Am 25.09.2014 um 19:44 schrieb Deeztek Support: > On 9/25/2014 1:25 PM, John Hardin wrote:. >> >> While your Postfix may be doing DNS blocklist checks on the sending MTA, >> I sincerely doubt that Postfix is parsing message bodies to pull out URI >> domains and checking them. That's what URIBL is. > > Is there a place to configure the URIBLs that SA uses or is it just buit-in?
built-in as long you disable/override just grep the .cf files in the update folder for URI >> Also, even if Postfix *was* doing that, the "URIBL_BLOCKED" rule hit >> indicates a local configuration that would likely also be affecting >> Postfix. So, yes, Postfix *might* be doing URIBL lookups, but if it is >> it's probably also getting the BLOCKED result. > > Actually that's not happening at all. None of the lists we are using are > blocking us. by luck or you don't know because most just respond with a special code instead the expected 127.0.0.x and not all dy long >> If you're running your own DNS server, it's apparently set to forward to >> a large upstream DNS server that's aggregating other queries with yours >> (i.e. a standard DNS setup). "URIBL_BLOCKED" means the DNS server that's >> actually hitting the URIBL server (your upstream) has exceeded the >> "free" query limit. > > You are right it is using an upstream server (opendns.com) that is plain wrong for a MTA do recursion at your own >> You might not want to switch your DNS to be recursive rather than >> forwarding for *all* your queries, in which case you'd set up a >> dedicated recursive DNS server just for MTA/SA use, and the rest of your >> network would continue to use your forwarding server. >> > > That shouldn't be too difficult to implement the better way would be have *two* recursion server in the own network and use them - nothing easier than combine recusrion and own zones
signature.asc
Description: OpenPGP digital signature
