Loading ...
Sorry, an error occurred while loading the content.

dnsblog lookup error questions

Expand Messages
  • Alex
    Hi, I have a fc15 server with postfix-2.8.10 and have enabled postscreen. I ve enabled it before without any difficulty, so I m not sure what I m doing wrong
    Message 1 of 14 , Oct 31, 2012
    • 0 Attachment
      Hi,

      I have a fc15 server with postfix-2.8.10 and have enabled postscreen.
      I've enabled it before without any difficulty, so I'm not sure what
      I'm doing wrong in this case. For some reason it is printing these
      errors periodically:

      Oct 31 23:41:15 portal postfix/dnsblog[1520]: warning: dnsblog_query:
      lookup error for DNS query 23.49.18.189.zen.spamhaus.org: Host or
      domain name not found. Name service error for
      name=23.49.18.189.zen.spamhaus.org type=A: Host not found, try again

      Does this simply mean it wasn't found in spamhaus and is recording
      that? I've included my postconf output below. Any help greatly
      appreciated. I've changed my domain to 'mydomain' below.

      alias_database = hash:/etc/postfix/aliases
      alias_maps = hash:/etc/postfix/aliases
      allow_mail_to_files = alias,forward
      always_bcc = bcc-user
      biff = no
      body_checks = regexp:/etc/postfix/body_checks.pcre
      bounce_queue_lifetime = 2d
      command_directory = /usr/sbin
      config_directory = /etc/postfix
      content_filter = smtp-amavis:[127.0.0.1]:10024
      daemon_directory = /usr/libexec/postfix
      data_directory = /var/lib/postfix
      default_process_limit = 140
      delay_warning_time = 4h
      disable_mime_input_processing = no
      disable_vrfy_command = yes
      header_checks = pcre:/etc/postfix/header_checks
      html_directory = no
      initial_destination_concurrency = 20
      mail_owner = postfix
      mailbox_command = /usr/bin/procmail
      mailbox_size_limit = 821200000
      mailq_path = /usr/bin/mailq
      manpage_directory = /usr/share/man
      maximal_queue_lifetime = 2d
      message_size_limit = 50240000
      mime_header_checks = pcre:/etc/postfix/mime_header_checks
      mydestination = $myhostname, localhost.$mydomain
      mynetworks = 127.0.0.0/8, 192.168.1.0/24, 68.XXX.YYY.40/29,
      64.XXX.YYY.0/27, 66.XXX.YYY.96/28
      newaliases_path = /usr/bin/newaliases
      postscreen_access_list = permit_mynetworks,
      cidr:/etc/postfix/postscreen_access.cidr
      postscreen_blacklist_action = enforce
      postscreen_dnsbl_action = enforce
      postscreen_dnsbl_sites = zen.spamhaus.org*2 bl.spamcop.net*1
      b.barracudacentral.org*1
      postscreen_dnsbl_threshold = 2
      postscreen_greet_action = enforce
      queue_directory = /var/spool/postfix
      rbl_reply_maps = ${stress?hash:/etc/postfix/rbl_reply_maps}
      readme_directory = /usr/share/doc/postfix-2.8.10/README_FILES
      relay_domains = $mydestination, $transport_maps
      sample_directory = /usr/share/doc/postfix-2.8.10/samples
      sendmail_path = /usr/sbin/sendmail
      setgid_group = postdrop
      smtp_send_xforward_command = yes
      smtp_tls_CAfile = /etc/pki/tls/certs/ca-bundle.crt
      smtp_tls_note_starttls_offer = yes
      smtp_use_tls = yes
      smtpd_authorized_xforward_hosts = $mynetworks
      smtpd_client_restrictions = check_client_access
      cidr:/etc/postfix/sinokorea.cidr, check_client_access
      cidr:/etc/postfix/asian-ip5.txt
      smtpd_recipient_restrictions = reject_non_fqdn_recipient,
      check_client_access hash:/etc/postfix/client_checks_special,
      check_sender_access hash:/etc/postfix/sender_checks_special,
      reject_non_fqdn_sender, permit_mynetworks,
      permit_sasl_authenticated, reject_unauth_destination,
      reject_unknown_sender_domain, reject_unknown_recipient_domain,
      reject_invalid_helo_hostname, check_recipient_access
      pcre:/etc/postfix/relay_recips_ecartis, check_client_access
      hash:/etc/postfix/client_checks, check_sender_access
      hash:/etc/postfix/sender_checks, check_recipient_access
      pcre:/etc/postfix/relay_recips_access, permit
      smtpd_sasl_auth_enable = yes
      smtpd_sasl_authenticated_header = yes
      smtpd_sasl_local_domain = $myhostname
      smtpd_sasl_path = private/auth
      smtpd_sasl_security_options = noanonymous, noplaintext
      smtpd_sasl_tls_security_options = noanonymous
      smtpd_sasl_type = dovecot
      smtpd_tls_ask_ccert = yes
      smtpd_tls_auth_only = yes
      smtpd_tls_cert_file = /etc/postfix/newcert/mydomain-startssl-cert.pem
      smtpd_tls_key_file = /etc/postfix/newcert/mydomain-startssl.key
      smtpd_tls_loglevel = 2
      smtpd_tls_received_header = yes
      smtpd_tls_req_ccert = no
      smtpd_tls_security_level = may
      smtpd_tls_session_cache_database =
      btree:/var/lib/postfix/smtpd_tls_session_cache
      tls_random_source = dev:/dev/urandom
      transport_maps = hash:/etc/postfix/transport
      virtual_alias_maps = hash:/etc/postfix/virtual

