URIBL Blocked

Use this forum for discussions about SpamAssassin and anti-spam in general.
Post Reply
User avatar
jimimaseye
Moderator
Moderator
Posts: 8131
Joined: 2011-09-08 17:48

URIBL Blocked

Post by jimimaseye » 2018-04-20 09:22

I have windows DNS Server in use as a caching server and it forwards all its lookups.

Recently, I have now noticed that my Spamassassin URILBL are being blocked

Code: Select all

X-Spam-Report: 
	*  0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was blocked.
	*       See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block
	*      for more information.
I know diddly about implementing the DNS Server beyond that of the forwarding server it is now.

Can anyone guide me on how to either

a, take a mirror of the http://www.uribl.com/ dns lookups and store them local to my server so it doesnt have to lookup each query directly every time (preferable) OR
b, something else without saying anything that is similar to "use [non-windows DNS server Here]"

Thanks
HMS 5.6.6 B2383 on Win Server 2008 R2 Foundation, + 5.6.7-B2415 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

User avatar
RvdH
Senior user
Senior user
Posts: 798
Joined: 2008-06-27 14:42
Location: Netherlands

Re: URIBL Blocked

Post by RvdH » 2018-04-20 09:28

Use a conditional forwarder? Eg, not using your ISP DNS but do the lookup yourself so it doen't reach the hit limit
https://www.jam-software.com/spamassass ... redns.html
CIDR to RegEx: d-fault.nl/CIDRtoRegEx
DNS Lookup: d-fault.nl/DNSTools
DNSBL Lookup: d-fault.nl/DNSBLLookup
GEOIP Lookup: d-fault.nl/GeoipLookup

User avatar
mattg
Moderator
Moderator
Posts: 20133
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: URIBL Blocked

Post by mattg » 2018-04-20 09:52

I think that you need to make your windows DNS server non-caching

modify this registry entry:

KEY Name: HKLM\System\CurrentControlSet\Services\DNS\Parameters
Entry Name: MaxCacheTtl
Type: REG_DWORD
Value: 0x15180 (this is the default value)

To disable the caching completely on DNS Server, set the value of MaxCacheTtl to 0x0.
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

User avatar
jimimaseye
Moderator
Moderator
Posts: 8131
Joined: 2011-09-08 17:48

Re: URIBL Blocked

Post by jimimaseye » 2018-04-20 10:45

RvdH wrote:
2018-04-20 09:28
Use a conditional forwarder? Eg, not using your ISP DNS but do the lookup yourself so it doen't reach the hit limit
https://www.jam-software.com/spamassass ... redns.html
Cheers Ruud - that looks like the solution. I shall try it over the weekend.

@Matt: presumably if I turned off caching then it would continue to forward the requests (my DNS Server is not a mirror, it is a forwarding caching server only). I think the issue is that my server forwards requests to my ISP server which, along with all its other users, is then exceeding its allowed limit with uribl.com (as all the links that it looks up are unlikely to be repeated in multiple emails the 'caching' element for these lookups is largely useless). So making my server do the lookup directly (as Ruud/Jam Guide has explained) will hopefully register my individual address on uribl.com as the requesting IP which will be just a (comparatively) few a day instead of thousands (or millions) that the ISP's dns servers do.
HMS 5.6.6 B2383 on Win Server 2008 R2 Foundation, + 5.6.7-B2415 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

User avatar
jimimaseye
Moderator
Moderator
Posts: 8131
Joined: 2011-09-08 17:48

Re: URIBL Blocked

Post by jimimaseye » 2018-04-21 00:56

So Ive added the records, one each for the entries:

hh.uribl.com
aa.uribl.com
bb.uribl.com
cc.uribl.com
dd.uribl.com
ee.uribl.com
ff.uribl.com
gg.uribl.com

and it has stopped the problem. (Thanks again Ruud).

The only thing I wonder is how often the IP addresses behind the above entries change (when you enter it in to the system it resolves the FQDN entry as entered above in to the current IP address and stores that instead.) Hopefully rarely or never otherwise eventually the lookups will all stop working. (Unfortunately the Conditional Forwarding feature in windows DNS Server doesnt let you simply enter the FQDN and have them resolve or update automatically.)
HMS 5.6.6 B2383 on Win Server 2008 R2 Foundation, + 5.6.7-B2415 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

Post Reply