SOLVED Query to URIBL was blocked - How do I set up a caching nameserver?

[DigitalEssence]

Hi,

Please speak slowly as I am a simple bear and easily confused.

Queries to RBL's are sometimes being blocked as my IP is being lumped in with others and we go over the daily limit and no further emails are blocked/filtered on RBL rules. This is causing a spike in incoming spam emails.

I've followed the link in the email headers and it says:

ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklistsX2Xdnsbl-block for more information.

My options are:
* Setting up my own non-forwarding caching nameserver to avoid being lumped together with other users queries;
* Setting up your own mirror of the DNS-blocklist
* Paying to use the blocklist. The choice is up to the DNS-Blocklist administrator.


When I test this on the CLI I get:

> host -tTXT 2.0.0.127.multi.uribl.com
> 2.0.0.127.multi.uribl.com descriptive text "127.0.0.1 -> Query Refused. See [URL='http://uribl.com/refused.shtml']URIBL.COM - Realtime URI Blacklist[/URL] for more information [Your DNS IP: 74.125.xx.xx]"

Which I think is a Google dns server.

looking in /etc/resolv.conf

# cat resolv.conf
# Generated by SolusVM
nameserver 8.8.8.8
nameserver 8.8.4.4
nameserver My.IP.ADDRESS

Can anyone advise how I setup my server to be a non-forwarding caching nameserver?

My hosting company had a go and I think they just commented out the Google servers leaving mine. This worked fine apart from one domain that I have a zone record for and host the website but the email is set to remote exchanger. I couldn't send email as it kept on bouncing as the server tried to deliver emails to itself. In this individual case, I don't actually hold the zone record as it and the nameservers are with another host. It just points web to me. Either way, I couldn't send emails which was no use.

Like I say, I am a simple bear so please speak slowly.

And all help appreciated.

Thanks.

 

[keat63]

I went through this 2 years ago, can I remember what I did ?
No.

Can i remember if I even rolled back.
No.

Did I find my original post.
Yes

DNS implications to modifying resolv.conf

hope this helps

 

[DigitalEssence]

Thanks for the link to your post.

It looks as though I need to add a dns_server directive to my /etc/mail/spamassassin/local.cf file rather than mucking around with resolv.conf.

I see that URIBL.COM - Realtime URI Blacklist provide public DNS feeds for low volume users and have a nice map but don't know whetehr I just need to ping say ff.uribl.com to find it's IP address to enter into the dns_server config.

UPDATE:

I use MailScanner for my spam scanning and while this does use SpamAssassin, it seems that this fix won't work.

I will continue digging.

 

[cPanelMichael]

Hello,

Have you considered using different resolvers in your /etc/resolv.conf file? For instance, does your data center offer their own resolvers for you to use instead of the Google public resolvers?

Thank you.

 

[DigitalEssence]

Thanks for everyone's help, I'm all sorted!

The issue was that the host added my server IP address in resolv.conf where it should have been the Loopback address. Once I'd added this to the top of the list, Exim started to block emails based on RBL checks and then a quick restart of MailScanner and I'm seeing RBL checks in the logs and no blocked messages.

I've kept in the original Google servers as a fallback (I assume that's how it works) and for anyone else with this issue, here is a copy of my resolv.conf

> cat resolv.conf
# Generated by SolusVM
nameserver 127.0.0.1
nameserver 8.8.8.8
nameserver 8.8.4.4


Thanks,

Heds

 

[cPanelMichael]

I'm happy to see the issue is now resolved. Thank you for updating us with the outcome.

 

[aztopdavid]

DNS implications to modifying resolv.conf

hope this helps

Yes, it just helped me. My SpamAssassin queries to URIBL and DNSWL have been blocked for well over a year, and it was finally resolved by adding dns_server 127.0.0.0 to /etc/mail/spamassassin/local.cf (see the "DNS implications..." link for more details).

 

[Dhrupodi]

Yes, it just helped me. My SpamAssassin queries to URIBL and DNSWL have been blocked for well over a year, and it was finally resolved by adding dns_server 127.0.0.0 to /etc/mail/spamassassin/local.cf (see the "DNS implications..." link for more details).

Hi!

could you share your /etc/mail/spamassassin/local.cf and /etc/resolv.conf files?

 

[aztopdavid]

I'll give you just the relevant bits:

In my /etc/mail/spamassassin/l local.cf file, I added this at the end:

dns_server 127.0.0.1 # added to fix blocking of URIBL and DNSWL queries

My resolv.conf file has two "nameserver" entries with the ip addresses of two of my host's resolvers

 

[Dhrupodi]

I'll give you just the relevant bits:

In my /etc/mail/spamassassin/l local.cf file, I added this at the end:

dns_server 127.0.0.1 # added to fix blocking of URIBL and DNSWL queries

My resolv.conf file has two "nameserver" entries with the ip addresses of two of my host's resolvers

Thanks a lot for clarifying this.

Apart from a cPanel server, I have a DA server where I put the following:

cat /etc/resolv.conf

nameserver 127.0.0.1
nameserver 74.x.x.x
nameserver 74.x.x.x

After adding the loopback address, the issue appears to have been solved, but effectively made the server a recursive DNS resolver.


I will try the local.cnf method on the cPanel server now.

 

[renecd]

Suggestions here assume using Bind. Powerdns, which appears to be the recommended solution, does not provide a caching nameserver. How to fix?

Ordinarily I'd just install a Powerdns Recursor, but I'm always a bit worried about how that will affect WHM's own Powerdns Auth server.