      For rbl_reply_maps I have the following:
      zen.spamhaus.org=127.0.0.10 521 4.7.1 Service unavailable; $rbl_class
      [$rbl_what] blocked using $rbl_domain${rbl_reason?; $rbl_reason}
      zen.spamhaus.org=127.0.0.11 521 4.7.1 Service unavailable; $rbl_class
      [$rbl_what] blocked using $rbl_domain${rbl_reason?; $rbl_reason}




      Thanks,
      Alex
    • Ralf Hildebrandt
      ... cat /etc/resolv.conf postfix check what s the output of those? ... No, it s a DNS lookup error (SERVFAIL) -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46
      Message 2 of 14 , Nov 1, 2012
      • 0 Attachment
        * Alex <mysqlstudent@...>:
        > Hi,
        >
        > I have a fc15 server with postfix-2.8.10 and have enabled postscreen.
        > I've enabled it before without any difficulty, so I'm not sure what
        > I'm doing wrong in this case. For some reason it is printing these
        > errors periodically:
        >
        > Oct 31 23:41:15 portal postfix/dnsblog[1520]: warning: dnsblog_query:
        > lookup error for DNS query 23.49.18.189.zen.spamhaus.org: Host or
        > domain name not found. Name service error for
        > name=23.49.18.189.zen.spamhaus.org type=A: Host not found, try again

        cat /etc/resolv.conf
        postfix check

        what's the output of those?

        > Does this simply mean it wasn't found in spamhaus and is recording
        > that?

        No, it's a DNS lookup error (SERVFAIL)

        --
        [*] sys4 AG

        http://sys4.de, +49 (89) 30 90 46 64
        Franziskanerstraße 15, 81669 München

        Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
        Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer
        Aufsichtsratsvorsitzender: Joerg Heidrich
      • Alex
        Hi, ... It s set up to use the local caching server, and doesn t otherwise have any resolution issues. Even when I try to resolve that host using 8.8.4.4, it
        Message 3 of 14 , Nov 1, 2012
        • 0 Attachment
          Hi,

          >> I have a fc15 server with postfix-2.8.10 and have enabled postscreen.
          >> I've enabled it before without any difficulty, so I'm not sure what
          >> I'm doing wrong in this case. For some reason it is printing these
          >> errors periodically:
          >>
          >> Oct 31 23:41:15 portal postfix/dnsblog[1520]: warning: dnsblog_query:
          >> lookup error for DNS query 23.49.18.189.zen.spamhaus.org: Host or
          >> domain name not found. Name service error for
          >> name=23.49.18.189.zen.spamhaus.org type=A: Host not found, try again
          >
          > cat /etc/resolv.conf
          > postfix check
          >
          > what's the output of those?

