Periodic RBL Problems

Use this forum if you have installed hMailServer and want to ask a question related to a production release of hMailServer. Before posting, please read the troubleshooting guide. A large part of all reported issues are already described in detail here.
Post Reply
User avatar
Lee Thompson
Normal user
Normal user
Posts: 36
Joined: 2009-01-15 11:18

Periodic RBL Problems

Post by Lee Thompson » 2012-09-01 04:28

While troubleshooting some other issues I've noticed this happening a lot:

Code: Select all

"TCPIP"	1644	"2012-08-31 19:04:40.404"	"DNS query failure. Treating as temporary failure. Query: 125.162.136.216.zen.spamhaus.org, Type: A/AAAA, DnsQuery return value: 11002. Message: This is usually a temporary error during hostname resolution and means that the local server did not receive a response from an authoritative server"
"TCPIP"	1644	"2012-08-31 19:04:40.404"	"DNS lookup: 125.162.136.216.zen.spamhaus.org, 0 addresses found: (none), Match: False"
"TCPIP"	1644	"2012-08-31 19:04:40.561"	"DNS lookup: 125.162.136.216.bl.spamcop.net, 0 addresses found: (none), Match: False"
But I also see it working:

Code: Select all

"TCPIP"	1628	"2012-08-31 13:41:44.292"	"DNS lookup: 113.76.1.197.zen.spamhaus.org, 2 addresses found: 127.0.0.11, 127.0.0.4, Match: True"
"TCPIP"	1628	"2012-08-31 13:41:44.386"	"DNS lookup: 113.76.1.197.bl.spamcop.net, 0 addresses found: (none), Match: False"
"DEBUG"	1628	"2012-08-31 13:41:44.386"	"Spam test: SpamTestDNSBlackLists, Score: 10"
"DEBUG"	1628	"2012-08-31 13:41:44.386"	"Total spam score: 10"
So maybe the query failure just happens if it's not in their spammer database?

User avatar
mattg
Moderator
Moderator
Posts: 20971
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: Periodic RBL Problems

Post by mattg » 2012-09-01 05:30

Maybe they were just busy.

Zenhouse normally gives a fail it there is a fail
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

User avatar
jimimaseye
Moderator
Moderator
Posts: 8680
Joined: 2011-09-08 17:48

Re: Periodic RBL Problems

Post by jimimaseye » 2014-08-05 11:09

I too am getting this exact error more or less everytime (although there is occasional evidence that it goes without the "Type: A/AAAA, DnsQuery return value: 11002" error).

Code: Select all

"SMTPD"	4008	0	"2014-08-05 00:52:11.315"	"TCP"	"DNS query failure. Treating as temporary failure. Query: 35.22.246.81.zen.spamhaus.org, Type: A/AAAA, DnsQuery return value: 11002. Message: This is usually a temporary error during hostname resolution and means that the local server did not receive a response from an authoritative server"
"SMTPD"	4008	0	"2014-08-05 00:52:11.315"	"TCP"	"DNS lookup: 35.22.246.81.zen.spamhaus.org, 0 addresses found: (none), Match: False"
"SMTPD"	4008	0	"2014-08-05 00:52:11.487"	"TCP"	"DNS lookup: 35.22.246.81.bl.spamcop.net, 0 addresses found: (none), Match: False"
"SMTPD"	4008	0	"2014-08-05 00:52:11.534"	"TCP"	"DNS lookup: 35.22.246.81.zz.countries.nerd.dk, 1 addresses found: 127.0.0.56, Match: False"


