On 3/27/23 11:17, Cyril - ImprovMX via mailop wrote:
Making DNSBL queries through open DNS servers is forbidden/discouraged by most of the DNSBL providers. Obviously, you are not alone doing it, so those servers are making a lot of queries and get rate limited/banned.Hi everyone!We have a few SpamAssassin servers running that test against services such as SpamHaus, URIBL, etc.We often have our queries blocked because we go beyond the free usage.As such, we started a trial with SpamHaus, and the result is that we query around 8M times per day.Our current infrastructure is a set of SA servers that use our (local network) DNS server - Unbound, to optimize the queries (caching and the like).I'm not an expert on Unbound and would love your input on how we can fine-tune it to work better on caching the requests made to SpamHaus and reducing the number of queries we are doing.Right now, here's our Unbound.conf file: https://pastebin.com/PZWUn4My <https://pastebin.com/PZWUn4My> Just in case, here's our current SA file: https://pastebin.com/E2y1Yqm8 <https://pastebin.com/E2y1Yqm8>If any of you have any suggestions on how we can optimize these configurations, I'd love to have your feedback!
Setting your cache-min-ttl higher than what is told by the DNS servers might improve your caching, but might also cause false positives if the IP has been removed from the list. And setting a cache-max-ttl isn't going to improve anything, all the contrary.
Please also be aware that many DNSBL providers have subscriptions for commercial senders like you, and that's probably the way to go. If you cannot afford paying for them, maybe your pricing model is wrong.
There are obvious ways to bypass rate limiting (although it probably doesn't scale that well), but I am not going to divulge that as this is the best way to get many free lists non free anymore.
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
