Seeing the "URIBL_BLOCKED" rule being hit every once in a while in the Syslog...

D

diamondcomputer

New Member
May 8, 2024
2
0
1
Good afternoon all.

We've recently set up a new Proxmox Email Gateway server and have been pretty impressed so far with all it can do to curb the spam flow to our mail servers. Watching the Syslog feed for a while today I noticed several "URIBL_BLOCKED" messages, which seems strange to me as our mail volume isn't heavy and I have set up and am exclusively using the local unbound DNS server for resolution. It's not consistently being blocked, but I'd still love to chase down the reason why it is every once in a while.

Does anyone know what the threshold is for "too many" queries?

Thanks!

Phil D. Malmstrom
Diamond Computer Incorporated
 
Hi,

What's the result when run this command on your server?
Code: 
host -tTXT 2.0.0.127.multi.uribl.com
 
diamondcomputer said:
URIBL_BLOCKED"
Click to expand...
diamondcomputer said:
nd I have set up and am exclusively using the local unbound DNS server for resolution.
Click to expand...
just to be on the safe side - is the local unbound:
* really resolving everything by itself (no forward DNS server configured)?
* not shared with any other system (no other system has PMG's IP as DNS server)
* not sharing the public IP with another DNS server which also does DNSBL lookups?

else could you please share some logs of such mails - maybe we see something else there
 
Good morning.

So, when I run : host -tTXT 2.0.0.127.multi.uribl.com the result is :

2.0.0.127.multi.uribl.com descriptive text "127.0.0.1 -> Query Refused. See http://uribl.com/refused.shtml for more information [Your DNS IP: 104.225.8.212]"

I followed the Proxmox guide to installing Unbound (https://pmg.proxmox.com/wiki/index.php/DNS_server_on_Proxmox_Mail_Gateway) and didn't make any changes so I'm unsure why it would be forwarding queries. I did check the unbound.conf file and all it contains is the include-toplevel statement adding the files in the unbound.conf.d directory (remote-control.conf and root-auto-trust-anchor-file.conf).

I also verified that resolv.conf only contains 127.0.0.1.

I'm afraid I'm not overly familiar with unbound so any guidance would be very much appreciated.

Thanks!
 
Hi diamondcomputer

I had similar problems. I set up a local DNS resolver and configured it as the only DNS server. Despite this, I still encountered the "Query Refused" error. Initially, I couldn't figure out the issue, but over time, I checked my firewall logs and had a realization. All my DNS queries were being checked by another security system that checks DNS requests.

My firewall (WatchGuard) has a feature called "DNSWatch" that inspects all DNS connections with AWS. That was the problem. The message in the PMG syslog was correct; the queries were being resolved by a public DNS server.

To solve this problem, I created an exception rule for the network my PMG was in. This prevented the network from using the WatchGuard feature, and it resolved my issue.

Maybe you have a similar situation.
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom