jhardin at impsec
Jun 7, 2012, 9:11 AM
Post #10 of 62
(1144 views)
Permalink
|
On Thu, 7 Jun 2012, Kris Deugau wrote:
> Ed Abbott wrote:
>
>> My domain name, websiterepairguy.com, is causing
>> spamassassin to give a false positive.
>
> Checking from where I'm sitting, I don't see it listed.
>
> If you're still getting hits on these rules there's a good chance that
> the DNS cache you're using is either modifying the negative results (ie,
> similar to http://www.surbl.org/faqs#opendns) or has been making too
> many requests to SURBL, and is now either receiving "yes it's listed"
> for any request, or is generating that response for some reason.
>
> As a local workaround (since your domain doesn't seem to be listed
> currently), I suggest adding "uridnsbl_skip_domain websiterepairguy.com"
> to your SpamAssassin config - that will skip doing URI blacklist lookups
> altogether on your domain.
If Ed's experiencing DNS problems such that his domain is getting FPs,
then likely _all other domains_ are also getting FPs at his site, and that
workaround is only a minimal bandaid for a large problem.
It's considered best practice to set up a local, caching, non-forwarding
DNS server for use with SA and (in general) any MTA doing DNS-based
blocklist lookups. As has been stated, many BL providers set volume limits
on free access to their data, and if you're forwarding to a public DNS
server (e.g. Google DNS) then you're likely relying on a DNS server that
is, in aggregate with all its other users, exceeding those limits and thus
providing inaccurate results.
Set up a local, caching, non-forwarding DNS server on your MTA/SA host and
configure your MTA and SA to use it. This need not necessarily affect the
DNS resolution for other hosts on your local network, which could still
forward DNS requests to your chosen upstream DNS provider.
Ed, you said you've already installed BIND, that covers the "local,
caching" part. Now configure it to not forward requests.
It would also be useful if (before changing your config) you provided the
results of DNSBL lookups at your site for some large known-clean domains
like google.com, microsoft.com, etc. If they are all FPing, then the
problem is as I stated above and the fix is straightforward. If not, then
more investigation is warranted.
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhardin [at] impsec FALaholic #11174 pgpk -a jhardin [at] impsec
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
...for a nation to tax itself into prosperity is like a man
standing in a bucket and trying to lift himself up by the handle.
-- Winston Churchill
-----------------------------------------------------------------------
7 days since the first successful private support mission to ISS (SpaceX)
|
1