          It's set up to use the local caching server, and doesn't otherwise
          have any resolution issues. Even when I try to resolve that host using
          8.8.4.4, it returns NXDOMAIN. I've changed resolv.conf to use 8.8.4.4
          and it returns the same result:

          Nov 1 08:54:46 portal postfix/dnsblog[18803]: warning: dnsblog_query:
          lookup error for DNS query 7.39.158.213.zen.spamhaus.org: Host or
          domain name not found. Name service error for
          name=7.39.158.213.zen.spamhaus.org type=A: Host not found, try again

          # host 7.39.158.213.zen.spamhaus.org 8.8.4.4
          Using domain server:
          Name: 8.8.4.4
          Address: 8.8.4.4#53
          Aliases:

          7.39.158.213.zen.spamhaus.org has address 127.0.0.4
          Host 7.39.158.213.zen.spamhaus.org not found: 3(NXDOMAIN)
          Host 7.39.158.213.zen.spamhaus.org not found: 3(NXDOMAIN)

          It seems like it may always been an issue with spamhaus. Perhaps I
          have that configuration wrong? dnsblog seems to do fine with
          barracuda:

          Nov 1 08:54:51 portal postfix/dnsblog[19203]: addr 85.59.175.220
          listed by domain b.barracudacentral.org as 127.0.0.2


          Thanks again,
          Alex
        • Ralf Hildebrandt
          ... good. Which server is the caching server asking? ... NXDOMAIN is ok. ... NXDOMAIN is OK (it s a negative result), and not an error like: ******* Name
          Message 4 of 14 , Nov 1, 2012
          • 0 Attachment
            * Alex <mysqlstudent@...>:

            > > cat /etc/resolv.conf
            > > postfix check
            > >
            > > what's the output of those?
            >
            > It's set up to use the local caching server,

            good. Which server is the caching server asking?

            > and doesn't otherwise
            > have any resolution issues. Even when I try to resolve that host using
            > 8.8.4.4, it returns NXDOMAIN.

            NXDOMAIN is ok.

            > I've changed resolv.conf to use 8.8.4.4
            > and it returns the same result:

            ...

            > 7.39.158.213.zen.spamhaus.org has address 127.0.0.4
            > Host 7.39.158.213.zen.spamhaus.org not found: 3(NXDOMAIN)
            > Host 7.39.158.213.zen.spamhaus.org not found: 3(NXDOMAIN)

            NXDOMAIN is OK (it's a negative result), and not an error like:

            ******* Name service error ********* for name=23.49.18.189.zen.spamhaus.org type=A: Host
            not found, try again

            > It seems like it may always been an issue with spamhaus. Perhaps I
            > have that configuration wrong? dnsblog seems to do fine with
            > barracuda:
            >
            > Nov 1 08:54:51 portal postfix/dnsblog[19203]: addr 85.59.175.220
            > listed by domain b.barracudacentral.org as 127.0.0.2

            You cannot query the ZEN list via the Google Servers...

            --
            [*] sys4 AG

            http://sys4.de, +49 (89) 30 90 46 64
            Franziskanerstraße 15, 81669 München

            Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
            Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer
            Aufsichtsratsvorsitzender: Joerg Heidrich
          • Jamie Paul Griffin
            / Alex wrote on Thu 1.Nov 12 at 9:03:00 -0400 / ... For what it s worth, I ve been seeing the same problem on my Mac server; that is, zen.spamhaus.org not
            Message 5 of 14 , Nov 1, 2012
            • 0 Attachment
              / Alex wrote on Thu 1.Nov'12 at 9:03:00 -0400 /

