Zen Spamhaus et URIBL too many queries and RCVD_IN_DNSWL_HI

[agenet]

Hi,

I have some warning like this :
Apr 12 01:37:04 mail-gw pmg-smtp-filter[163106]: WARNING: check: dns_block_rule URIBL_BLOCKED hit, creating /root/.spamassassin/dnsblock_multi.uribl.com (This means DNSBL blocked you due to too many queries. Set all affected rules score to 0, or use "dns_query_restriction deny multi.uribl.com" to disable queries)
Apr 12 01:37:04 mail-gw pmg-smtp-filter[163106]: WARNING: check: dns_block_rule RCVD_IN_ZEN_BLOCKED_OPENDNS hit, creating /root/.spamassassin/dnsblock_zen.spamhaus.org (This means DNSBL blocked you due to too many queries. Set all affected rules score to 0, or use "dns_query_restriction deny zen.spamhaus.org" to disable queries)

In the same mail, i see a score like this :
Apr 12 01:37:04 mail-gw pmg-smtp-filter[163106]: A17446435EF1E4642E: SA score=0/5 time=2.478 bayes=undefined autolearn=disabled hits=DKIM_SIGNED(0.1),DKIM_VALID(-0.1),DKIM_VALID_AU(-0.1),DKIM_VALID_EF(-0.1),DMARC_PASS(-0.1),HTML_IMAGE_ONLY_08(1.781),HTML_IMAGE_RATIO_02(0.001),HTML_MESSAGE(0.001),HTML_SHORT_LINK_IMG_1(0.139),KAM_IMAGEONLY(0.75),RCVD_IN_DNSWL_HI(-5),RCVD_IN_ZEN_BLOCKED_OPENDNS(0.001),SPF_HELO_NONE(0.001),SPF_PASS(-0.001),T_PDS_OTHER_BAD_TLD(0.01),T_TVD_MIME_EPI(0.01),URIBL_ABUSE_SURBL(1.948),URIBL_BLOCKED(0.001),URIBL_DBL_BLOCKED_OPENDNS(0.001)

I have too question where id this 2 DNSBL site are configured in order to add our account and not being blocked anymore ?
What is the WL site used ?

 

[dcsapak]

these message mean that the dns server that makes the request on the lists has exceeded their limit.

you should not use public dns servers for that but use your own recurser dns server, see:

https://pmg.proxmox.com/wiki/index.php/URIBL_Datafeed_over_DNS
https://pmg.proxmox.com/wiki/index....edicated_DNS_Resolver_on_Proxmox_Mail_Gateway

 

[dooferorg]

I see messages on the forums a lot regarding this. It seems like it's a failing on the installer part not to set that up out of the box since a great many people look to the Proxmox Mail Gateway as an 'installed solution' that 'just works'. IF you have to then come back and set up a number of other things so that stuff works correctly, that (to me) indicates something that should be improved on the installer.

I found this thread since I was running in to the same issue barely the same day after switching mails to go through PMG.

 

[olluz]

I have this issue, too. I'm quite sure this was working fine before upgrading to v.8. I had set up the DNS server as per these instructions: https://pmg.proxmox.com/wiki/index.php/DNS_server_on_Proxmox_Mail_Gateway
But this guide might need to be updated for v.8.x

 

[dooferorg]

Yea, what I realized was my internal DNS servers on my network had *forwarders* and that is what was causing the problem. Having some DNS servers that contact the root servers directly and are set as the only resolvers for the mail gateway was the way to fix it.

One useful command I ran (on the mail gateway):

host -tTXT 2.0.0.127.multi.uribl.com

That will tell you how you are resolving, if you're blocked then it will tell you your DNS IP (i.e. where requests that hit it are coming from - it likely isn't your own IP). If you are not blocked, you'll get '2.0.0.127.multi.uribl.com descriptive text "permanent testpoint"'