Linux - ServerThis forum is for the discussion of Linux Software used in a server related context.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I was wondering if anybody could advise on Bind, please.
How does Bind know which DNSBLs etc. to use? Where does it take this data from? May I specify this data myself somehow? Doesn’t it perhaps come from Postfix does it?
All the spam lists seem to work OK according to my logs, except for SORBS. Are they any special or different from all the others and do they require any extra configuration in Bind? I always seem to see this line:
I know this is SORBS server that is not answering me, but are there any work arounds this?
Plus, I also noticed that my Bind was pretty outdated. However, my Debian does not say that there are any updates available when I type apt-get update, apt-get upgrade, or apt-get upgrade bind9. Does that mean that Bind runs separately from Linux distributions (Wheezy in particular) and it's impossible to upgrade it from packages and the only way to upgrade it to a later version is to compile it myself manually from sources?
I would appreciate any comments / pointers / help at all.
Yes calls to RBLs come from your MTA. bind is just the server/software that's performing the lookup.
I'm not sure what the problem is with resolving dul.dnsbl.sorbs.net, however. It seems to be working for me from two different servers, but I'm also using DNS resolving servers of my ISPs/datacenter, so I can't check the DNS logs.
Try
Code:
dig dul.dnsbl.sorbs.net
to see if that give you more information about what's happening on your server.
Thank you so much for your input and for replying! I appreciate.
Well, I have of course tried many various options of this dig command before, but I did not see any errors, it has always said "no error". However, it gave me an idea to test dnsbl.sorbs.net which seems to have to work out better. I am also thinking to change dul.dnsbl.sorbs.net to dnsbl.sorbs.net Do you know what is the difference in between these two except for the fact that these are sub.sub.domains? The line without "dul" seems more appropriate to me. I will test it around to check it on Bind.
Also, I still cannot figure it out why Linux distros run without Bind in their packages and there are no ways to apt-get upgrade / apt-get upgrade bind9 internally so to speak and I have to do it manually from sources. Does anybody know if there are any extra lines required in my sources.list file to make "apt-get upgrade bind9" command work?
I do not see any special rules / requirements on how to use their rbl on their website (sorbs.net).
The weird thing is that when I dig it like this it works OK and says, "no errors":
Code:
dig dul.dnsbl.sorbs.net
However, when I test it from the network where my server runs from it says "connection timed out":
Code:
dig @my.server's.ip.address. dul.dnsbl.sorbs.net
I checked my iptables and firewalls and there were no IP addresses of dnsbl.sorbs.net listed, that is at least the ones that I could get at the time of "digging" if you're saying they are dynamic.. I am a bit lost... I also checked my server's IP address (static) against sorbs spam lists and it says I am not listed there either. Any more suggestions, please? Am I caught in their firewalls / iptables somehow?
The weird thing is that when I dig it like this it works OK and says, "no errors":
Code:
dig dul.dnsbl.sorbs.net
However, when I test it from the network where my server runs from it says "connection timed out":
Code:
dig @my.server's.ip.address. dul.dnsbl.sorbs.net
I'd think a connection timeout would be about the name server at my.server's.ip.address, not SORBS.
Please review ALL of the information at sorbs.net. They are probably not going to respond to your questions about how to use their zones, given that they provide the information online.
I'm not sure that what you're trying to "test" is even remotely valid. The MTA queries sorbs DNS zones directly, I think.
Remind us what you're concerned about, please. When your MTA is configured properly, it will use SORBS as it's designed to be used.
Thank you so much for your follow ups with me on this, Sean. I appreciate.
Well, my initial and main concern was why I always seem to get "servfail" on SORBS when all the other RBLs work fine.
I've read of course their http://http://www.sorbs.net/general/using.shtml for many times but I meant to say that I couldn't find anything special to configure in my MTA in order for their RBLs to work. There are only general (as the link imples) usage pointers and instructions. My MTA is Postfix and it's very easy to set SORBS on it like this, as per guidance from sorbs.net:
However, as you can see SORBS instruct to use their dnsbl.sorbs.net, not the dul.dnsbl.sorbs.net
Now, I've simply added my.server's.ip.address to this ACL option of BIND to allow-query and allow-recursion and it happily started to resolve when I run it manually through this:
Code:
dig @my.server's.ip.address. dul.dnsbl.sorbs.net
I have also restarted my BIND now and will let it run for sometime closely monitoring it live just to see if my work around helped.
It looks like that SORBS is the only one that "required" me to set my.server's.ip.address in my ACL to allow-query and allow-recursion, all the other RBLs are doing perfectly fine without it. This is also what I meant by "special" instructions possibly to be advised by SORBS as I could not find this info on their web-site anywhere... Although I am not really sure now if I go right about it all generally at all because I re-configured it my side... as there was one guy from the BIND mailing list who was frothing at the mouth to prove me that it was SORBS who denied connections and I couldn't possibly do anything about it my side to solve it...
from SORBS. I don't recall why only those. I note, however, that in the last 61 hours, I've had -0- hits...
Quote:
Originally Posted by Klaipedaville
Now, I've simply added my.server's.ip.address to this ACL option of BIND to allow-query and allow-recursion and it happily started to resolve when I run it manually through this:
Code:
dig @my.server's.ip.address. dul.dnsbl.sorbs.net
I have also restarted my BIND now and will let it run for sometime closely monitoring it live just to see if my work around helped.