"SMTPD"	4008	0	"2014-08-05 05:16:33.613"	"TCP"	"DNS query failure. Treating as temporary failure. Query: 7.1.157.212.zen.spamhaus.org, Type: A/AAAA, DnsQuery return value: 11002. Message: This is usually a temporary error during hostname resolution and means that the local server did not receive a response from an authoritative server"
"SMTPD"	4008	0	"2014-08-05 05:16:33.613"	"TCP"	"DNS lookup: 7.1.157.212.zen.spamhaus.org, 0 addresses found: (none), Match: False"
"SMTPD"	4008	0	"2014-08-05 05:16:33.660"	"TCP"	"DNS lookup: 7.1.157.212.bl.spamcop.net, 0 addresses found: (none), Match: False"
"SMTPD"	4008	0	"2014-08-05 05:16:45.718"	"TCP"	"DNS lookup: 7.1.157.212.zz.countries.nerd.dk, 0 addresses found: (none), Match: False"
Im not so convinced the problem lies with Zenhaus. I never had this problem once until this week. Whats changed? I started running my own DNScache serve rather than have all DNS calls go straight out to the web. So I think its more something to dfo with that. But how to prove and what to do??
5.7 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

User avatar
jimimaseye
Moderator
Moderator
Posts: 8680
Joined: 2011-09-08 17:48

Re: Periodic RBL Problems

Post by jimimaseye » 2014-09-09 13:12

Im convinced.

I have been having these errors almost all the time.

However, onceI cleared my DNS Server cache (Im running the default 'DNS Server' in Server2008 R2) then the future lookups to spamhaus go ok and that error doesnt return. It will be a day or so and then they do return again.

Ive proved that it is the local dns server that is failing to do its job and causes the error.
5.7 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

SniffTheGlove
Normal user
Normal user
Posts: 60
Joined: 2014-08-22 20:43

Re: Periodic RBL Problems

Post by SniffTheGlove » 2014-09-09 20:10

I had similar over a week ago and I nailed the issue to my Win7 DNSCache. I kept getting DNS timeouts, so I disabled the service and installed Acrylic DNS and not had any DNS issues since.
--
Sniff

hMailServer 5.6 B2145 on Windows 7 Pro Workstation (My Mini Server running Mail,Web and DNS)

9657d3c8658701f14294f87a8ee0d878

User avatar
jimimaseye
Moderator
Moderator
Posts: 8680
Joined: 2011-09-08 17:48

Re: Periodic RBL Problems

Post by jimimaseye » 2014-09-10 09:03

Hi Sniff, thanks for that confirmation.

Im interested in hearing about your alternative solution. Is it a simple 'install and leave' software or does it need endless complicated configurations? Does it work just by caching and renewing pages based on their default TTL values? (I took a quick look at the webpage but it seems that the configuration of the software is quite complicated).
5.7 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

User avatar
jimimaseye
Moderator
Moderator
Posts: 8680
Joined: 2011-09-08 17:48

Re: Periodic RBL Problems

Post by jimimaseye » 2014-09-10 14:34

Okay, an update for readers:

I too have had the error as reported in this thread and I have determined it is due to my localised use of the microsoft 'DNS SERVER' on my windows Server 2008 box. (I never got these errors until I implemented that, and also shown that if the dns cache was flushed/cleared the error goes away for some hours before returning again.). To be sure, the reason for the use of a local DNS Server as opposed to standard use via the ISP supplied DNS was the significantly improved scantime for spamassassin and hmailserver from 15 seconds down to 3 or 4).

So, as the error seemed to only apply to the SPAMHAUS.ORG blacklist lookups, I decided to exempt that domain from my local dns cache and had my dns server forward requests for it directly out to my ISP's default DNS: I added a 'conditional forwarder' in the DNS Server setup:
DOMAIN: spamhaus.org
to IP/FQDN: <my ISP's DNS server address - either in IP form or FQDN form>
Since doing so I have no longer received this error.

OF course, who knows whether there are other DNS query failures going on generally - but I have no evidence anywhere that there is (no failed internet page loads, win log events or anything), anywhere at all; It was only the hmailserver logfile for SPAMHAUS.ORG lookups that had an error with DNS and reports as such. As this is the only thing obvious and of concern I maintain this single 'fix' for the problem.

