ConfigServer Community Forum

URIBL_BLOCKED is not working in my server due to:
ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/Dns ... nsbl-block for more information.

As far as I could test, spamassassin is using the resolvers configured for my server to navigate the web. These are my datacenter provided DNS servers. Probably they generate so many request from all the thousands servers in the datacenter that we are always blocked.

However, my own server DNS system is not blocked.

Question: How to configure spamassassin to use an specific DNS server (my own cPanel server) to send URIBL requests?

Regards,
Hilário Fochi Silveira

I'm not aware of a way to configure spamassassin to use a different DNS server to the one your server is configured to use, although you could search the spamassassin user newsgroup to see if this is possible:

http://www.gossamer-threads.com/lists/s ... sin/users/

Otherwise you might want to take a look at this knowledgebase article:

https://support.configserver.com/knowle ... ailcontrol

The way I get round that is to set resolver.conf to 127.0.0.1 as primary DNS then the data centre DNS IP numbers as number 2 & 3

That way you do not get blocked

however that only works if you use Bind as name server because that effectively creates a caching name server on your server
You cannot use this if you use mydns or nsd as name servers

Yes dvk01, You are correct. That is precisely what I have done based on the links to the FAQ that Sarah posted. Also, as instructed in the FAQs,

Following the FAQs, I checked/implemented the other settings in my BIND to assure that it is correctly configured as a caching name server.

I also tested to check what happens when BIND is down, and the server just uses the next lines with the datacenter provided DNS resolvers. So we are completely safe, even if BIND fails.

Thanks Sarah, Thanks dvk01.

dvk01 wrote: ↑22 Oct 2016, 08:22 The way I get round that is to set resolver.conf to 127.0.0.1 as primary DNS then the data centre DNS IP numbers as number 2 & 3

That way you do not get blocked

however that only works if you use Bind as name server because that effectively creates a caching name server on your server
You cannot use this if you use mydns or nsd as name servers

That method will not working.

Hi,

I've followed this thread as I am having the same issue with being blocked with URIBL_BLOCKED and have also edited /etc/resolv.conf so that nameserver 127.0.0.1 is on the first line.

I now pass the test

host -tTXT 2.0.0.127.multi.uribl.com
2.0.0.127.multi.uribl.com descriptive text "permanent testpoint"

But am still seeing 0.00 URIBL_BLOCKED in MailScanner FE.

Can anyone advise what I have missed?

Thanks

EDIT:

I reloaded MailScanner then stopped and restarted it and it looks like this issue is resolved. Will test and report back later.