Query to URIBL was blocked - pDNS & Bind

bloatedstoat

• May 21, 2023 17:59

Hello, I've been ploughing through posts that deal with the "Query to URIBL was blocked" error with blacklists. I have this working on an older machine, but that machine runs Bind and the resolver is set to 127.0.0.1, the RBL checks work like a charm and bin so much potential spam. The new server currently has pDNS on it, I know there are two versions of pDNS and as it turns out the one that came pre-installed on the new machine isn't a caching nameserver, I believe I would need to install the recursive version of PDNS to gain this functionality? So here's the question. In order to get the blacklists working do I install the recursor pdns as an addition or switch to Bind? I only need to resolve on 127.0.0.1 for the blacklists and that's it. Switching to Bind just for this seems a bit heavy handed. Anyone else dealt with this? Thanks.

• 

  SimpleTechGuy

  • May 22, 2023 05:44

  Hi, I spent several hours dealing with this as well, so I feel your pain. I heavily researched the pdns recursor option, but it was fairly complex and since it's not officially a part of cpanel, then it's not supported and would most likely have issues during updates. **note, there is a feature request for this, so vote if you think it will help: /etc/mail/spamassassin/local.cf
  ) Sorry it's not more detailed, but this option does seem to be working fine. Hope it helps.

  0
• 

  bloatedstoat

  • May 22, 2023 05:59

  Hey, first of all thanks for taking the time to reply despite not knowing the path you took to get to the solution, I get the drift of where you're coming from. It's a pretty convoluted way of getting something that, in my firm opinion, should work right out of the box on mail servers given the junk that hits mine every day, surely I'm not alone here. The blacklists are so effective though, particularly Barracuda, that I feel exposed without them. I'm loathe to spin up another box just to get this working but clearly I have two choices, do as you suggest or move from pDNS on our main server to Bind. Further contributions to this thread welcome. Thanks again SimpleTechGuy, appreciate the help. Cheers.

  0
• 

  cPRex Jurassic Moderator

  • May 22, 2023 11:49

  The short story from my end is that you have to be using non-public resolvers in order for the RBLs to work properly. Do you have those set in /etc/resolv.conf?

  0
• 

  SimpleTechGuy

  • May 22, 2023 13:58

  The short story from my end is that you have to be using public resolvers in order for the RBLs to work properly. Do you have those set in /etc/resolv.conf?

  
  Hi @cPRex, I was under the impression that you were NOT supposed to be using public resolvers...

  0
• 

  SimpleTechGuy

  • May 22, 2023 14:07

  BTW, @bloatedstoat, I forgot to mention that according to

  0
• 

  SimpleSonic

  • May 22, 2023 14:52

  Try editing: /etc/mail/spamassassin/local.cf At the end of the file add: dns_server 127.0.0.1 Then restart Exim: service exim restart

  0
• 

  cPRex Jurassic Moderator

  • May 22, 2023 15:11

  @SimpleTechGuy - you're correct, I just missed a word. You do NOT want public resolvers in that file if you want the RBL lookups to work. I'll edit my previous post.

  0
• 

  bloatedstoat

  • May 23, 2023 03:26

  Thanks for the help, I've used our data centre DNS in resolv.conf and this appears to have done the trick. Nice simple fix. Cheers.

  0
• 

  cPRex Jurassic Moderator

  • May 23, 2023 13:28

  I'm glad that's all it was!

  0

Please sign in to leave a comment.