URIBL_BLOCKED despite caching nameserver

Question

I run a mail server for two people, Ubuntu 10.04 LTS. I have Spamassassin running via Amavis/Postfix. In many messages, I am getting URIBL_BLOCKED in the X-Spam-Status headers, which indicates that the request is coming from a source that makes too many requests to URIBL's servers.[1] URIBL and Spamassassin both state that running a caching nameserver should fix this for low volume users, since the likely cause is that the DNS request is coming from the ISP's server, which makes lots of requests.[1][2] I would like URIBL to work.

So I installed bind9, and added the following lines to named.conf.options:

acl goodclients {
    localhost;
    127.0.0.1;
};

and within "options" I added

 recursion yes;
 allow-query { goodclients; };

I set RESOLVCONF=yes in /etc/default/bind and restarted bind9.

URIBL provides a test point, as described at http://www.uribl.com/about.shtml#abuse. In a terminal for my mail server, when I type

host -tA 2.0.0.127.multi.uribl.com

the response is

2.0.0.127.multi.uribl.com has address 127.0.0.14

which is what URIBL says is the response meaning "Not Blocked". But I'm still getting spam with URIBL_BLOCKED in the X-Spam-Status headers. I've also run 'rudc flush' to clear any previous records in bind; and restarted Amavis and Postfix in case they somehow were caching DNS info.

Why would the command-line test to uribl pass, but requests from within amavis/spamassassin fail?

[1] http://www.uribl.com/about.shtml#abuse, last sentence under "Abuse": "If you use your ISP Nameservers for resolution, and they are blocked, consider running your own caching nameserver."

[2] https://wiki.apache.org/spamassassin/CachingNameserver

score 4 · Accepted Answer · edited Feb 11 '16 at 10:23

4

I had this problem and resolved it by simply restarting spamd. Apparently it needed a reboot to update the name server it was connecting to.

Also ensure you've told your system to use your new local nameserver by configuring /etc/resolv.conf with:

nameserver 127.0.0.1

And in case it is helpful, here is my /etc/named.conf file: http://pastebin.com/r0RYawGj

edited Feb 11 '16 at 10:23

Ewan Mellor

103
4

answered Oct 30 '14 at 15:13

Quinn Comendant

548
2
17

Good idea and thanks for suggesting it, but no luck. I also just rebooted on the theory that there must be some service that I wasn't thinking of (or aware of) that needed to be flushed or restarted. No luck with that either. – joseph_morris Nov 02 '14 at 21:21
So, obvious question: what does your `/etc/resolv.conf` contain? The `host` command should use its values the same as `spamd` but maybe there's something funny going on. Also perhaps also helpful, here is my full `/etc/named.conf` file working well as a forwarding, caching name server for spamassassin: http://pastebin.com/r0RYawGj – Quinn Comendant Nov 04 '14 at 07:00
And the correct answer is: one needs to have 'nameserver 127.0.0.1' in the resolve.conf, I forgot that step. (Did you have to say it was "obvious", geez :^) ). If you edit your answer to include that I'll accept and upvote. Thanks for taking the time to help. – joseph_morris Nov 04 '14 at 19:11
Ha—glad you found it. Answer edited. =) – Quinn Comendant Nov 06 '14 at 07:16

score 4 · Answer 2 · answered Nov 07 '14 at 17:03

Another important detail I just learned today thanks to a coworker: Ensure ONLY your DNS server is in resolv.conf.

I added 127.0.0.1 to my list instead of replacing my hosts default DNS servers (expecting it to hit mine first and fallback to the others), and found out I was round-robin on the DNS servers, so 2/3rd of my queries went out over the other servers instead of my own.

So wipe out any of the other name servers, and ensure you're not forwarding in named.conf also (forwarders section).

yes,I had the same incorrect assumption. your suggestion solved my problem, thanks for the extended explanation — Steve Wasiura, Jan 25 '18 at 17:54

URIBL_BLOCKED despite caching nameserver

2 Answers2

Linked