On Thu, 25 Sep 2014, Deeztek Support wrote:

On 9/25/2014 1:25 PM, John Hardin wrote:.

 While your Postfix may be doing DNS blocklist checks on the sending MTA,
 I sincerely doubt that Postfix is parsing message bodies to pull out URI
 domains and checking them. That's what URIBL is.

Is there a place to configure the URIBLs that SA uses or is it just buit-in?

You can add rules for custom URIBL lookups. There is a base set that's enabled by default and which can be disabled. I don't fiddle with that much (my install is stable) so I don't know the details right off the top of my head.

IOW, "see the docs". :)

 Also, even if Postfix *was* doing that, the "URIBL_BLOCKED" rule hit
 indicates a local configuration that would likely also be affecting
 Postfix. So, yes, Postfix *might* be doing URIBL lookups, but if it is
 it's probably also getting the BLOCKED result.

Actually that's not happening at all. None of the lists we are using are blocking us.

You are getting a URIBL_BLOCKED rule hit. The URIBL servers *are* blocking your queries for overuse. That's what that rule means.

Note that it says nothing about DNSBL queries, only URIBL queries.

 If you're running your own DNS server, it's apparently set to forward to
 a large upstream DNS server that's aggregating other queries with yours
 (i.e. a standard DNS setup). "URIBL_BLOCKED" means the DNS server that's
 actually hitting the URIBL server (your upstream) has exceeded the
 "free" query limit.

You are right it is using an upstream server (opendns.com)

Yep.

 You might not want to switch your DNS to be recursive rather than
 forwarding for *all* your queries, in which case you'd set up a
 dedicated recursive DNS server just for MTA/SA use, and the rest of your
 network would continue to use your forwarding server.

That shouldn't be too difficult to implement.

Nope.

--
 John Hardin KA7OHZ                    http://www.impsec.org/~jhardin/
 jhar...@impsec.org    FALaholic #11174     pgpk -a jhar...@impsec.org
 key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C  AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
   "A well educated Electorate, being necessary to the liberty of a
    free State, the Right of the People to Keep and Read Books,
    shall not be infringed."
  ...means only registered voters can read books, and only those books
  obtained with State permission from State-controlled bookstores?
-----------------------------------------------------------------------
 847 days since the first successful private support mission to ISS (SpaceX)

Reply via email to