On Thu, 22 Sep 2016, Thomas Barth wrote:
Am 21.09.2016 um 16:13 schrieb li...@rhsoft.net:
URIBL_BLOCKED shows you are using still a dns-forwarder and so won't get
results from a lot of blacklists
fix that - use a local caching resolver with *no forwarding* and if you
are using dnsmasq just don't do that for a inbound mailserver
I found an instruction here for a debian system
https://manageacloud.com/configuration/local_dns_caching
Seems to work local dns caching but I dont understand why I shouldnt use it
for inbound mailserver and why I still see URIBL_BLOCKED=0.001
Lists shouldn't have said "caching", that confuses the issue. Caching and
recursion are two different, unrelated pieces.
Focus on the "recursion" and "no forwarding" parts of that recommendation.
If you're configuring a non-local DNS server's IP address anywhere in the
mix (ignoring for the moment the root zones), you're doing it wrong.
As far as I understand it, dnsmasq cannot be used for local recursion;
it's purely a lightweight local DNS cache layer. That's why Lists said
don't use it for inpbound mail.
You may have to install the full BIND package and tell it to not forward.
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhar...@impsec.org FALaholic #11174 pgpk -a jhar...@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
A government is a lot like a gun: It's always loaded,
and it's stupid and dangerous to point it at anything
you don't intend to hurt. -- GOF at TSM
-----------------------------------------------------------------------
275 days since the first successful real return to launch site (SpaceX)