As a further note, (for readers in the same situation using MS DNS Server) I also note that the 'scantimes' that it takes spamassassin and hmailserver to evaluate a message slowly creeps up later in the day. I noted that by clearing the DNS Server cache, this scantime comes down again (to 4 or 5 seconds instead of 10 or 11). So, I have implemented in my 'nightly' housekeeping routine the following command

Code: Select all

dnscmd /clearcache
this clears the DNS Server cache daily and therefore brings the scantimes down again.

So it is clear that DNS SERVER (as Sniff has also identified) was the cause of some problems/inadequacies. I found for my simple setup that adding the 2 'fixes' above keeps things working as best as can be expected given the choice of software in use.
5.7 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

User avatar
SorenR
Senior user
Senior user
Posts: 3708
Joined: 2006-08-21 15:38
Location: Denmark

Re: Periodic RBL Problems

Post by SorenR » 2014-09-10 16:28

SørenR.

“Those who don't know history are doomed to repeat it.”
― Edmund Burke

User avatar
jimimaseye
Moderator
Moderator
Posts: 8680
Joined: 2011-09-08 17:48

Re: Periodic RBL Problems

Post by jimimaseye » 2014-09-10 16:33

VERY interesting, thank you Soren. I did extensive googling and didnt find this particular entry (I did find others which I have tried).

I will try this and see what happens. Thanks again.
5.7 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

SniffTheGlove
Normal user
Normal user
Posts: 60
Joined: 2014-08-22 20:43

Re: Periodic RBL Problems

Post by SniffTheGlove » 2014-09-10 17:06

Acrylic is very easy. No GUI just a config file.

Edit in notepad..

This is my config. To use it just change the HitLogFileName andStatsLogFileName paths for your directory structure. Also if you are on a different class c address to me (192.168.0.*) then change the setting [AllowedAddressesSection]. Thats it.
AcrylicConfiguration.ini

