On 9/22/2016 3:40 PM, Thomas Barth wrote:

Am 21.09.2016 um 16:13 schrieb li...@rhsoft.net:

Am 21.09.2016 um 15:48 schrieb Thomas Barth:
X-Spam-Status: No, score=3.004 tagged_above=2 required=6.31
    RP_MATCHES_RCVD=-3.096, SPF_PASS=-0.001, URIBL_BLOCKED=0.001]
    autolearn=no autolearn_force=no

URIBL_BLOCKED shows you are using still a dns-forwarder and so won't get
results from a lot of blacklists


fix that - use a local caching resolver with *no forwarding* and if you
are using dnsmasq just don't do that for a inbound mailserver

I found an instruction here for a debian system




DNSMASQ_OPTS="-r /etc/resolv.dnsmasq"

But it is using dnsmasq for local dns caching. I ve configured it, but I still see URIBL_BLOCKED=0.001 in a mail header.

with local caching it s a bit faster
# for i in {1..100}; do time dig slashdot.org @localhost; done 2>&1 | grep ^real | sed -e s/.*m// | awk '{sum += $1} END {print sum / NR}'

# for i in {1..100}; do time dig slashdot.org; done 2>&1 | grep ^real | sed -e s/.*m// | awk '{sum += $1} END {print sum / NR}'

Seems to work local dns caching but I dont understand why I shouldnt use it for inbound mailserver and why I still see URIBL_BLOCKED=0.00

Because you are forwarding your DNS to OpenDNS (, etc). You need to setup a DNS that does not do forwarding. I'm not sure dnsmasq can be configured this way.

If you remove dnsmasq and install bind, it will probably do what you want without any further configuration. To make sure, you can take a look at the main bind config file (/etc/named.conf on CentOS -- I don't know if it is different with Debian) and make sure there are no "forwarders" statements.


Reply via email to