BTW, you should also be either running a local DNS or something fast on your network for optimal performance.
Otherwise you can get some extremely delays from the lookups. Gary -----Original Message----- From: Matt Kettler [mailto:[EMAIL PROTECTED] Sent: Tuesday, May 18, 2004 10:04 AM To: chrisf; [EMAIL PROTECTED] Subject: Re: Outgoing DNS requests At 12:48 PM 5/18/2004, chrisf wrote: >My server is making a large number of DNS requests and I think it is >related to spamassassin. When I run tcpdump, I see a large number of >requests similar to the one below. It looks like its related to the RBL >checking from spamassassin. This shows up every few seconds. Is this >normal behavior or is it something I should be concerned about. If this >is not normal, any suggestions? I don't know what the covad.net address >is, but the osirusoft address is related to RBL, I believe. > >16:07:25.454770 IP 192.168.0.194.32769 > >h-68-167-172-114.lsanca54.covad.net.domain: 16002 >A?196.84.155.141.relays.osirusoft.com. (53) Ouch.. what ancient version of SA are you using? OSIRUSOFT has been dead for a long time (Since august of last year). You are correct, those DNS requests are related to RBLs, however it appears your version of SA is out-of-date and contains RBLs which have been shut-down and removed from current versions of SA. I'd suggest keeping up-to-date, or at least keeping an eye out for dead RBLs and setting their score to 0. For OSIRUSOFT I'd suggest this as a temporary fix until you can upgrade: score X_OSIRU_DUL 0.0 score X_OSIRU_DUL_FH 0.0 score X_OSIRU_OPEN_RELAY 0.0 score X_OSIRU_SPAMWARE_SITE 0.0 score X_OSIRU_SPAM_SRC 0.0 score RCVD_IN_OSIRUSOFT_COM 0
