0

I'm running a mail server, Smartermail (SM) on Windows 2012 Essentials. The server is also doing DNS, but has no other roles. The DNS server is using the root hints and has no forwarders configured.

As part of spam checks, SM is configured to check a bunch of RBLs and URIBLs. However, after a few hours, I cannot query anything on Spamhaus (zen.spamhaus.org, rbl.spamhaus.org) unless I clear the cache on my DNS server. It is a low volume server with only a few thousand messages a day so I do not think I'm breaking their TOS. Every other RBL I check continues to work fine and I can continue to query other domain names as far as I can tell.

I'm scheduling a task so that the DNS server clears it's cache every 2 hours, but that is just a band-aid. I feel like there's a problem with either my DNS server settings or possibly my firewall. Any ideas why I would have to clear the cache to be able to query Spamhaus again?

pooter03
  • 436
  • 4
  • 11
  • 1
    When the problem happens, can you use nslookup and query Spamhaus directly? What happens? – gtirloni Sep 04 '14 at 14:26
  • Yeah, I'll do a query zen.spamhaus.org or dbl.spamhaus.org which simply returns Name: dbl.spamhaus.org when it is working. When it stops working, it times out. After I clear the cache it responds again. The task to clear the cache every 2 hours seems to be working so far, but it seems to me that it is a band aid masking a bigger problem, which makes me nervous. – pooter03 Sep 04 '14 at 14:56
  • does any aother DNS query work at that moment? – Dusan Bajic Sep 04 '14 at 15:52
  • As far as I can tell, every other DNS query works except for spamhaus.org. My first thought was that they were blocking us for overutilization, but we are a pretty low volume mail server, and clearing the cache wouldn't fix it. – pooter03 Sep 04 '14 at 15:55
  • OK, I verified. spamhaus stopped responding but other domains I'm pretty sure we haven't queries work fine. > cmu.edu Server: mailer2.workgroup.local Address: 192.168.250.65 Non-authoritative answer: Name: cmu.edu Address: 128.2.42.10 > sportsline.com Server: mailer2.workgroup.local Address: 192.168.250.65 > spamhaus.org Server: mailer2.workgroup.local Address: 192.168.250.65 > dbl.spamhaus.org Server: mailer2.workgroup.local Address: 192.168.250.65 DNS request timed out. timeout was 2 seconds. – pooter03 Sep 04 '14 at 16:09

1 Answers1

0

Most RBLs have a maximum on the number of queries which can be performed from a particular DNS server in a 24 hour period. The maximum varies between 100 and 200K queries per day, so you can see how using a public DNS server might quickly go beyond that maximum.

Even a low-volume MX server can exceed some of the RBL deny thresholds quickly.

It is highly recommended that you run your own DNS and use that DNS as the RBL query reference to prevent hitting the 24 hour maximum.

See my response to this issue in the SmarterMail Community Thread, "Weird Issue with Spamhaus.org RBLs" at: http://portal.smartertools.com/community/a276/weird-issue-with-spamhaus_org-dbls.aspx

ChicagoNetTech
  • 1
  • 1