>From: Reindl Harald <h.rei...@thelounge.net> >Sent: Wednesday, May 13, 2015 11:53 AM >To: users@spamassassin.apache.org >Subject: Re: Turning off queries to SORBS
>Am 13.05.2015 um 18:17 schrieb Chris: >> # Dynamic resolv.conf(5) file for glibc resolver(3) generated by >> resolvconf(8) >> # DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN >> nameserver 127.0.0.1 >> >> >> nameserver 127.0.0.1 >> search PK5001Z >as already suggested days ago REMOVE "search PK5001Z" because that may >end for unqualified queries (missing trailing dot) to first ask >"whatever.PK5001Z" and if they make it to RBL's the reaction likely is >refuse further queries because a broken resolver detcted That's not how the search is used in the resolv.conf. It's used when the query contains no dots like a short name. If someone queried for "test" with that resolv.conf, it would try "test.PK5001Z" which isn't a valid zone. That doesn't mean a query of "example.com" would become "example.com.PK5001Z" like you said above. You are correct about it being a broken query and it should be removed but that isn't causing "connection refused" errors. You should be pointing to a reliable DNS resolver, like 127.0.0.1 in this case. Then it should either be doing direct lookups or forwarding to a known reliable DNS resolver that is not forwarding to an ISP DNS server like 8.8.8.8. Unbound is a good suggestion. Even dnsmasq would be easy to setup (just disable the DHCP server). "Connection refused" errors are specific UDP responses from upstream DNS servers that are being denied due to rate limiting, bad query packets, or something that simply ticked off that upstream DNS server. I would point to a different DNS server or disable forwarding on the local DNS cache and do my own recursive lookups and the "connection refused" messages should go away.