0

I've set up a small mail server which includes Spam Assassin. Everything seems to work great except one. SA docs suggest installing a caching DNS server to keep some RBLs from blocking the server over too many calls. On Ubuntu 14.04 Server, Dnsmasq seemed like a good, low resource choice. The installation requires almost no configuration and it appears to be working well.

A dig command returns 127.0.0.1 as the source server for the results. The Dnsmasq log shows active queries:

Nov 15 15:13:01 dnsmasq[8824]: reply wigglebest.com is v=spf1 a ~all
Nov 15 15:13:01 dnsmasq[8824]: query[A] wigglebest.com from 127.0.0.1
Nov 15 15:13:01 dnsmasq[8824]: forwarded wigglebest.com to 2001:4860:4860::8844
Nov 15 15:13:01 dnsmasq[8824]: query[A] c303.cloudmark.com from 127.0.0.1
Nov 15 15:13:01 dnsmasq[8824]: cached c303.cloudmark.com is 208.83.139.204
Nov 15 15:13:01 dnsmasq[8824]: query[A] public.pyzor.org from 127.0.0.1
Nov 15 15:13:01 dnsmasq[8824]: cached public.pyzor.org is 188.40.77.247
Nov 15 15:13:01 dnsmasq[8824]: cached public.pyzor.org is 188.40.77.206
Nov 15 15:13:01 dnsmasq[8824]: cached public.pyzor.org is 188.40.77.236
Nov 15 15:13:01 dnsmasq[8824]: cached public.pyzor.org is 188.40.77.235
Nov 15 15:13:01 dnsmasq[8824]: reply wigglebest.com is 94.249.249.186
Nov 15 15:13:01 dnsmasq[8824]: query[TXT] wigglebest.com from 127.0.0.1
Nov 15 15:13:01 dnsmasq[8824]: forwarded wigglebest.com to 2001:4860:4860::8844
Nov 15 15:13:02 dnsmasq[8824]: reply wigglebest.com is v=spf1 a ~all
Nov 15 15:13:02 dnsmasq[8824]: query[A] wigglebest.com from 127.0.0.1
Nov 15 15:13:02 dnsmasq[8824]: forwarded wigglebest.com to 2001:4860:4860::8844

The problem is that I am still getting URIBL_BLOCKED flags. I tried the test URIBL.com provides and the response indicates the default block status for using nameservers that have high traffic:

# host -tA 2.0.0.127.multi.uribl.com
2.0.0.127.multi.uribl.com has address 127.0.0.1 (As supported by SpamAssassin)

So despite what appears to be exactly what they suggest I use, the response is the same as not using it at all. I've emailed URIBL.com but they seem to leave this up to the user to figure out. The server has very little traffic so I should be able to use their (free) public mirrors. I'm no DNS expert, so if I've made some mistakes or bad assumptions, I'm open to any advice.

FYI, the only thing in my dnsmasq.conf is an increase of the cache size from default, and specification of a log file with queries for debugging. Resolvconf has set the generated resolv.conf to contain the "nameserver 127.0.0.1" only. Network Manager is not installed in the server version of Ubuntu by default, so there is no conflict there.

Thanks for any help.

David Rahrer
  • 103
  • 8

1 Answers1

0

Had same issue, fixed using bind9 after trying this for days..

https://unix.stackexchange.com/questions/94676/configure-spamassassin-to-use-uribl-and-google-public-dns

Community
  • 1
David
  • 31
  • 2
  • I could not make this work until I dug deeper. There are two issues. 1. As mentioned in my OP, since Ubuntu 12.04, resolvconf automatically configures resolv.conf dynamically. 2. Bind9 has (recently?) stopped triggering a change in resolvconf to add "nameserver 127.0.0.1" to resolv.conf upon install. The solution for me was to simply install bind9 (apt-get install bind9) and then edit "etc/default/bind9" and change the following: "RESOLVCONF=no" to "RESOLVCONF=yes" Save and restart bind9. Now it works fine. If anyone knows why this would be a bad idea, chime in. – David Rahrer Jan 02 '15 at 17:39