Am 24.05.2016 um 22:24 schrieb Nick Howitt:
On 24/05/2016 20:44, Reindl Harald wrote:Am 24.05.2016 um 21:40 schrieb Nick Howitt:On 24/05/2016 19:11, Reindl Harald wrote:Am 24.05.2016 um 20:05 schrieb Nick Howitt:http://uribl.com/refused.shtmlThanks for the link. I use OpenDNS and it looks like it is being blocked. My mailserver is my gateway and only runs dnsmasq rather than bind and I am only a home user, so, from your link, I fall under the low volume user section. Is there anyting reasonable I can do?when you dnsmasq forwards queries to any other dns server instead doing recursion itself the server you ask is contacting the rbl and *any other* user using the same dns-server raises the count the RBL server *never* will see your IP and can't distinct between you and other users*never* use a forwarind/ISP nameserver for a inbound MXIf I understand you, I don't. I have my own domain and my mx record points to my dyndns FQDNif you dnsmasq forward to OpenDNS you do http://www.windowsnetworking.com/articles-tutorials/netgeneral/Understanding-DNS-Recursion.htmlOk, but how does it help me? From what I've read it seems dnsmasq can only do recursion. If I keep dnsmasq then I would need to point it to another iterative DNS resolver running on my box such as PowerDNS or BIND rather than to OpenDNS or have I misunderstood? Is there something simple I can do with dnamasq or OpenDNS?no idea why you insist in dnsmasq and especially opendns a unbound or bind default setup does recursion __________________________________ "dnsmasq can only do recursion" - jesus NO - when you did something like below it is a forwarding server - just try to UNDERSTAND the link above explaining HWAT dns-recursion is - IT IS NOT "use a specific nameserver like below for resolving" __________________________________ THAT IS A BULLSHIT SETUP ON A INBOUND-MX https://www.dd-wrt.com/wiki/index.php/OpenDNS ption 2 - Configure DNSMasq for OpenDNS DNS forwarding Go to Services tab » Services sub tab » Services Management section » DNSMasq sub section Enable both DNSMasq and Local DNS options In the Additional DNSMasq Options text box, enter: no-resolv strict-order server=208.67.222.222 server=208.67.222.220Thanks for the info. Each time I've received a reply I've tried to do a quick but of research on the internet. Clearly I got it wrong about dnsmasq and I'll give a try adding "no-resolv" to my configuration. The other bits I already have. I'm afraid I can't be an expert at everything.
stay on list!that above is *as said* a bullshit setup for a incoming mailserver and "no-resolv" is just for ignore /etc/resolv.conf
mabye you still don#t understand the problem:everytime you receive a mail SpamAssassin checks if the IP is listed on serveral blacklists and whitelists by asking your resolver, if that points to "208.67.222.222" NOT YOU but "208.67.222.222" asks the DNSBL/DNSWL servers and others using "208.67.222.222" triggers the same leading in "208.67.222.22" making the dns-requests for you and half of the world and so "208.67.222.22" exceeds the free limit
My reluctance to move away from dnsmasq is that it is integrated into the ClearOS webconfig and acts as a DHCP server as well. Replacing it with BIND will break bits of the webconfig and I don't have the skills to fix it
and what is the problem run a local unbound on port 1053 and just add "dns_server [127.0.0.1]:1053" to your SA-configuration when one thinks he is capable to run his own servers?
https://wiki.apache.org/spamassassin/CachingNameserver
signature.asc
Description: OpenPGP digital signature
