spamassassin-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dominic Raferd <domi...@timedicer.co.uk>
Subject Re: DNS and RBL problems
Date Sat, 15 Sep 2018 07:42:03 GMT


On 15/09/2018 02:44, Alex wrote:
> On Fri, Sep 14, 2018 at 4:24 PM Daniel J. Luke <dluke@geeklair.net> wrote:
>> On Sep 14, 2018, at 3:26 PM, Kevin A. McGrail <kmcgrail@apache.org> wrote:
>>> On 9/14/2018 3:22 PM, Alex wrote:
>>>> I wish it were that easy. /etc/resolv.conf is set up to use 127.0.0.1,
>>>> which is bind configured as a my local caching resolver.
>>> Sinister issues like this are hard.  I'll try and escalate our plans for
>>> rsync access.
>> Alex - have you looked at bad checksum counters on the host? (netstat -s) - I've
seen strange issues before with broken network hardware (or bugs in switch/router code) caused
changes to packets as they passed through the 'bad' device. The first hints were those counters
increasing at the same time as the mysterious issue happening.
> I don't see anything relating to bad checksums with netstat :-( I've
> also tried numerous ethtool config changes. I've also looked through
> hundreds of packets with tcpdump and wireshark.
>
> This isn't a spamassassin message, but does anyone with a postfix
> system ever see similar "Name service error" messages such as the one
> below?
>
> Sep 14 21:12:54 mail03 postfix/dnsblog[3713]: warning: dnsblog_query:
> lookup error for DNS query 239.242.238.54.ubl.unsubscore.com: Host or
> domain name not found. Name service error for
> name=239.242.238.54.ubl.unsubscore.com type=A: Host not found, try
> again
>
> It appears to occur quite frequently, and on multiple unrelated
> systems. I'd love to find out what's causing it. The postfix people
> ascribed it to a remote server problem, but I can't believe virtually
> all RBLs, including spamhaus, would have such intermittent problems
> with *their* name servers.

On one of our mailservers (but not others, which are at different 
locations with different isps) we had a problem with queries to rbls 
being blocked either by the rbls themselves or by one of the 
intermediate dns servers. So we set up local bind9 resolver; it uses 
forwarding for normal queries but for the rbls we set up special zones 
to prevent forwarding. Example:

zone "hostkarma.junkemailfilter.com" { type forward; forward first; 
forwarders {}; };

This solved nearly all our problems - we still see b.barracuda.org 
refusing some queries from this mailserver (despite this ip being 
registered with them). But not from our other mailservers, and not any 
other rbls.

Mime
View raw message