3

Short Version: Is it possible to configure spamassassin to perform its own recursive DNS lookups instead of using the server specified by the OS?

Long Version: I've got a collection of dedicated machines at RackSpace running mail services, but I've found that all of my queries to the 'free for most' DNSBL services are failing since they are going through the RS DNS servers rather than being resolved locally. The failure being caused by the squillion other RS customers using the RS DNS servers for the same purpose and pushing them out of the 'free for most' zone and into high orbit.

I am exploring my options and hoping to avoid having to set up my own separate DNS infrastructure.

edit

From what I've heard through other channels is that my two options are:

  1. Write a custom patch for SpamAssassin to implement local resolution for DNS/DNSBL queries.
  2. Stand up my own DNS server[s].

I've gone the 3/4-assed approach of installing BIND on each machine and specifying 127.0.0.1 as my nameserver. The default configuration [at least in the rpm package] is a resolving-only server that only listens on/allows queries from localhost.

Community
  • 1
Sammitch
  • 2,111
  • 1
  • 21
  • 35
  • What's wrong with RS's DNS servers? – Michael Hampton Dec 12 '13 at 01:21
  • 2
    @MichaelHampton nothing, aside from the squillion other people using them for the same purpose and pushing them out of the 'free for most' zone and into high orbit. edited my question to add this bit in. – Sammitch Dec 12 '13 at 01:33
  • Do you mean that they are charging you for DNS queries? Don't assume that everyone is familiar with a given provider's pricing structure. – Michael Hampton Dec 12 '13 at 02:29
  • 1
    @MichaelHampton RackSpace, no. DNSBL providers, yes. Instead of seeing a few thousand queries coming from my servers, these providers are seeing a few million queries from *every server RackSpace hosts* that is using SpamAssassin with default settings. This brings us well into the "give us money" range. – Sammitch Dec 12 '13 at 05:09
  • Too bad this isn't answered yet. I'm struggling with this issue. – Miloš Đakonović Dec 27 '17 at 09:26
  • @Miloshio the answer *is* there in the edit, it's "configure your own DNS resolver", and it tends to be just a generally good thing to do. – Sammitch Dec 27 '17 at 18:18
  • You should be able to set up a lightweight DNS caching + forwarding server like [dnsmasq](https://en.wikipedia.org/wiki/Dnsmasq) for this purpose, instructing the forwarder to query each DNSBL directly. – Adam Katz Sep 27 '18 at 17:36

0 Answers0