It looks like that SORBS is the only one that "required" me to set my.server's.ip.address in my ACL to allow-query and allow-recursion, all the other RBLs are doing perfectly fine without it. This is also what I meant by "special" instructions possibly to be advised by SORBS as I could not find this info on their web-site anywhere... Although I am not really sure now if I go right about it all generally at all because I re-configured it my side... as there was one guy from the BIND mailing list who was frothing at the mouth to prove me that it was SORBS who denied connections and I couldn't possibly do anything about it my side to solve it...
That is certainly a possibility, but I think they would have posted to their email lists were that the case, and I've seen nothing from them...'tho there is the -0- hits issue.
As I've said earlier, I've given up trying to run my own DNS servers since 1) I began to use my registrar's name servers for domains I host and 2) began to use my ISP's or datacenter's name servers for resolution, so I'm out of practice re: named and bind...and I can't check the logs to see if there are resolution issues.
I appreciate your comments and replies as when you discuss it, it helps you out to see the correct way to go about your issue!
I will definitely post my "discoveries" if you are interested!
I like to be in control myself even if it takes a lot of time to master "the subject" :-)
Meanwhile, It's been running OK for the past 7 hours or so. I am still on it though.
I might as well change it over to just their super-set as it looks like a good idea. I fine-tuned all these RBLs quite some time ago and I guess I may have to revise it now:-)
it dumps all sorts of kooky hiccup errors right into my syslog file directly. Now, as long as it is being logged the Bind's way I do not seem to have any issues with it at all. However, if I switch back to syslog for testing purposes I get these weird errors back again. That's how it stands at the moment.
Last edited by Klaipedaville; 04-16-2018 at 01:17 PM.
I'm still getting -0- blocks from SORBS, although that could be because SORBS is the last method I use to block spam.
First, using tcpserver and a comprehensive block list we've developed over the years, we simply reject email from large numbers of servers. (44.15% of attempted connections)
Then, we check SPAMCop, followed by Spamhaus (SBL-XBL) before we check the short list of SORBS lists posted earlier.
Code:
SPAM Blocking Statistics:
Between 04/14/2018 at 12:00:08 and 04/16/2018 at 18:00:28 MST
Elapsed time: 54.00 hours Avg/hour Per day
Total Messages: 4482 83 1992
Messages accepted: 978 18 21.82% 434
Messages denied: 3504 64 78.18% 1557
Denied by us: 1979 36 44.15% 879
Denied using SORBS: 0 0 0.00 0
Denied using SBL-XBL: 745 13 16.62% 331
Denied using SPAMCop: 780 14 17.40% 346
Right. My SORBS blocks only 1 to 2 per day as well so I guess they are not a major player here. I think they take an "honorable" last place's trophy. Currently, the lion's share is being blocked by spamhaus.org in my case. In fact, Spamhaus has been the best for me for ages according to my simple daily statistics.
Speaking of statistics I was wondering how did you generate your statistics' table as per your last message? Was it done by a separate script?
I let my Postfix's postscreen do all the spam blocking which dramatically decreases my server's load and saves on resources pretty much, that's why I would need something like a python script to collect this kind of statistical data from my logs. I can only see it quite simplified per DNSBLs.
I also have a miracle happened! SORBS replied me two weeks after I had asked them a question! Wow! The president of the United States responds much faster than SORBS does. They must be really busy holding on to their "last place" amongst all the other RBLs. ))) But on the other hand it's better late than never as they say. ))) Although they did not say much. They recommend not to resolve dul.dnsbl.sorbs.net as an A record... not sure if I am in control of doing it. It may have something to do with my ACL perhaps.. I shall check.
Speaking of statistics I was wondering how did you generate your statistics' table as per your last message? Was it done by a separate script?
That is part of the output of a perl script I wrote to analyze, report and graph the qmail mail log files and output as a web page.
It runs every hour. I point customers to it when they complain of too much spam to show what we're doing to mitigate what they see. I also use it to confirm that things are working well over time (the graphs all flat-line when the mail server is down, for example)
Quote:
Originally Posted by Klaipedaville
I also have a miracle happened! SORBS replied me two weeks after I had asked them a question! Wow! The president of the United States responds much faster than SORBS does. They must be really busy holding on to their "last place" amongst all the other RBLs. ))) But on the other hand it's better late than never as they say. ))) Although they did not say much. They recommend not to resolve dul.dnsbl.sorbs.net as an A record... not sure if I am in control of doing it. It may have something to do with my ACL perhaps.. I shall check.
I think SORBS is pretty much a one-person shop, although I don't know that for sure. I've never seen any communication from anyone other than Michelle. I have always found them to be responsive, eventually.
Do you use any scripts or services to email you your logs? Could you share, please?
I have been using Logwatch for quite some time but they do not seem to have anything for Bind configured / created even in their last version. Their named part won't read and parse Bind9's logs.
There is this Logcheck that I also found but all they do is simply email you everything in bulk without ever processing and parsing it for statistics and summary.
Do you use any scripts or services to email you your logs? Could you share, please?
I have been using Logwatch for quite some time but they do not seem to have anything for Bind configured / created even in their last version. Their named part won't read and parse Bind9's logs.
There is this Logcheck that I also found but all they do is simply email you everything in bulk without ever processing and parsing it for statistics and summary.
I use logwatch. Don't need named/bind log reporting, tho. Logwatch is very customizable...from man logwatch:
Code:
The directory /usr/share/doc/logwatch-* contains several files with additional documentation:
HOWTO-Customize-LogWatch
Documents the directory structure of Logwatch configuration and executable files, and describes how to customize Logwatch by overriding these default files.
...
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.