My server is making a large number of DNS requests and I think it is related to spamassassin. When I run tcpdump, I see a large number of requests similar to the one below. It looks like its related to the RBL checking from spamassassin. This shows up every few seconds. Is this normal behavior or is it something I should be concerned about. If this is not normal, any suggestions? I don't know what the covad.net address is, but the osirusoft address is related to RBL, I believe.
16:07:25.454770 IP 192.168.0.194.32769 > h-68-167-172-114.lsanca54.covad.net.domain: 16002 A?196.84.155.141.relays.osirusoft.com. (53)
Ouch.. what ancient version of SA are you using? OSIRUSOFT has been dead for a long time (Since august of last year).
You are correct, those DNS requests are related to RBLs, however it appears your version of SA is out-of-date and contains RBLs which have been shut-down and removed from current versions of SA.
I'd suggest keeping up-to-date, or at least keeping an eye out for dead RBLs and setting their score to 0.
For OSIRUSOFT I'd suggest this as a temporary fix until you can upgrade:
score X_OSIRU_DUL 0.0 score X_OSIRU_DUL_FH 0.0 score X_OSIRU_OPEN_RELAY 0.0 score X_OSIRU_SPAMWARE_SITE 0.0 score X_OSIRU_SPAM_SRC 0.0 score RCVD_IN_OSIRUSOFT_COM 0