Code: Select all

;
; IF YOU MAKE ANY CHANGES TO THIS FILE YOU HAVE TO RESTART THE ACRYLIC DNS
; PROXY SERVICE IN ORDER TO SEE THEIR EFFECTS.
;
[GlobalSection]
;
; The cluster of host names the primary DNS server is to resolve.
;
; The affinity mask is a list of semicolon separated values or wildcards that
; allows to restrict which DNS server is going to resolve a particular host name.
;
; In the following example only the requests for host names ending with ".com"
; get forwarded to the primary DNS server:
;
; PrimaryServerHostNameAffinityMask=*.com
;
; In the following example only the requests for host names ending with ".com"
; and ".org" get forwarded to the primary DNS server:
;
; PrimaryServerHostNameAffinityMask=*.com;*.org
;
; Negations can be expressed by prepending a caret (^) to the value or wildcard.
;
; In the following example only the requests for host names NOT ending with
; ".com" or ".org" get forwarded to the primary DNS server (the last catch-all
; value is particularly important in this case as, if missing, no request would
; ever be forwarded to the primary DNS server):
;
; PrimaryServerHostNameAffinityMask=^*.com;^*.org;*
;
PrimaryServerHostNameAffinityMask=
;
; A list of semicolon separated values representing DNS query types that allows
; to restrict which DNS server is going to resolve a particular query type.
;
; In the following example only the requests for A, AAAA and MX query types
; get forwarded to the primary DNS server:
;
; PrimaryServerQueryTypeAffinityMask=A;AAAA;MX
;
; The supported query types are:
;
; A       A6      AAAA    ADDRS   AFSDB   ATMA    AXFR    CERT    CNAME
; DHCID   DNAME   DNSKEY  DS      EID     GID     GPOS    HINFO   ISDN
; IXFR    KEY     KX      LOC     MAILA   MAILB   MB      MD      MF
; MG      MINFO   MR      MX      NAPTR   NIMLOC  NS      NSAP    NSAPPTR
; NSEC    NULL    NXT     OPT     PTR     PX      RP      RRSIG   RT
; SIG     SINK    SOA     SRV     TEXT    TKEY    TSIG    UID     UINFO
; UNSPEC  WINS    WINSR   WKS     X25
;
PrimaryServerQueryTypeAffinityMask=
;
; The IP address of your primary DNS server.
; Upon installation it points to the primary OpenDNS server.
;
PrimaryServerAddress=209.244.0.3
;
; The UDP port your primary DNS server is supposed to be listening to. The
; default value of 53 is the standard port for DNS resolution. You should
; change this value only if you are using a non standard DNS server.
;
PrimaryServerPort=53
;
; You can decide to ignore negative responses coming from the primary DNS
; server by uncommenting the following line.
;
; IgnoreNegativeResponsesFromPrimaryServer=Yes
;
; The configuration of your secondary DNS server.
; Upon installation it points to the secondary OpenDNS server.
; For details please refer to the explanations given for the primary DNS server.
;
SecondaryServerHostNameAffinityMask=
SecondaryServerQueryTypeAffinityMask=
SecondaryServerAddress=209.244.0.4
SecondaryServerPort=53
; IgnoreNegativeResponsesFromSecondaryServer=Yes
;
; The configuration of your tertiary DNS server.
; For details please refer to the explanations given for the primary DNS server.
;
TertiaryServerHostNameAffinityMask=
TertiaryServerQueryTypeAffinityMask=
TertiaryServerAddress=8.8.8.8
TertiaryServerPort=53
; IgnoreNegativeResponsesFromTertiaryServer=Yes
;
; The configuration of your quaternary DNS server.
; For details please refer to the explanations given for the primary DNS server.
;
QuaternaryServerHostNameAffinityMask=
QuaternaryServerQueryTypeAffinityMask=
QuaternaryServerAddress=8.8.4.4
QuaternaryServerPort=53
; IgnoreNegativeResponsesFromQuaternaryServer=Yes
;
; The configuration of your quinary DNS server.
; For details please refer to the explanations given for the primary DNS server.
;
QuinaryServerHostNameAffinityMask=
QuinaryServerQueryTypeAffinityMask=
QuinaryServerAddress=89.233.43.71
QuinaryServerPort=53
; IgnoreNegativeResponsesFromQuinaryServer=Yes
;
; The configuration of your senary DNS server.
; For details please refer to the explanations given for the primary DNS server.
;
SenaryServerHostNameAffinityMask=
SenaryServerQueryTypeAffinityMask=
SenaryServerAddress=89.104.194.142
SenaryServerPort=53
; IgnoreNegativeResponsesFromSenaryServer=Yes
;
; The configuration of your septenary DNS server.
; For details please refer to the explanations given for the primary DNS server.
;
SeptenaryServerHostNameAffinityMask=
SeptenaryServerQueryTypeAffinityMask=
SeptenaryServerAddress=
SeptenaryServerPort=53
