On 9/22/2016 3:40 PM, Thomas Barth wrote:



Am 21.09.2016 um 16:13 schrieb li...@rhsoft.net:


Am 21.09.2016 um 15:48 schrieb Thomas Barth:
X-Spam-Status: No, score=3.004 tagged_above=2 required=6.31
    tests=[MESSAGEID_LOCAL=3, RELAYCOUNTRY_BAD=3.1,
    RP_MATCHES_RCVD=-3.096, SPF_PASS=-0.001, URIBL_BLOCKED=0.001]
    autolearn=no autolearn_force=no

URIBL_BLOCKED shows you are using still a dns-forwarder and so won't get
results from a lot of blacklists

http://uribl.com/refused.shtml

fix that - use a local caching resolver with *no forwarding* and if you
are using dnsmasq just don't do that for a inbound mailserver


I found an instruction here for a debian system

https://manageacloud.com/configuration/local_dns_caching

/etc/resolv.conf
nameserver 127.0.0.1

/etc/resolv.dnsmasq
nameserver 208.67.222.222
nameserver 208.67.220.220
nameserver 208.67.222.220
nameserver 208.67.220.222

/etc/default/dnsmasq
DNSMASQ_OPTS="-r /etc/resolv.dnsmasq"


But it is using dnsmasq for local dns caching. I ve configured it, but I still see URIBL_BLOCKED=0.001 in a mail header.

with local caching it s a bit faster
# for i in {1..100}; do time dig slashdot.org @localhost; done 2>&1 | grep ^real | sed -e s/.*m// | awk '{sum += $1} END {print sum / NR}'
0.0076


# for i in {1..100}; do time dig slashdot.org; done 2>&1 | grep ^real | sed -e s/.*m// | awk '{sum += $1} END {print sum / NR}'
0.00962

Seems to work local dns caching but I dont understand why I shouldnt use it for inbound mailserver and why I still see URIBL_BLOCKED=0.00

Because you are forwarding your DNS to OpenDNS (208.67.222.222, etc). You need to setup a DNS that does not do forwarding. I'm not sure dnsmasq can be configured this way.

If you remove dnsmasq and install bind, it will probably do what you want without any further configuration. To make sure, you can take a look at the main bind config file (/etc/named.conf on CentOS -- I don't know if it is different with Debian) and make sure there are no "forwarders" statements.

--
Bowie

Reply via email to