Spamassassin reports OPENDNS from closed caching recursive nameserver
Folks,
I installed BIND as a closed caching recursive nameserver and set resolv.conf to use only 127.0.0.1.
My Spamhaus test works.
# dig +short 2.0.0.127.zen.spamhaus.org
127.0.0.10
127.0.0.2
127.0.0.4
# dig +short 103.13.206.98.zen.spamhaus.org
127.0.0.10
Why does Spamassassin report the following?
Jan 31 23:38:47 host4 spamd[1690985]: check: dns_block_rule RCVD_IN_ZEN_BLOCKED_OPENDNS hit, creating /root/.spamassassin/dnsblock_zen.spamhaus.org (This means DNSBL blocked you due to too many queries. Set all affected rules score to 0, or use "dns_query_restriction deny zen.spamhaus.org" to disable queries)
Jan 31 23:38:47 host4 spamd[1690985]: spamd: result: Y 14 - ARC_SIGNED,ARC_VALID,BAYES_50,DKIM_INVALID,DKIM_SIGNED,HELO_DYNAMIC_IPADDR,HTML_FONT_SIZE_LARGE,HTML_IMAGE_RATIO_02,HTML_MESSAGE,HTML_MIME_NO_HTML_TAG,KAM_DMARC_STATUS,KAM_GB_INVALID_FROM,KAM_STORAGE_GOOGLE,MIME_HTML_ONLY,MIME_QP_LONG_LINE,RCVD_IN_BL_SPAMCOP_NET,RCVD_IN_VALIDITY_RPBL,RCVD_IN_ZEN_BLOCKED_OPENDNS,RDNS_NONE,T_DATE_IN_FUTURE_Q_PLUS,UNPARSEABLE_RELAY,URIBL_DBL_BLOCKED_OPENDNS,URI_TRUNCATED scantime=1.1,size=351417,user=xxxxx,uid=1078,required_score=5.0,rhost=localhost,raddr=127.0.0.1,rport=38744,mid=<26.CF.46180.1HLL3QXUSEONJS7FAOSTCCTQK@i-08e06756b9153b898.mta1vrest.sd.prd.sparkpost>,bayes=0.500000,autolearn=no autolearn_force=no,shortcircuit=no
No /root/.spamassassin/dnsblock_zen.spamhaus.org file was created.
Also, I checked the nameserver from an external location and the dns query was refused.
Thanks,
Jim
P.S. Recursion is on for local and internal queries. Caching works.
# dig @127.0.0.1 2.0.0.127.zen.spamhaus.org
; <<>> DiG 9.16.23-RH <<>> @127.0.0.1 2.0.0.127.zen.spamhaus.org
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 21966
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: 494962e3a3198a0a01000000679dbe3d7979e80e24c03e40 (good)
;; QUESTION SECTION:
;2.0.0.127.zen.spamhaus.org. IN A
;; ANSWER SECTION:
2.0.0.127.zen.spamhaus.org. 53 IN A 127.0.0.10
2.0.0.127.zen.spamhaus.org. 53 IN A 127.0.0.4
2.0.0.127.zen.spamhaus.org. 53 IN A 127.0.0.2
;; Query time: 2 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Sat Feb 01 00:25:01 CST 2025
;; MSG SIZE rcvd: 131
-
Hey there! The issue here isn't with the resolver configuration, but with the portion of the error saying "set all rules score to 0" - you'll want to do that in order to bypass this error. We have details on how to make that change here:
Can you try that and see if you get better results?
0 -
No. I waited a day or so and the OPENDNS problem went away. The SAPMHAUS checks are working properly with a closed non-forwarding caching recursive Nameserver.
Jim
0 -
I'm glad to hear things are working well!
0
Please sign in to leave a comment.
Comments
3 comments