; IgnoreNegativeResponsesFromSeptenaryServer=Yes
;
; The configuration of your octonary DNS server.
; For details please refer to the explanations given for the primary DNS server.
;
OctonaryServerHostNameAffinityMask=
OctonaryServerQueryTypeAffinityMask=
OctonaryServerAddress=
OctonaryServerPort=53
; IgnoreNegativeResponsesFromOctonaryServer=Yes
;
; The configuration of your nonary DNS server.
; For details please refer to the explanations given for the primary DNS server.
;
NonaryServerHostNameAffinityMask=
NonaryServerQueryTypeAffinityMask=
NonaryServerAddress=
NonaryServerPort=53
; IgnoreNegativeResponsesFromNonaryServer=Yes
;
; The configuration of your denary DNS server.
; For details please refer to the explanations given for the primary DNS server.
;
DenaryServerHostNameAffinityMask=
DenaryServerQueryTypeAffinityMask=
DenaryServerAddress=
DenaryServerPort=53
; IgnoreNegativeResponsesFromDenaryServer=Yes
;
; THE ACRYLIC DNS CACHING MECHANISM EXPLAINED
;
; When Acrylic receives a DNS request from a client the hosts cache (a static
; cache contained in the AcrylicHosts.txt file) is searched first. If nothing
; is found in it the request is subsequently searched in the address cache (a
; dynamic cache contained in the AcrylicCache.dat file). At this point three
; things may happen:
;
; Case 1:
;
; The request is not found in the address cache or its corresponding response
; is older than AddressCacheScavengingTime minutes: In this case the original
; request is forwarded to all of the configured DNS servers simultaneously. The
; response to the client is delayed until the first one of the configured DNS
; servers comes out with a valid response (all the others will be discarded).
;
; Case 2:
;
; The request is found in the address cache and its corresponding response is
; older than AddressCacheSilentUpdateTime minutes but not older than
; AddressCacheScavengingTime minutes: In this case the response to the client
; is sent immediately from the address cache and the original request is also
; forwarded to all of the configured DNS servers like in the previous case. The
; first response coming from one of the configured DNS servers will be used to
; silently update the address cache (all the others will be discarded).
;
; Case 3:
;
; The request is found in the address cache and its corresponding response is
; younger than AddressCacheSilentUpdateTime minutes: In this case the response
; to the client is sent immediately from the address cache and no network
; activity with the configured DNS servers will occur.
;
; Note: Negative responses from the DNS servers can be cached with a different
; expiration time (usually much smaller) than positive ones by setting the value
; of the AddressCacheNegativeTime parameter.
;
; Simply using Acrylic with default parameters should give a lot of boost to the
; performance of your DNS queries but to get the best out of it you may have to
; tune it to your specific needs:
;
; If you are concerned with the cache not being enough up to date (e.g. you are
; using Acrylic on a LAN with addresses given by a DHCP server using a short
; lease) use a lower value for the AddressCacheSilentUpdateTime and the
; AddressCacheNegativeTime parameters:
;
; AddressCacheNegativeTime=10
; AddressCacheScavengingTime=600
; AddressCacheSilentUpdateTime=450
;
; If your DNS servers are particularly unreliable and you want to minimize the
; disruption to your work should they become unresponsive use a higher value for
; the AddressCacheScavengingTime and the AddressCacheSilentUpdateTime:
;
; AddressCacheNegativeTime=57600
; AddressCacheScavengingTime=57600
; AddressCacheSilentUpdateTime=43200
;
; And now about the caching parameters:
;
; The time to live (in minutes) of a negative response in the address cache.
;
AddressCacheNegativeTime=720
;
; The time to live (in minutes) of a positive response in the address cache.
;
AddressCacheScavengingTime=14400
;
; The time (in minutes) elapsed which an item in the address cache must be
; silently updated should a request occur.
;
AddressCacheSilentUpdateTime=10800
;
; AddressCache data can be compressed by Acrylic should it determine (on a
; single item basis) that it would save some space. Since a very fast LZO
; compression engine is used it is usually best to keep compression ON.
;
; AddressCacheDisableCompression=Yes
;
; You can disable the address cache altogether by uncommenting the following
; line. If you do Acrylic will work as a forwarding-only DNS proxy.
;
; AddressCacheDisabled=Yes