              > Hi,
              >
              > >> I have a fc15 server with postfix-2.8.10 and have enabled postscreen.
              > >> I've enabled it before without any difficulty, so I'm not sure what
              > >> I'm doing wrong in this case. For some reason it is printing these
              > >> errors periodically:
              > >>
              > >> Oct 31 23:41:15 portal postfix/dnsblog[1520]: warning: dnsblog_query:
              > >> lookup error for DNS query 23.49.18.189.zen.spamhaus.org: Host or
              > >> domain name not found. Name service error for
              > >> name=23.49.18.189.zen.spamhaus.org type=A: Host not found, try again
              > >
              > > cat /etc/resolv.conf
              > > postfix check
              > >
              > > what's the output of those?
              >
              > It's set up to use the local caching server, and doesn't otherwise
              > have any resolution issues. Even when I try to resolve that host using
              > 8.8.4.4, it returns NXDOMAIN. I've changed resolv.conf to use 8.8.4.4
              > and it returns the same result:
              >
              > Nov 1 08:54:46 portal postfix/dnsblog[18803]: warning: dnsblog_query:
              > lookup error for DNS query 7.39.158.213.zen.spamhaus.org: Host or
              > domain name not found. Name service error for
              > name=7.39.158.213.zen.spamhaus.org type=A: Host not found, try again
              >
              > # host 7.39.158.213.zen.spamhaus.org 8.8.4.4
              > Using domain server:
              > Name: 8.8.4.4
              > Address: 8.8.4.4#53
              > Aliases:
              >
              > 7.39.158.213.zen.spamhaus.org has address 127.0.0.4
              > Host 7.39.158.213.zen.spamhaus.org not found: 3(NXDOMAIN)
              > Host 7.39.158.213.zen.spamhaus.org not found: 3(NXDOMAIN)
              >
              > It seems like it may always been an issue with spamhaus. Perhaps I
              > have that configuration wrong? dnsblog seems to do fine with
              > barracuda:
              >
              > Nov 1 08:54:51 portal postfix/dnsblog[19203]: addr 85.59.175.220
              > listed by domain b.barracudacentral.org as 127.0.0.2
              >
              >
              > Thanks again,
              > Alex

              For what it's worth, I've been seeing the same problem on my Mac server; that is, zen.spamhaus.org not resolving.
            • Han Boetes
              Consider setting up a caching nameserver like unbound on your server. Having a local cache on a mailserver is good thing™ ... -- # Han Consider setting up a
              Message 6 of 14 , Nov 1, 2012
              • 0 Attachment
                Consider setting up a caching nameserver like unbound on your server. Having a local cache on a mailserver is good thing™


                On Thu, Nov 1, 2012 at 2:37 PM, Jamie Paul Griffin <jamie@...> wrote:
                / Alex wrote on Thu  1.Nov'12 at  9:03:00 -0400 /

                > Hi,
                >
                > >> I have a fc15 server with postfix-2.8.10 and have enabled postscreen.
                > >> I've enabled it before without any difficulty, so I'm not sure what
                > >> I'm doing wrong in this case. For some reason it is printing these
                > >> errors periodically:
                > >>
                > >> Oct 31 23:41:15 portal postfix/dnsblog[1520]: warning: dnsblog_query:
                > >> lookup error for DNS query 23.49.18.189.zen.spamhaus.org: Host or
                > >> domain name not found. Name service error for
                > >> name=23.49.18.189.zen.spamhaus.org type=A: Host not found, try again
                > >
                > > cat /etc/resolv.conf
                > > postfix check
                > >
                > > what's the output of those?
                >
                > It's set up to use the local caching server, and doesn't otherwise
                > have any resolution issues. Even when I try to resolve that host using
                > 8.8.4.4, it returns NXDOMAIN. I've changed resolv.conf to use 8.8.4.4
                > and it returns the same result:
                >
                > Nov  1 08:54:46 portal postfix/dnsblog[18803]: warning: dnsblog_query:
                > lookup error for DNS query 7.39.158.213.zen.spamhaus.org: Host or
                > domain name not found. Name service error for
                > name=7.39.158.213.zen.spamhaus.org type=A: Host not found, try again
                >
                > # host 7.39.158.213.zen.spamhaus.org 8.8.4.4
                > Using domain server:
                > Name: 8.8.4.4
                > Address: 8.8.4.4#53
                > Aliases:
                >
                > 7.39.158.213.zen.spamhaus.org has address 127.0.0.4
                > Host 7.39.158.213.zen.spamhaus.org not found: 3(NXDOMAIN)
                > Host 7.39.158.213.zen.spamhaus.org not found: 3(NXDOMAIN)
                >
                > It seems like it may always been an issue with spamhaus. Perhaps I
                > have that configuration wrong? dnsblog seems to do fine with
                > barracuda:
                >
                > Nov  1 08:54:51 portal postfix/dnsblog[19203]: addr 85.59.175.220
                > listed by domain b.barracudacentral.org as 127.0.0.2
                >
                >
                > Thanks again,
                > Alex

