Zimbra offers Open Source email server software and shared calendar for Linux and the Mac
Go Back   Zimbra :: Forums > Zimbra Collaboration Suite > Administrators

Welcome to the Zimbra :: Forums!
Welcome, if you would like to post a comment please register. We also encourage you to explore all things Zimbra with our team and members of the community.

Reply
 
LinkBack Thread Tools Search this Thread Display Modes
  #21 (permalink)  
Old 10-27-2009, 02:08 PM
Moderator
 
Posts: 7,928
Default

Just remember with any free RBL a constraint of the service is how many lookups you are performing ... too many and you will be classed as a commercial service which will incur a charge.
__________________
Reply With Quote
  #22 (permalink)  
Old 10-27-2009, 03:14 PM
Active Member
 
Posts: 30
Default

Understood and thanks for the reminder. My volumes are quite low (less the unsolicited spam that I get because I registered my domain name over 15 years ago) so I think there won't be any issues with the various providers that I use.. Projects like Spamhaus do monitor usage and will tell you if you need to upgrade.
__________________
The Hon. Rev. Dr. Frank W. Saxton
Knight in shining armor (2nd class)

http://security.NOCdesigns.com
Reply With Quote
  #23 (permalink)  
Old 10-27-2009, 03:17 PM
Moderator
 
Posts: 7,928
Default

I am low volume; run a caching DNS server; plus upstream. Perhaps your upstream is making to many queries ?
__________________
Reply With Quote
  #24 (permalink)  
Old 10-27-2009, 09:07 PM
Active Member
 
Posts: 30
Default

Looks like using OpenDNS resolved this. Spamhaus test says:

{snip}
554 5.7.1 Service unavailable; Client host [192.203.178.107] blocked using zen.spamhaus.org; http://www.spamhaus.org/SBL/sbl.lasso?query=SBL230
Terminating conversation

I raised the issue with my ISP but thaty haven't gotten back to me. My caching DNS server uses my ISP name servers to forward to so I'll need to see what's involved in going to OpenDNS assuming that they are going to be mega-reliable moving forward.
__________________
The Hon. Rev. Dr. Frank W. Saxton
Knight in shining armor (2nd class)

http://security.NOCdesigns.com
Reply With Quote
  #25 (permalink)  
Old 10-28-2009, 11:04 AM
Moderator
 
Posts: 1,147
Default

I have never once had a problem with OpenDNS in the year or so I have been using them. Their system status can be found here OpenDNS > System (also available at http://208.69.38.170/). Any problems with a data center cause traffic to be re-routed to the nearest center. I would say that any system that handles 19+ billion queries a day would have to be pretty reliable

For BIND you just need to change the forwarders directive.
Reply With Quote
  #26 (permalink)  
Old 02-01-2010, 05:33 PM
Loyal Member
 
Posts: 83
Default

Quick question.

What file is the command zmprov mcf zimbraMtaRestriction altering?

I just want to make a copy of it before I start. Thanks.
Reply With Quote
  #27 (permalink)  
Old 02-01-2010, 11:16 PM
Zimbra Consultant & Moderator
 
Posts: 20,315
Default

Quote:
Originally Posted by rusty View Post
Quick question.

What file is the command zmprov mcf zimbraMtaRestriction altering?

I just want to make a copy of it before I start. Thanks.
You can find out with:

Code:
zmprov gcf zimbraMtaRestriction

zmprov help commands
__________________
Regards


Bill
Reply With Quote
  #28 (permalink)  
Old 07-28-2010, 01:35 PM
Beginner Member
 
Posts: 1
Default SPAMHAUS DNSBL lookups (what DNS server to use)

It can be both confusing and/or inconvenient use an upstream DNS server to for DNSBL service like SPAMAUS:

  • an upstream DNS server might be "firewalled out" to limit over use of "zen.spamhaus.org" (see The Spamhaus Project "zen -> DNSBL usage terms"). For example the commonly used DNS server "4.2.2.1" can't resolve "d.c.b.a.zen.spamhaus.org", even for blacklisted IPs, presumably for this reason. And, if you find one that works today then it might not tomorrow, for this reason, and it is beyond your control and would be confusing.
  • you may be using such a DNS server quietly if you are not thinking about this issue actively. If not directly then perhaps as a "forwarder" for unknown DNS resolution. So you should figure out what you are using, perhaps starting with nslookup.

But folks should also consider that it is neither responsible nor right to do so:

  • especially when using such a nice (often free) service like SPAMHAUS you should think about "right". I mean, you are better than SPAMMERS, aren't you?
  • using an upstream DNS server penalizes them for your usage. Specifically in the case of SPAMHAUS, your lookups will appear to come from the upstream provider, and not be attributed to you. You should approach SPAMHAUS directly so your usage can be properly attributed to you, not someone else.
  • using an upstream DNS sever for high frequency DNS resolution is an unreasonable offloading of recursive DNS resolution to servers that are not really meant for that. ISP servers should be for resolving end user names, like websites and stuff, and high volume automated recursive DNS resolution should be handled directly by the beneficiary.
  • you are blowing caches, overloading the internet. Such use loads the upstream DNS server's cache with DNS names that are not likely to be of use to other users, perhaps flushing others of value causing more traffic.

I suggest anyone who is running automated tools like a mail service should be utilizing their own DNS server that does all the DNS recursive resolution itself, based only on root servers. This means making sure you have your own DNS server that is not set up to "Forward" requests for unknown names to another upstream server and instead uses only the root servers with its recursive lookup enabled, that you keep your root server list up-to-date (you could set a watch on the page http://www.internic.net/zones/named.root), and that your service uses that DNS server.

Doing this will both stabilize your system setup, and be more responsible.
Reply With Quote
Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes


Similar Threads

Why Join?

Registering let's you ask questions, makes it easier to search, displays any files attached to posts, and notifies you about replies.

blog.zimbra.com




 

SEO by vBSEO ©2011, Crawlability, Inc.