;
; The local IP address to which Acrylic binds. A value of 0.0.0.0 indicates
; that Acrylic should bind to all available addresses and as such it will be
; able to receive DNS requests and responses coming from all of your network
; cards and modems. A value corresponding to the IP address of one of them
; instead will allow Acrylic to receive DNS requests/responses only from
; that specific network card or modem.
;
LocalBindingAddress=0.0.0.0
;
; The UDP port at which Acrylic responds. The default value of 53 is the
; standard port for DNS resolution. You should change this value only if
; you are using a non standard DNS client.
;
LocalBindingPort=53
;
; The file name of the hit log into which every incoming DNS packet seen by
; Acrylic gets logged. You can specify here an absolute or a relative path and
; a sort of daily log rotation can be achieved by including the %DATE% template
; within the name.
;
; In the hit log, along with the packet timestamp, client address and host name
; there's a treatment field (how Acrylic treated it). Possibile values are:
;
; B -> Explicitly blocked
; H -> Resolved from the HOSTS cache
; C -> Resolved from the Acrylic cache
; F -> Forwarded to the configured DNS servers
; R -> Received from one of the configured DNS servers
; U -> Silent update from one of the configured DNS servers
;
; Example:
;
; HitLogFileName=HitLog.%DATE%.txt
;
HitLogFileName=C:\Users\Sniff\Documents\Server Scripts\Acrylic_DNS_Hits.%DATE%.log
;
; The filter which controls what gets logged into the hit log and what's not.
; A valid filter is whatever combination of packet types (for their meaning
; see the previous note) specified in any order.
;
HitLogFileWhat=BHCFRU
;
; The file name of the stats log into which Acrylic saves informations
; about the performance of your DNS servers and some statistical data about
; the fate of your DNS requests. You can specify here an absolute or a relative
; path.
;
StatsLogFileName=C:\Users\Sniff\Documents\Server Scripts\Acrylic_DNS_Stats.%DATE%.log
;
; ALLOWING REQUESTS FROM OTHER COMPUTERS
;
; Although for security reasons the default behaviour of Acrylic is to refuse
; to handle requests coming from other computers it is possible to specify in
; the AllowedAddressesSection a list of IP addresses or IP subnets from which
; can come requests that Acrylic is allowed to handle. You have to specify
; a different key name for each entry, like in the following example:
;
; [AllowedAddressesSection]
; IP1=192.168.45.254        -- A single IP address
; IP2=192.168.44.100        -- Another single IP address
; IP3=192.168.100.*         -- All addresses starting with 192.168.100
; IP4=172.16.*              -- All addresses starting with 172.16
;
; For performance reasons keep the number of addresses listed in this section
; as low as possible (you should try to specify subnets instead of large lists
; of IP addresses whenever possible).
;
; Note: Wildcards (like 192.168.100.*) are allowed. Although not recommended
; for security reasons you can allow Acrylic to handle requests coming from
; any IP address, like in the following example:
;
; [AllowedAddressesSection]
 IP1=192.168.0.*
;
[AllowedAddressesSection]
;
; The CacheExceptionsSection section below may contain a list of names
; for which caching does not occur (DNS requests for them are directly
; forwarded to the DNS servers). This may be useful if you have a small
; subset of IP addresses that change rapidly but you don't want to loose
; the performance improvements of caching for all the other addresses.
;
; Example:
;
; [CacheExceptionsSection]
; NAME1=somemachine.mydomain.local
; NAME2=*.microsoft.com
;
; Note: Wildcards (like *.microsoft.com) are allowed.
;
[CacheExceptionsSection]
;
; The WhiteExceptionsSection section below may contain a list of names
; outside of which DNS requests are resolved by Acrylic as "localhost". If
; the section is empty Acrylic behaves normally by trying to resolve every DNS
; request through all its strategies (hosts cache, address cache, forward). If
; the section contains at least an item instead Acrylic behaves as in some
; sort of parental control mode by resolving automatically as "localhost"
; every DNS request for hosts which are not present in the list.
;
; Example:
;
; [WhiteExceptionsSection]
; NAME1=mayakron.altervista.org
; NAME2=*.wikipedia.org
;
; Note: Wildcards (like *.wikipedia.org) are allowed.
;
[WhiteExceptionsSection]
I also run a AcrylicHosts.txt, which is a modified hosts file.

