On 30/04/15 09:56, Marieke Janssen wrote: > Hi, > > Besides your awl problem, you have other problems. > > 0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was > blocked. > See > > http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block > for more information. > [URIs: world-plants.ru] > > You are blocked, This probably means you are using either public nameservers > or do too much queries. Running a dedicated nameserver on localhost > (dnsmasq,bind,unbound,whatever) can solve this (and besides that, it speeds > things up). > If you fix this chances are you get scores high enough to compensate/correct > AWL. > > In SpamAssassin 3.4.1 there is a TxRep module, maybe you'll find it > interesting. It decayes the learned scores over time (and other neat stuff). > You can migrate existing AWL data to TxRep. (make sure to backup it first so > you can go back). > >
Thanks Marieke, I have the mail server and a separate name server set up in a DMZ. The name server already runs as a caching nameserver but does forwarding to our ISP. I'm not sure how the non-caching works to eliminate this problem. Is it correct that currently, because I'm forwarding, the DNSBL query is denied because the DNSBL server thinks I'm the ISP making a query? Sorry, I'm not understanding the mechanism. If bind is going to forward lookups for DNSBL servers to a null list, will the cache have a record to look up at all? e.g. /* Disable forwarding for DNSBL queries */ zone "multi.uribl.com" { type forward; forward first; forwarders {}; }; zone "dnsbl.sorbs.net" { type forward; forward first; forwarders {}; }; Does this rely on the caching namesever having already looked up and cached the DNSBL servers? BTW, I do have rbldnsd set up on the caching nameserver in my DMZ. Is that useful in any way to resolve this issue?
signature.asc
Description: OpenPGP digital signature