On 30/04/15 09:56, Marieke Janssen wrote: > Hi, > > Besides your awl problem, you have other problems. > > 0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was > blocked. > See > > http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block > for more information. > [URIs: world-plants.ru] > > You are blocked, This probably means you are using either public nameservers > or do too much queries. Running a dedicated nameserver on localhost > (dnsmasq,bind,unbound,whatever) can solve this (and besides that, it speeds > things up). > If you fix this chances are you get scores high enough to compensate/correct > AWL. > > In SpamAssassin 3.4.1 there is a TxRep module, maybe you'll find it > interesting. It decayes the learned scores over time (and other neat stuff). > You can migrate existing AWL data to TxRep. (make sure to backup it first so > you can go back). > >
Thanks Marieke,
I have the mail server and a separate name server set up in a DMZ. The name
server already runs as a
caching nameserver but does forwarding to our ISP. I'm not sure how the
non-caching works to
eliminate this problem. Is it correct that currently, because I'm forwarding,
the DNSBL query is
denied because the DNSBL server thinks I'm the ISP making a query? Sorry, I'm
not understanding the
mechanism.
If bind is going to forward lookups for DNSBL servers to a null list, will the
cache have a record
to look up at all?
e.g.
/* Disable forwarding for DNSBL queries */
zone "multi.uribl.com" { type forward; forward first; forwarders {}; };
zone "dnsbl.sorbs.net" { type forward; forward first; forwarders {}; };
Does this rely on the caching namesever having already looked up and cached the
DNSBL servers?
BTW, I do have rbldnsd set up on the caching nameserver in my DMZ. Is that
useful in any way to
resolve this issue?
signature.asc
Description: OpenPGP digital signature