                For what it's worth, I've been seeing the same problem on my Mac server; that is, zen.spamhaus.org not resolving.



                --



                # Han
              • Stan Hoeppner
                ... He may not be allowed to from his own resolvers either, possibly causing this problem. Alex at one time you had a Spamhaus datafeed subscription. Some
                Message 7 of 14 , Nov 1, 2012
                • 0 Attachment
                  On 11/1/2012 8:08 AM, Ralf Hildebrandt wrote:

                  > You cannot query the ZEN list via the Google Servers...

                  He may not be allowed to from his own resolvers either, possibly causing
                  this problem. Alex at one time you had a Spamhaus datafeed
                  subscription. Some time ago your load had dropped below the daily limit
                  and stayed there. You dropped the subscription thinking you could use
                  the free service again, even though you are providing commercial service
                  with your boxen, which requires the subscription. Spamhaus are not
                  fools. Did they cut you off?

                  Alex, have you renewed your subscription? If not you probably need to
                  speak with Spamhaus, as these problems are likely related. They have
                  nothing to do with Postfix.

                  Worth noting, from my local resolver:

                  $ host 23.49.18.189.zen.spamhaus.org
                  23.49.18.189.zen.spamhaus.org has address 127.0.0.11
                  23.49.18.189.zen.spamhaus.org has address 127.0.0.4

                  ~$ host 7.39.158.213.zen.spamhaus.org
                  7.39.158.213.zen.spamhaus.org has address 127.0.0.4

                  --
                  Stan
                • Alex
                  Hi, ... Ah, yes, of course. ... Yes, it s been renewed, but this host may not be recorded in their database. It doesn t even receive all that much mail, and
                  Message 8 of 14 , Nov 1, 2012
                  • 0 Attachment
                    Hi,

                    >> You cannot query the ZEN list via the Google Servers...

                    Ah, yes, of course.

                    > He may not be allowed to from his own resolvers either, possibly causing
                    > this problem. Alex at one time you had a Spamhaus datafeed
                    > subscription. Some time ago your load had dropped below the daily limit

                    Yes, it's been renewed, but this host may not be recorded in their
                    database. It doesn't even receive all that much mail, and otherwise
                    has no association with the company. Anyway, they've given us a
                    special host to query. I'll add that and see if it helps. I believe
                    this could also be a firewall/domain issue, but with the hurricane
                    I've had to postpone the investigation for a day or two.

                    Thanks so much for everyone's help.

                    Regards,
                    Alex
                  • Jamie Paul Griffin
                    / Han Boetes wrote on Thu 1.Nov 12 at 15:15:51 +0100 / ... I do have a name server running on my lan. I wouldn t set up a mailserver system without it. I have
                    Message 9 of 14 , Nov 2, 2012
                    • 0 Attachment
                      / Han Boetes wrote on Thu 1.Nov'12 at 15:15:51 +0100 /

                      > Consider setting up a caching nameserver like unbound on your server.
                      > Having a local cache on a mailserver is good thing™

                      I do have a name server running on my lan. I wouldn't set up a mailserver system without it. I have been doing that for quite some time now.
                    • Reindl Harald
                      ... the main question here is how your nameserver is configured recursion or just forward to any other dns-server if you do not make recursion at your own
                      Message 10 of 14 , Nov 2, 2012
                      • 0 Attachment
                        Am 02.11.2012 08:38, schrieb Jamie Paul Griffin:
                        > / Han Boetes wrote on Thu 1.Nov'12 at 15:15:51 +0100 /
                        >
                        >> Consider setting up a caching nameserver like unbound on your server.
                        >> Having a local cache on a mailserver is good thing™
                        >
                        > I do have a name server running on my lan. I wouldn't set up a mailserver
                        > system without it. I have been doing that for quite some time now