Code: Select all

#############################################################################
#                                                                           #
# IF YOU MAKE ANY CHANGES TO THIS FILE YOU HAVE TO RESTART THE ACRYLIC DNS  #
# PROXY SERVICE IN ORDER TO SEE THEIR EFFECTS.                              #
#                                                                           #
# This is the AcrylicHosts.txt file.                                        #
#                                                                           #
# It contains predefined mappings between names and addresses exactly the   #
# same way the native HOSTS file does.                                      #
#                                                                           #
# The format is: IPADDRESS HOSTNAME1 [HOSTNAME2] [HOSTNAME3] ...            #
#                                                                           #
# Where IPADDRESS is in quad-dotted notation and HOSTNAMES are strings.     #
#                                                                           #
# The separator between IPADDRESS and HOSTNAMES can be any number of spaces #
# or tabs or both. If the HOSTNAMES contain the special characters '*' and  #
# '?' a (slow) "dir" like pattern matching algorithm is used instead of a   #
# (fast) binary search within the list of host names:                       #
#                                                                           #
# 127.0.0.1 ad.* ads.*                                                      #
#                                                                           #
# If a HOSTNAME starts with the '/' character instead it is treated like a  #
# regular expression (also very slow compared to a binary search):          #
#                                                                           #
# 127.0.0.1 /^ads?\..*$                                                     #
#                                                                           #
# Note: More info about the regular expression engine and its syntax can be #
# found at: http://regexpstudio.com                                         #
#                                                                           #
# It is also possible to specify exceptions when regular expressions or     #
# pattern based matching is used. If for example we would like to filter    #
# out all ads.* like domains except for the ads.test1 and the ads.test2 we  #
# should write:                                                             #
#                                                                           #
# 127.0.0.1 ads.* -ads.test1 -ads.test2                                     #
#                                                                           #
# Note: A line starting with the '#' character (and everything after it if  #
# it's found within a line) is considered a comment and therefore ignored.  #
#                                                                           #
#############################################################################

127.0.0.1 localhost
# Internal name resolution 
192.168.0.1	gatewayrouter.localhost
192.168.0.1	pigzone1.localhost
192.168.0.2	pigzone3.localhost
192.168.0.3	pigzone3.localhost
192.168.0.4	pigzone4.localhost
192.168.0.5	pigzone5.localhost
192.168.0.10	test1.localhost
192.168.0.10	test2.localhost
192.168.0.10	test3.localhost
192.168.0.10	test4.localhost
192.168.0.10	test5.localhost


Remember to disable the Windows DNSChace Service (though it does work if the service is running but there is no point running 2 DNS services)

After initial config I have not bothered with it at all.

I now run one copy on my hMailServer and also another on my development PC.
--
Sniff

hMailServer 5.6 B2145 on Windows 7 Pro Workstation (My Mini Server running Mail,Web and DNS)

9657d3c8658701f14294f87a8ee0d878

User avatar
jimimaseye
Moderator
Moderator
Posts: 8680
Joined: 2011-09-08 17:48

Re: Periodic RBL Problems

Post by jimimaseye » 2014-09-10 17:12

@Soren (FYI):

Well, hotfix installed. That worked well then (....not!). Installed, repooted, and fired off a test email in:

Code: Select all

"SMTPD"	2016	0	"2014-09-10 16:06:16.218"	"TCP"	"DNS query failure. Treating as temporary failure. Query: 215.33.205.213.b.barracudacentral.org, Type: A/AAAA, DnsQuery return value: 11002. Message: This is usually a temporary error during hostname resolution and means that the local server did not receive a response from an authoritative server"
"SMTPD"	2016	0	"2014-09-10 16:06:16.218"	"TCP"	"DNS lookup: 215.33.205.213.b.barracudacentral.org, 0 addresses found: (none), Match: False"
At least before the hotfix I would only get this after a few lookups - here it has done it on the FIRST. Oh well, back to the drawing board.

@Sniff: cheers mate, I will consider this and make a decision.
5.7 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

madbadger
New user
New user
Posts: 9
Joined: 2014-09-11 15:53
Location: Ajax, Ontario, Canada

Re: Periodic RBL Problems

Post by madbadger » 2014-09-11 15:58

I as well have been experiencing the same "temporary failures"
I am not running the Microsoft DNS Server. After installation of the latest updates on Server 2008 R2, the problems appear to have cleared.

