URIBL_BLOCKED

Discuss our MailScanner install script and MailScanner itself
Post Reply
hilario
Junior Member
Posts: 88
Joined: 16 Mar 2008, 23:32
Location: Sao Paulo - SP - Brasil

URIBL_BLOCKED

Post by hilario »

URIBL_BLOCKED is not working in my server due to:
ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/Dns ... nsbl-block for more information.

As far as I could test, spamassassin is using the resolvers configured for my server to navigate the web. These are my datacenter provided DNS servers. Probably they generate so many request from all the thousands servers in the datacenter that we are always blocked.

However, my own server DNS system is not blocked.

Question: How to configure spamassassin to use an specific DNS server (my own cPanel server) to send URIBL requests?

Regards,
Hilário Fochi Silveira
Sarah
Moderator
Posts: 921
Joined: 09 Dec 2006, 22:49

Re: URIBL_BLOCKED

Post by Sarah »

I'm not aware of a way to configure spamassassin to use a different DNS server to the one your server is configured to use, although you could search the spamassassin user newsgroup to see if this is possible:

http://www.gossamer-threads.com/lists/s ... sin/users/

Otherwise you might want to take a look at this knowledgebase article:

https://support.configserver.com/knowle ... ailcontrol
dvk01
Junior Member
Posts: 80
Joined: 20 Feb 2010, 18:10

Re: URIBL_BLOCKED

Post by dvk01 »

The way I get round that is to set resolver.conf to 127.0.0.1 as primary DNS then the data centre DNS IP numbers as number 2 & 3

That way you do not get blocked

however that only works if you use Bind as name server because that effectively creates a caching name server on your server
You cannot use this if you use mydns or nsd as name servers
hilario
Junior Member
Posts: 88
Joined: 16 Mar 2008, 23:32
Location: Sao Paulo - SP - Brasil

Re: URIBL_BLOCKED

Post by hilario »

Yes dvk01, You are correct. That is precisely what I have done based on the links to the FAQ that Sarah posted. Also, as instructed in the FAQs,

Following the FAQs, I checked/implemented the other settings in my BIND to assure that it is correctly configured as a caching name server.

I also tested to check what happens when BIND is down, and the server just uses the next lines with the datacenter provided DNS resolvers. So we are completely safe, even if BIND fails.

Thanks Sarah, Thanks dvk01.
dgnzcn
Junior Member
Posts: 3
Joined: 07 May 2011, 21:36

Re: URIBL_BLOCKED

Post by dgnzcn »

dvk01 wrote: 22 Oct 2016, 08:22 The way I get round that is to set resolver.conf to 127.0.0.1 as primary DNS then the data centre DNS IP numbers as number 2 & 3

That way you do not get blocked

however that only works if you use Bind as name server because that effectively creates a caching name server on your server
You cannot use this if you use mydns or nsd as name servers
That method will not working.
DigitalEssence
Junior Member
Posts: 21
Joined: 03 Nov 2016, 12:10

Re: URIBL_BLOCKED

Post by DigitalEssence »

Hi,

I've followed this thread as I am having the same issue with being blocked with URIBL_BLOCKED and have also edited /etc/resolv.conf so that nameserver 127.0.0.1 is on the first line.

I now pass the test

host -tTXT 2.0.0.127.multi.uribl.com
2.0.0.127.multi.uribl.com descriptive text "permanent testpoint"

But am still seeing 0.00 URIBL_BLOCKED in MailScanner FE.

Can anyone advise what I have missed?

Thanks

EDIT:

I reloaded MailScanner then stopped and restarted it and it looks like this issue is resolved. Will test and report back later.
Post Reply