                        the main question here is how your nameserver is configured
                        recursion or just forward to any other dns-server

                        if you do not make recursion at your own thats may be the reason
                        because if your LAN dns is forwarding to 8.8.8.8 and more and
                        more peole are doing this 8.8.8.8 will be more and more rate-controlled

                        AND do NOT forward to any ISP-DNS
                        they are all not trustable/relieable
                      • Stan Hoeppner
                        ... If you are running a local recursing resolver, such as pdns-recursor, on this host, then the IP of this host is relevant to Spamhaus. If this host does not
                        Message 11 of 14 , Nov 2, 2012
                        • 0 Attachment
                          On 11/1/2012 9:46 PM, Alex wrote:
                          > Hi,
                          >
                          >>> You cannot query the ZEN list via the Google Servers...
                          >
                          > Ah, yes, of course.
                          >
                          >> He may not be allowed to from his own resolvers either, possibly causing
                          >> this problem. Alex at one time you had a Spamhaus datafeed
                          >> subscription. Some time ago your load had dropped below the daily limit
                          >
                          > Yes, it's been renewed, but this host may not be recorded in their
                          > database.

                          If you are running a local recursing resolver, such as pdns-recursor, on
                          this host, then the IP of this host is relevant to Spamhaus.

                          If this host does not have a local recursing resolver, and is using
                          external resolvers, then the IPs of those external resolvers are
                          relevant to Spamhaus. I.e. it's the host that actually queries UDP 53
                          on Spamhaus systems that needs to be in their database.

                          > It doesn't even receive all that much mail, and otherwise
                          > has no association with the company. Anyway, they've given us a
                          > special host to query. I'll add that and see if it helps. I believe
                          > this could also be a firewall/domain issue, but with the hurricane
                          > I've had to postpone the investigation for a day or two.

                          The issue is likely that the configured DNS resolvers are public servers
                          that have been banned by Spamhaus in the past. As others have mentioned
                          there are many ISP type DNS resolvers that are not allowed to query
                          Spamhaus' servers.

                          Due to this, and DNS performance reasons in general, it is wise for
                          anyone wishing to query the free Spamhaus servers to install a local
                          recursing DNS daemon on the Postfix host itself. In the case of
                          pdns-recursor, which I use, the setup is brain dead simply, takes a few
                          minutes to install/configure. The benefits are substantial, and the
                          resources WRT CPU/RAM are tiny.

                          > Thanks so much for everyone's help.

                          You're welcome "Alex". ;) Apologies if I 'leaked' any details you may
                          not have wanted public, but since I'm maintaining your anonymity I
                          figured this would be fine.

                          --
                          Stan
                        • Jamie Paul Griffin
                          / Reindl Harald wrote on Fri 2.Nov 12 at 11:57:15 +0100 / ... My named is set up for recursive queries from my localnetwork. I set up named using the
                          Message 12 of 14 , Nov 3, 2012
                          • 0 Attachment
                            / Reindl Harald wrote on Fri 2.Nov'12 at 11:57:15 +0100 /


                            > Am 02.11.2012 08:38, schrieb Jamie Paul Griffin:
                            > > / Han Boetes wrote on Thu 1.Nov'12 at 15:15:51 +0100 /

                            > > I do have a name server running on my lan. I wouldn't set up a mailserver
                            > > system without it. I have been doing that for quite some time now
                            >
                            > the main question here is how your nameserver is configured
                            > recursion or just forward to any other dns-server

                            My named is set up for recursive queries from my localnetwork. I set up named using the documentation provided by OpenBSD (my OS) and also FreeBSD

                            I don't forward any requests to extenal nameservers, as advised in the documentation I used for my OS.

