Page 3 of 3 FirstFirst 123
Results 21 to 28 of 28

Thread: zen.spamhaus.org RBL

  1. #21
    Join Date
    Nov 2006
    Location
    UK
    Posts
    8,017
    Rep Power
    24

    Default

    Just remember with any free RBL a constraint of the service is how many lookups you are performing ... too many and you will be classed as a commercial service which will incur a charge.

  2. #22
    Join Date
    Sep 2009
    Location
    Portland, Oregon USA
    Posts
    30
    Rep Power
    6

    Default

    Understood and thanks for the reminder. My volumes are quite low (less the unsolicited spam that I get because I registered my domain name over 15 years ago) so I think there won't be any issues with the various providers that I use.. Projects like Spamhaus do monitor usage and will tell you if you need to upgrade.
    The Hon. Rev. Dr. Frank W. Saxton
    Knight in shining armor (2nd class)

    http://security.NOCdesigns.com

  3. #23
    Join Date
    Nov 2006
    Location
    UK
    Posts
    8,017
    Rep Power
    24

    Default

    I am low volume; run a caching DNS server; plus upstream. Perhaps your upstream is making to many queries ?

  4. #24
    Join Date
    Sep 2009
    Location
    Portland, Oregon USA
    Posts
    30
    Rep Power
    6

    Default

    Looks like using OpenDNS resolved this. Spamhaus test says:

    {snip}
    554 5.7.1 Service unavailable; Client host [192.203.178.107] blocked using zen.spamhaus.org; http://www.spamhaus.org/SBL/sbl.lasso?query=SBL230
    Terminating conversation

    I raised the issue with my ISP but thaty haven't gotten back to me. My caching DNS server uses my ISP name servers to forward to so I'll need to see what's involved in going to OpenDNS assuming that they are going to be mega-reliable moving forward.
    The Hon. Rev. Dr. Frank W. Saxton
    Knight in shining armor (2nd class)

    http://security.NOCdesigns.com

  5. #25
    Join Date
    Feb 2007
    Location
    Portland, OR
    Posts
    1,147
    Rep Power
    10

    Default

    I have never once had a problem with OpenDNS in the year or so I have been using them. Their system status can be found here OpenDNS > System (also available at http://208.69.38.170/). Any problems with a data center cause traffic to be re-routed to the nearest center. I would say that any system that handles 19+ billion queries a day would have to be pretty reliable

    For BIND you just need to change the forwarders directive.

  6. #26
    Join Date
    Nov 2007
    Posts
    93
    Rep Power
    7

    Default

    Quick question.

    What file is the command zmprov mcf zimbraMtaRestriction altering?

    I just want to make a copy of it before I start. Thanks.

  7. #27
    phoenix is offline Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,587
    Rep Power
    58

    Default

    Quote Originally Posted by rusty View Post
    Quick question.

    What file is the command zmprov mcf zimbraMtaRestriction altering?

    I just want to make a copy of it before I start. Thanks.
    You can find out with:

    Code:
    zmprov gcf zimbraMtaRestriction
    
    zmprov help commands
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  8. #28
    Join Date
    Jul 2010
    Posts
    1
    Rep Power
    5

    Default SPAMHAUS DNSBL lookups (what DNS server to use)

    It can be both confusing and/or inconvenient use an upstream DNS server to for DNSBL service like SPAMAUS:


    • an upstream DNS server might be "firewalled out" to limit over use of "zen.spamhaus.org" (see The Spamhaus Project "zen -> DNSBL usage terms"). For example the commonly used DNS server "4.2.2.1" can't resolve "d.c.b.a.zen.spamhaus.org", even for blacklisted IPs, presumably for this reason. And, if you find one that works today then it might not tomorrow, for this reason, and it is beyond your control and would be confusing.
    • you may be using such a DNS server quietly if you are not thinking about this issue actively. If not directly then perhaps as a "forwarder" for unknown DNS resolution. So you should figure out what you are using, perhaps starting with nslookup.


    But folks should also consider that it is neither responsible nor right to do so:


    • especially when using such a nice (often free) service like SPAMHAUS you should think about "right". I mean, you are better than SPAMMERS, aren't you?
    • using an upstream DNS server penalizes them for your usage. Specifically in the case of SPAMHAUS, your lookups will appear to come from the upstream provider, and not be attributed to you. You should approach SPAMHAUS directly so your usage can be properly attributed to you, not someone else.
    • using an upstream DNS sever for high frequency DNS resolution is an unreasonable offloading of recursive DNS resolution to servers that are not really meant for that. ISP servers should be for resolving end user names, like websites and stuff, and high volume automated recursive DNS resolution should be handled directly by the beneficiary.
    • you are blowing caches, overloading the internet. Such use loads the upstream DNS server's cache with DNS names that are not likely to be of use to other users, perhaps flushing others of value causing more traffic.


    I suggest anyone who is running automated tools like a mail service should be utilizing their own DNS server that does all the DNS recursive resolution itself, based only on root servers. This means making sure you have your own DNS server that is not set up to "Forward" requests for unknown names to another upstream server and instead uses only the root servers with its recursive lookup enabled, that you keep your root server list up-to-date (you could set a watch on the page http://www.internic.net/zones/named.root), and that your service uses that DNS server.

    Doing this will both stabilize your system setup, and be more responsible.

Similar Threads

  1. rbl config question
    By scottnelson in forum Administrators
    Replies: 4
    Last Post: 02-27-2008, 03:18 PM
  2. Trend Micro RBL doesn't work
    By crowley in forum Administrators
    Replies: 2
    Last Post: 07-25-2007, 06:41 AM
  3. SpamAssassin rbl and uribl checks not working
    By stuheiss in forum Administrators
    Replies: 0
    Last Post: 04-10-2007, 05:41 PM
  4. Postfix RBL lists debug ?
    By RaNd in forum Administrators
    Replies: 1
    Last Post: 03-30-2007, 11:44 PM
  5. RBL effectiveness
    By moniker in forum Administrators
    Replies: 2
    Last Post: 11-05-2006, 05:49 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •