Koozali.org: home of the SME Server
Obsolete Releases => SME Server 9.x => Topic started by: Michail Pappas on June 25, 2018, 08:10:59 AM
-
I've been using the URIBL for some time now, this thing rocks.
Recently however, I've noticed that the anti-spam efficiency degraded significantly. Examining things more closely, it looks as though my SME box has been blocked from making URIBL queries, since the mail headers of incoming messages include this in the spamassassin scoring:
URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was blocked.
* See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block
* for more information.
My box hosts mail for around 120 users. It's not a small box per se, but I didn't think it would generate that much traffic.
In any case, I'm wondering whether:
(a) I can unblock it to be able to do URIBL queries again and
(b) which techniques I could use to avoid this from happening again in the future.
Any information will be appreciated, thanks in advance.
EDIT: Forgot to include my config:
qpsmtpd=service
Bcc=disabled
BccMode=cc
BccUser=maillog
DKIMSigning=enabled
DMARCContactInfo=http://xxxxx/
DMARCReject=enabled
DMARCReportEmail=admin@xxxxxx
DNSBL=enabled
LogLevel=6
MaxScannerSize=25000000
RBLList=bl.spamcop.net,dnsbl-1.uceprotect.net,psbl.surriel.com,zen.spamhaus.org
RHSBL=disabled
RelayRequiresAuth=enabled
SBLList=multi.surbl.org,black.uribl.com,rhsbl.sorbs.net
TlsBeforeAuth=0
UBLList=multi.surbl.org:8-16-64-128,black.uribl.com,rhsbl.sorbs.net
URIBL=disabled
access=public
qplogsumm=enabled
status=enabled
-
Think this may refer
https://forums.contribs.org/index.php?topic=52002.msg265758#msg265758
https://wiki.contribs.org/Email#Possible_issues_with_RBL
-
I was aware of the fair use policies but was under the impression that my 140 mailboxes did not receive that much mail...
In the wiki it is stated that you can let "...the SME Server being the only dns resolver by removing the dns provider/forwarder in the console menu."
I'm a bit confused here, I thought that SME did the resolution by default. OTOH, it's been quite long since I configured this thing. It seems that I do have my provider set as forwarder.
dnscache=service
Forwarder=dns1.ip
Forwarder2=dns2.ip
TCPPort=53
UDPPort=53
access=private
status=enabled
dnscache.forwarder=service
status=enabled
So perhaps the issue here is that DNS servers of my ISP are blacklisted and not my box. If so, can I change the DNS settings to avoid this kind of situation? What will I be losing in doing so? And where do I go to console to set DNS up (I just want to avoid messing the other IP/DNS settings of the system)?
PS: Doing the following:
# host -tA 2.0.0.127.multi.uribl.com
2.0.0.127.multi.uribl.com has address 127.0.0.14
...shows that I should not be blocked at all, according to the simple test presented in http://uribl.com/about.shtml#abuse
It's a bit confusing for me sorry...
-
I figured this out. Problem is that my server is in a non-routable IP block alongside other systems that have both a local as well as a public ip. If I remove the forwarders, then connections to the other systems are made using the public ip addresses; this should be avoided here.
So it seems that I'll just have to remove the URIBL references :( (Unless I'm able to somehow send these requests without using the SME forwarders...)
-
Sorry I'm not smart enough to offer any further advice !
At the limit of my knowledge :-(
-
No worries mate, you've helped me a lot here :)
-
:-)
I try !