From users-return-118842-archive-asf-public=cust-asf.ponee.io@spamassassin.apache.org Sat Sep 15 09:42:20 2018 Return-Path: X-Original-To: archive-asf-public@cust-asf.ponee.io Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by mx-eu-01.ponee.io (Postfix) with SMTP id 99A6A180629 for ; Sat, 15 Sep 2018 09:42:19 +0200 (CEST) Received: (qmail 87120 invoked by uid 500); 15 Sep 2018 07:42:17 -0000 Mailing-List: contact users-help@spamassassin.apache.org; run by ezmlm Precedence: bulk list-help: list-unsubscribe: List-Post: List-Id: Delivered-To: mailing list users@spamassassin.apache.org Received: (qmail 87105 invoked by uid 99); 15 Sep 2018 07:42:17 -0000 Received: from pnap-us-west-generic-nat.apache.org (HELO spamd4-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Sat, 15 Sep 2018 07:42:17 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd4-us-west.apache.org (ASF Mail Server at spamd4-us-west.apache.org) with ESMTP id 8D23DC03DE for ; Sat, 15 Sep 2018 07:42:16 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd4-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: 4.848 X-Spam-Level: **** X-Spam-Status: No, score=4.848 tagged_above=-999 required=6.31 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, KAM_COUK=0.85, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, URIBL_SBL=4, URIBL_SBL_A=0.1] autolearn=disabled Authentication-Results: spamd4-us-west.apache.org (amavisd-new); dkim=pass (1024-bit key) header.d=timedicer.co.uk Received: from mx1-lw-us.apache.org ([10.40.0.8]) by localhost (spamd4-us-west.apache.org [10.40.0.11]) (amavisd-new, port 10024) with ESMTP id 5T6nDlCWyZ1J for ; Sat, 15 Sep 2018 07:42:15 +0000 (UTC) Received: from stocktonflats.co.uk (stocktonflats.co.uk [62.31.71.15]) by mx1-lw-us.apache.org (ASF Mail Server at mx1-lw-us.apache.org) with ESMTPS id 01E455F3E2 for ; Sat, 15 Sep 2018 07:42:14 +0000 (UTC) Received: from [0.0.0.0] (unknown [192.168.0.1]) by stocktonflats.co.uk (Postfix) with ESMTPSA id E4F676017A for ; Sat, 15 Sep 2018 08:42:03 +0100 (BST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=timedicer.co.uk; s=mail; t=1536997324; bh=SoETjq9atqHzHyiujMIKKMdznATrVtuVsUbu7TJ7ADg=; h=Subject:To:References:From:Date:In-Reply-To:From; b=gHm5UlX6Kfo25m7Xqiz0PrvDGa6DcbILqzHg9kLmUP9SBAkuqtuPZ2vgqyZtt7d4J eGfkJ/ETRP7Mjbi938e7YpBtj944p6Ex5Owgri3RP96oUajXpvH3psmBEf6wEYD0d/ XEZksPkmEFHsJFHu1CVk8W/7DKksbRmZQkAUr2lg= Subject: Re: DNS and RBL problems To: users@spamassassin.apache.org References: <30da59ad-6c89-e4b4-56a0-3964f2dfd64f@invaluement.com> <034A963D-BBF2-4AD8-8D64-51C927488996@geeklair.net> From: Dominic Raferd Message-ID: Date: Sat, 15 Sep 2018 08:42:03 +0100 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.5.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit On 15/09/2018 02:44, Alex wrote: > On Fri, Sep 14, 2018 at 4:24 PM Daniel J. Luke wrote: >> On Sep 14, 2018, at 3:26 PM, Kevin A. McGrail wrote: >>> On 9/14/2018 3:22 PM, Alex wrote: >>>> I wish it were that easy. /etc/resolv.conf is set up to use 127.0.0.1, >>>> which is bind configured as a my local caching resolver. >>> Sinister issues like this are hard. I'll try and escalate our plans for >>> rsync access. >> Alex - have you looked at bad checksum counters on the host? (netstat -s) - I've seen strange issues before with broken network hardware (or bugs in switch/router code) caused changes to packets as they passed through the 'bad' device. The first hints were those counters increasing at the same time as the mysterious issue happening. > I don't see anything relating to bad checksums with netstat :-( I've > also tried numerous ethtool config changes. I've also looked through > hundreds of packets with tcpdump and wireshark. > > This isn't a spamassassin message, but does anyone with a postfix > system ever see similar "Name service error" messages such as the one > below? > > Sep 14 21:12:54 mail03 postfix/dnsblog[3713]: warning: dnsblog_query: > lookup error for DNS query 239.242.238.54.ubl.unsubscore.com: Host or > domain name not found. Name service error for > name=239.242.238.54.ubl.unsubscore.com type=A: Host not found, try > again > > It appears to occur quite frequently, and on multiple unrelated > systems. I'd love to find out what's causing it. The postfix people > ascribed it to a remote server problem, but I can't believe virtually > all RBLs, including spamhaus, would have such intermittent problems > with *their* name servers. On one of our mailservers (but not others, which are at different locations with different isps) we had a problem with queries to rbls being blocked either by the rbls themselves or by one of the intermediate dns servers. So we set up local bind9 resolver; it uses forwarding for normal queries but for the rbls we set up special zones to prevent forwarding. Example: zone "hostkarma.junkemailfilter.com" { type forward; forward first; forwarders {}; }; This solved nearly all our problems - we still see b.barracuda.org refusing some queries from this mailserver (despite this ip being registered with them). But not from our other mailservers, and not any other rbls.