URIBL is.
Is there a place to configure the URIBLs that SA uses or is it just buit-in?
You can add rules for custom URIBL lookups. There is a base set that's
enabled by default and which can be disabled. I don't fiddle with that
much (my install is stable) so I don't know the details right off the top
of my head.
IOW, "see the docs". :)
Also, even if Postfix *was* doing that, the "URIBL_BLOCKED" rule hit
indicates a local configuration that would likely also be affecting
Postfix. So, yes, Postfix *might* be doing URIBL lookups, but if it is
it's probably also getting the BLOCKED result.
Actually that's not happening at all. None of the lists we are using are
blocking us.
You are getting a URIBL_BLOCKED rule hit. The URIBL servers *are* blocking
your queries for overuse. That's what that rule means.
Note that it says nothing about DNSBL queries, only URIBL queries.
If you're running your own DNS server, it's apparently set to forward to
a large upstream DNS server that's aggregating other queries with yours
(i.e. a standard DNS setup). "URIBL_BLOCKED" means the DNS server that's
actually hitting the URIBL server (your upstream) has exceeded the
"free" query limit.
You are right it is using an upstream server (opendns.com)
Yep.
You might not want to switch your DNS to be recursive rather than
forwarding for *all* your queries, in which case you'd set up a
dedicated recursive DNS server just for MTA/SA use, and the rest of your
network would continue to use your forwarding server.
That shouldn't be too difficult to implement.
Nope.
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhar...@impsec.org FALaholic #11174 pgpk -a jhar...@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
"A well educated Electorate, being necessary to the liberty of a
free State, the Right of the People to Keep and Read Books,
shall not be infringed."
...means only registered voters can read books, and only those books
obtained with State permission from State-controlled bookstores?
-----------------------------------------------------------------------
847 days since the first successful private support mission to ISS (SpaceX)