On 9/25/2014 1:25 PM, John Hardin wrote:.
>
> While your Postfix may be doing DNS blocklist checks on the sending MTA,
> I sincerely doubt that Postfix is parsing message bodies to pull out URI
> domains and checking them. That's what URIBL is.
Is there a place to configure the URIBLs that SA uses or is it just buit-in?
>
> Also, even if Postfix *was* doing that, the "URIBL_BLOCKED" rule hit
> indicates a local configuration that would likely also be affecting
> Postfix. So, yes, Postfix *might* be doing URIBL lookups, but if it is
> it's probably also getting the BLOCKED result.
>
Actually that's not happening at all. None of the lists we are using are
blocking us.
>
> If you're running your own DNS server, it's apparently set to forward to
> a large upstream DNS server that's aggregating other queries with yours
> (i.e. a standard DNS setup). "URIBL_BLOCKED" means the DNS server that's
> actually hitting the URIBL server (your upstream) has exceeded the
> "free" query limit.
>
You are right it is using an upstream server (opendns.com)
> You might not want to switch your DNS to be recursive rather than
> forwarding for *all* your queries, in which case you'd set up a
> dedicated recursive DNS server just for MTA/SA use, and the rest of your
> network would continue to use your forwarding server.
>
That shouldn't be too difficult to implement.