                            > if you do not make recursion at your own thats may be the reason
                            > because if your LAN dns is forwarding to 8.8.8.8 and more and
                            > more peole are doing this 8.8.8.8 will be more and more rate-controlled
                            >
                            > AND do NOT forward to any ISP-DNS
                            > they are all not trustable/relieable

                            I agree with you there and certainly don't do that.
                          • Alex
                            Hi, ... If bind works okay, and any errors seem to be related to spamhaus itself, does it really warrant changing it to another name server? I read a little
                            Message 13 of 14 , Nov 10, 2012
                            • 0 Attachment
                              Hi,

                              > If you are running a local recursing resolver, such as pdns-recursor, on
                              > this host, then the IP of this host is relevant to Spamhaus.

                              If bind works okay, and any errors seem to be related to spamhaus
                              itself, does it really warrant changing it to another name server?

                              I read a little about it, and see they have an RPM. I have bind
                              configured to use the root servers, and it's running okay, so I don't
                              know that I need to change it.

                              > The issue is likely that the configured DNS resolvers are public servers
                              > that have been banned by Spamhaus in the past. As others have mentioned
                              > there are many ISP type DNS resolvers that are not allowed to query
                              > Spamhaus' servers.

                              Yes, I've changed postscreen to use the host given to me specifically,
                              and it seems to be working okay.

                              I should have mentioned that I was only using the public DNS servers
                              during testing, before I realized spamhaus had my server blocked.

                              >> Thanks so much for everyone's help.
                              >
                              > You're welcome "Alex". ;) Apologies if I 'leaked' any details you may
                              > not have wanted public, but since I'm maintaining your anonymity I
                              > figured this would be fine.

                              Nah, not worried. I think I'm a good judge of character :-)

                              Thanks again for your help. Nearly all of the last two weeks without
                              power, yet I managed to support my network remotely with hardly the
                              customers being impacted, and their users had absolutely no idea. I'd
                              say this old sysadmin did pretty darn good :-)
                            • Stan Hoeppner
                              ... Your bind setup should be fine. There s probably no need to change anything. ... To be clear, Spamhaus only blocks queries from DNS resolvers. So you re
                              Message 14 of 14 , Nov 11, 2012
                              • 0 Attachment
                                On 11/10/2012 7:32 PM, Alex wrote:

                                >> If you are running a local recursing resolver, such as pdns-recursor, on
                                >> this host, then the IP of this host is relevant to Spamhaus.
                                >
                                > If bind works okay, and any errors seem to be related to spamhaus
                                > itself, does it really warrant changing it to another name server?
                                >
                                > I read a little about it, and see they have an RPM. I have bind
                                > configured to use the root servers, and it's running okay, so I don't
                                > know that I need to change it.

                                Your bind setup should be fine. There's probably no need to change
                                anything.

                                >> The issue is likely that the configured DNS resolvers are public servers
                                >> that have been banned by Spamhaus in the past. As others have mentioned
                                >> there are many ISP type DNS resolvers that are not allowed to query
                                >> Spamhaus' servers.
                                >
                                > Yes, I've changed postscreen to use the host given to me specifically,
                                > and it seems to be working okay.
                                >
                                > I should have mentioned that I was only using the public DNS servers
                                > during testing, before I realized spamhaus had my server blocked.

                                To be clear, Spamhaus only blocks queries from DNS resolvers. So you're
                                saying your bind server was being blocked? Or you were using AT&T or
                                Quest resolvers, for example?

                                >>> Thanks so much for everyone's help.
                                >>
                                >> You're welcome "Alex". ;) Apologies if I 'leaked' any details you may
                                >> not have wanted public, but since I'm maintaining your anonymity I
                                >> figured this would be fine.
                                >
                                > Nah, not worried. I think I'm a good judge of character :-)

                                :)

                                > Thanks again for your help. Nearly all of the last two weeks without
                                > power, yet I managed to support my network remotely with hardly the
                                > customers being impacted, and their users had absolutely no idea. I'd
                                > say this old sysadmin did pretty darn good :-)

                                Indeed.

                                --
                                Stan
                              Your message has been successfully submitted and would be delivered to recipients shortly.