On 08/14/2013 05:41 PM, Nigel Smith wrote:
As I posted previously, the safer way to do it is to tell your recursor
to forward all spamhaus queries to you local rblsnd and NOT to tinker
with SA rules but then...
My local recursor does forward to rbldnsd, as per their instructions...
zone "dnsbl" {
type forward;
forward only;
forwarders {
XXXXXXX port 10099;
};
};
Just checked the documentation Spamhaus provide..... they suggest the following
in the local.cf...... which is very similar to what I've been doing, is it not
? (admittedly the below was not in the documentation a the time, so my
local.cf additions were home-brew).
header __RCVD_IN_ZEN eval:check_rbl('zen','zen.dnsbl.') header RCVD_IN_XBL
eval:check_rbl('zen-lastexternal', 'zen.dnsbl.','127.0.0.[45678]') header
RCVD_IN_PBL eval:check_rbl('zen-lastexternal', 'zen.dnsbl.', '127.0.0.1[01]')
uridnssub URIBL_SBL zen.dnsbl. A 127.0.0.2 urirhssub URIBL_DBL_SPAM
dbl.dnsbl. A 127.0.1.2 urirhssub URIBL_DBL_REDIR dbl.dnsbl. A 127.0.1.3
urirhssub URIBL_DBL_ERROR dbl.dnsbl. A 127.0.1.255
>
I'm not a bind user/expert but (somebody pls verify this), to run
without having to change SA rules this should looks like:
(I use PDNS)
zone "zen.spamhaus.org" {
type forward;
forward only;
forwarders {
XXXXXXX port 10099;
};
zone "sbl.spamhaus.org" {
type forward;
forward only;
forwarders {
XXXXXXX port 10099;
};
zone "xbl.spamhaus.org" {
type forward;
forward only;
forwarders {
XXXXXXX port 10099;
};
zone "sbl-xbl.spamhaus.org" {
type forward;
forward only;
forwarders {
XXXXXXX port 10099;
};
zone "dbl.spamhaus.org" {
type forward;
forward only;
forwarders {
XXXXXXX port 10099;
};
