Announcement

**jcoffin** · 09-23-2019, 06:23 PM

You may have to get an external DNS service that supports SPAM lookups.

**pazza3564** · 09-23-2019, 09:53 PM

Whats the easiest way to test if the DNS Server supports SPAM lookups.

**sky-knight** · 09-23-2019, 10:45 PM

Script - Check DNSBL Access - Edge Threat Management Wiki - Arista

https://wiki.untangle.com/index.php/Script_-_Check_DNSBL_Access

And honestly, if you're using Spam Blocker you don't want to be using ISP DNS anyway. Most of them get booted too.

Best option is your own DNS service in the cloud somewhere, that only you use. That way you've got your own quota of free lookups everyday. The linked script will test the DNS servers on External, find something that works, then you can start kicking the appropriate domain lookups to that IP while External points at Google or something.

**jcoffin** · 09-23-2019, 10:50 PM

~ # dig +short 2.0.0.127.zen.spamhaus.org
Response should be:
127.0.0.4
127.0.0.2
127.0.0.10

**donhwyo** · 09-24-2019, 06:47 AM

Originally posted by sky-knight View Post

https://wiki.untangle.com/index.php/...k_DNSBL_Access

Maybe the script could use an update?

Code:

~ # curl -k http://download.untangle.com/patches/generic/check_spam_health.sh | bash
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100  2380  100  2380    0     0   7436      0 --:--:-- --:--:-- --:--:--  7460

Testing dnsmasq ...
[127.0.0.1] : SORBS       passed
[127.0.0.1] : SpamCop       passed
[127.0.0.1] : SpamHaus       passed
[127.0.0.1] : SURBL       passed
[127.0.0.1] : URIBL       passed
[127.0.0.1] : URIBL       passed
[127.0.0.1] : DNSWL       passed
[127.0.0.1] : DNSWL       passed
[127.0.0.1] : IADB       passed

Analyzing mail.log ...
grep: /var/log/mail.log: No such file or directory
bash: line 60: [: -lt: unary operator expected
Results:  passed ( results)
grep: /var/log/mail.log: No such file or directory
bash: line 67: [: -eq: unary operator expected
RAZOR:    passed ( results)
grep: /var/log/mail.log: No such file or directory
bash: line 75: [: -eq: unary operator expected
bash: line 77: [[: /2: syntax error: operand expected (error token is "/2")
BAYES:    passed ( results)

**sky-knight** · 09-24-2019, 07:17 AM

Sure looks like it...

**dwasserman** · 09-24-2019, 06:29 PM

The 12 (or 13) root hints support this? Question from the most absolute unknow.

**sky-knight** · 09-24-2019, 10:04 PM

Yes... but... the lists keep tabs on the IP address of the resolver that does the requesting. Once that resolver has used them too much it's black listed until tomorrow.

So any publicly available DNS resolver is going to give you fits... That's why when I was using Spam blocker I had domain DNS rules for Spamhaus, URIBL, and DNSWL to kick them to a dedicated DNS server I ran in the cloud. That way I had my own pool of lookups to use every day.

Announcement

ISP has no DNS Servers

ISP has no DNS Servers

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment