On Thu, 25 Sep 2014, Deeztek Support wrote:
as already suggested by John Hardin, fix URIBL_BLOCKED=0.001
"Also: URIBL_BLOCKED - you really want to set up a local recursive
(non-forwarding) DNS server for SA so that your URIBL lookups will work,
that might help a lot. "
I can certainly try that, however seeing that I'm implementing block lists on
the postfix level, wouldn't that double the lookups? And as an FYI, I'm
running my own DNS server.
While your Postfix may be doing DNS blocklist checks on the sending MTA, I
sincerely doubt that Postfix is parsing message bodies to pull out URI
domains and checking them. That's what URIBL is.
Also, even if Postfix *was* doing that, the "URIBL_BLOCKED" rule hit
indicates a local configuration that would likely also be affecting
Postfix. So, yes, Postfix *might* be doing URIBL lookups, but if it is
it's probably also getting the BLOCKED result.
If you're running your own DNS server, it's apparently set to forward to a
large upstream DNS server that's aggregating other queries with yours
(i.e. a standard DNS setup). "URIBL_BLOCKED" means the DNS server that's
actually hitting the URIBL server (your upstream) has exceeded the "free"
query limit.
You might not want to switch your DNS to be recursive rather than
forwarding for *all* your queries, in which case you'd set up a dedicated
recursive DNS server just for MTA/SA use, and the rest of your network
would continue to use your forwarding server.
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhar...@impsec.org FALaholic #11174 pgpk -a jhar...@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
A good high-school education is still essential, and
college is where you go to get one. -- MiddleAgedKen
-----------------------------------------------------------------------
847 days since the first successful private support mission to ISS (SpaceX)