User avatar
jimimaseye
Moderator
Moderator
Posts: 8680
Joined: 2011-09-08 17:48

Re: Periodic RBL Problems

Post by jimimaseye » 2014-09-11 19:30

Thanks Madbadger. Unfortunately it isnt the case with me: I have all updates applied and still it continues. As stated, even with the MS patch (quoted earlier) there are still occasional errors continuing to appear.

He is an extract stating two of them today:

Code: Select all

"SMTPD"	1632	0	"2014-09-11 15:50:12.146"	"TCP"	"DNS query failure. Treating as temporary failure. Query: 221.106.220.79.b.barracudacentral.org, Type: A/AAAA, DnsQuery return value: 11002. Message: This is usually a temporary error during hostname resolution and means that the local server did not receive a response from an authoritative server"
"SMTPD"	1632	0	"2014-09-11 15:50:12.146"	"TCP"	"DNS lookup: 221.106.220.79.b.barracudacentral.org, 0 addresses found: (none), Match: False"
"SMTPD"	1632	0	"2014-09-11 15:50:20.538"	"TCP"	"DNS - Query failure. Treating as temporary failure. Query: luxury-publications.com, Type: 15, DnsQuery return value: 9002."
The key thing to note in these occasions is the errorcode. MOST of the errors that appear read as the first one, being 11002. This code, according to microsoft here:http://msdn.microsoft.com/en-us/library ... 85%29.aspx means:
"This is usually a temporary error during hostname resolution and means that the local server did not receive a response from an authoritative server."
That to me, given it seems to only occur with this DNS Server software (and never when I was accessing external DNS queries), suggests its still this software here not requesting/receiving a lookup correctly.

But, look at the other error that appeared, 9002:
"DNS server failure."
GUILTY! Thats it then. All guess work removed!

So I go back to my initial workaround as I stated in my previous post: I am going back to adding the Conditional Forwarders for barracudacentral.org and spamhaus.org (the two DBL lookups I use that seem to have these failures). With the nightly cache-cleardown, I should still benefit from speedier spamassassin evaluations (3 or 4 seconds) from using the localised dns cache but without experiencing these errors which could potentially misidentify the authenticity or status of spam mail.

(Of course, as I do, if I see anything further or do anything different I will post here).
5.7 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

percepts
Senior user
Senior user
Posts: 5282
Joined: 2009-10-20 16:33
Location: Sceptred Isle

Re: Periodic RBL Problems

Post by percepts » 2014-09-11 19:35

are you sure spamassassin isn't already doing lookups on those rbl servers and possibly altering your local dns cache which maybe the MS DNS software isn't handling properly?

User avatar
jimimaseye
Moderator
Moderator
Posts: 8680
Joined: 2011-09-08 17:48

Re: Periodic RBL Problems

Post by jimimaseye » 2014-09-11 21:33

Looking at both the spamassassin log and the hmailserver log, these lookups are being done by hmailserver first, before then parsing the message to spamassassin (which is sure to be doing SOME of the same lookups, but not all). So spamassassin lookups are not interfering, no. But even if was the other way round, given that 'error' is intermittent and seemingly without any pattern, the problem still lies with the DNS Server which should be handling all conditions correctly. (And anyway, whether spamassassin or internal hmailserver is doing the search, it still on the same box and there is still only one DNS record (whether current or expired requiring a refresh) at any one time which both HM and SA will refer to.)
5.7 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

percepts
Senior user
Senior user
Posts: 5282
Joined: 2009-10-20 16:33
Location: Sceptred Isle

Re: Periodic RBL Problems

Post by percepts » 2014-09-11 21:50

I was just thinking aloud (not always a good thing) and of course whilst hmail may process a single mail in a certain order, spamd and hmail are running all the time and who knows what they have their hooks into from the previous mail or one from a parralel thread.

Post Reply