Am 02.12.2014 um 14:16 schrieb Mark Martinec:
Matteo Dessalvi wrote:I have a short question about the dns_server option of SA. Is this option used when SA is called from Amavis and there isn't any spamd process running?Yes it is.To be more clear: should I also be forced to add the IP address of the caching DNS server to /etc/resolv.conf or the option would be sufficient?The dns_server only affects SpamAssassin. If you want other applications on that host to also use the same recursive name server, its address needs to be in /etc/resolv.conf. For example DKIM validation is done by amavisd calling Net::DNS directly, which has no idea about SpamAssassin settings. Similarly a milter or MTA
i would recommend setup unbound on 127.0.0.1, let do it recursion directly and configure internal zones as forwarders which can also including a forwarding to a rbldnsd running on 127.0.0.1 using a different port
so /etc/resolv.conf just contains 127.0.0.1 see below how that could look like * one source for all services * local caching * no problems with DNS blacklists by doing recursion instead share a forwarder exceeding limits __________________________________________________ minimal-responses: yes interface: 127.0.0.1 access-control: 127.0.0.0/8 allow local-zone: "192.in-addr.arpa." nodefault forward-zone: name: "dnsbl.thelounge.net" forward-addr: 127.0.0.1@1053 forward-zone: name: "thelounge.net" forward-addr: 192.168.196.6 forward-addr: 192.168.196.106 stub-zone: name: "192.in-addr.arpa." stub-addr: 192.168.196.6 stub-addr: 192.168.196.106 __________________________________________________
signature.asc
Description: OpenPGP digital signature