On Wed, 2015-05-13 at 14:08 +0000, David Jones wrote:
> >From: Chris <cpoll...@embarqmail.com>
> >Sent: Wednesday, May 13, 2015 8:50 AM
> >To: Jeremy McSpadden
> >Cc: users@spamassassin.apache.org
> >Subject: Re: Turning off queries to SORBS
>
> >On Wed, 2015-05-13 at 02:05 +0000, Jeremy McSpadden wrote:
> >> dig +trace and see if your ISP is intercepting queries.
> >>
> >> --
> >> Jeremy McSpadden | Flux Labs
> >> Local - 850-250-5590x501 | Mobile - 850-890-2543
> >> Fax - 850-254-2955 | Toll Free - 877-699-FLUX
> >> Web - http://www.fluxlabs.net
> >>
> >Jeremy, I'm replying to you again and Ccing the list which I forgot to
> >do last night. Below are the results of the above command. I don't see
> >anywhere my ISP is involved. I've put the output on pastebin so it
> >doesn't get mangled here on the list dig +trace
> >54.139.130.12.dnsbl.sorbs.net
>
> >http://pastebin.com/up0A2xD1
>
> Dig +trace doesn't work quite like that. It will show you exactly what a
> recursive DNS server would do on a client's behalf when doing a full
> recursive query to the Internet -- not forwarding to another DNS caching
> server. It's very helpful to troubleshoot DNS servers giving bad/stale info
> but it's not able to help you see your DNS query flow.
>
> You just have to look at your /etc/resolv.conf to see where it's pointed and
> start there. If you aren't sure that the DNS server in /etc/resolv.conf isn't
> doing full recursive lookups on it's own, then you need to find one or stand
> up your own private DNS server so you know what it's doing for sure.
>
> If you have a high volume of mail (more than a few hundred to a thousand
> mailboxes as a rough number), I would recommend setting up your own DNS
> recursive server (PowerDNS recursor or BIND) with forwarding disabled. Then
> also setup the same thing on each SA mail server but forward to your new
> private DNS server, then update the /etc/resolv.conf to point to 127.0.0.1.
>
> SA server (/etc/resolv.conf) -> 127.0.0.1 -> private DNS server (not
> forwarding) -> Internet
>
> >Chris
>
> >> On May 12, 2015, at 8:49 PM, Chris <cpoll...@embarqmail.com> wrote:
> >>
> >>
> >> > Is there a way to turn off queries to SORBS so I don't keep seeing
> >> > this
> >> > in my logs:
> >> >
> >> > error (connection refused) resolving
> >> > '23.164.11.209.dnsbl.sorbs.net/A/IN': 67.228.187.34#53
> >> >
> >> > I have Bind9 setup as a caching name server and am using 127.0.0.1
> >> > as my
> >> > DNS
>
> >--
> >Chris
> >KeyID 0xE372A7DA98E6705C
> >31.11°N 97.89°W (Elev. 1092 ft)
> >08:44:59 up 2 days, 2:54, 3 users, load average: 0.20, 0.18, 0.23
> >Ubuntu 14.04.2 LTS, kernel 4.0.0-997-generic #201503310205 SMP Tue Mar
> >31 02:07:04 UTC 2015
>
David, here is my /etc/resolv.conf
# Dynamic resolv.conf(5) file for glibc resolver(3) generated by
resolvconf(8)
# DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
nameserver 127.0.0.1
nameserver 127.0.0.1
search PK5001Z
I only get <100 emails a day, most are directed to the appropriate boxes
by procmail even before they get routed through SA. The rest, maybe 30
or so are either going to be marked as ham or spam by SA.
My /etc/bind/named.conf.options
acl goodclients {
127.0.0.1;
localhost;
localnets;
};
options {
directory "/var/cache/bind";
recursion yes;
allow-query { goodclients; };
dnssec-validation auto;
auth-nxdomain no; # conform to RFC1035
listen-on-v6 { any; };
};
My /etc/network/interfaces
# interfaces(5) file used by ifup(8) and ifdown(8)
auto lo
iface lo inet loopback
dns-nameservers 127.0.0.1
--
Chris
KeyID 0xE372A7DA98E6705C
31.11°N 97.89°W (Elev. 1092 ft)
11:10:30 up 2 days, 5:19, 1 user, load average: 0.08, 0.12, 0.13
Ubuntu 14.04.2 LTS, kernel 4.0.0-997-generic #201503310205 SMP Tue Mar
31 02:07:04 UTC 2015
