SOLVED Query to URIBL was blocked - How do I set up a caching nameserver?

DigitalEssence

Well-Known Member
May 21, 2014
49
5
8
cPanel Access Level
Root Administrator
Hi,

Please speak slowly as I am a simple bear and easily confused.

Queries to RBL's are sometimes being blocked as my IP is being lumped in with others and we go over the daily limit and no further emails are blocked/filtered on RBL rules. This is causing a spike in incoming spam emails.

I've followed the link in the email headers and it says:

ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklistsX2Xdnsbl-block for more information.
My options are:
* Setting up my own non-forwarding caching nameserver to avoid being lumped together with other users queries;
* Setting up your own mirror of the DNS-blocklist
* Paying to use the blocklist. The choice is up to the DNS-Blocklist administrator.


When I test this on the CLI I get:

Code:
> host -tTXT 2.0.0.127.multi.uribl.com
> 2.0.0.127.multi.uribl.com descriptive text "127.0.0.1 -> Query Refused. See [URL='http://uribl.com/refused.shtml']URIBL.COM - Realtime URI Blacklist[/URL] for more information [Your DNS IP: 74.125.xx.xx]"
Which I think is a Google dns server.

looking in /etc/resolv.conf

Code:
# cat resolv.conf
# Generated by SolusVM
nameserver 8.8.8.8
nameserver 8.8.4.4
nameserver My.IP.ADDRESS
Can anyone advise how I setup my server to be a non-forwarding caching nameserver?

My hosting company had a go and I think they just commented out the Google servers leaving mine. This worked fine apart from one domain that I have a zone record for and host the website but the email is set to remote exchanger. I couldn't send email as it kept on bouncing as the server tried to deliver emails to itself. In this individual case, I don't actually hold the zone record as it and the nameservers are with another host. It just points web to me. Either way, I couldn't send emails which was no use.

Like I say, I am a simple bear so please speak slowly.

And all help appreciated.

Thanks.
 
Last edited by a moderator:

DigitalEssence

Well-Known Member
May 21, 2014
49
5
8
cPanel Access Level
Root Administrator
Thanks for the link to your post.

It looks as though I need to add a dns_server directive to my /etc/mail/spamassassin/local.cf file rather than mucking around with resolv.conf.

I see that URIBL.COM - Realtime URI Blacklist provide public DNS feeds for low volume users and have a nice map but don't know whetehr I just need to ping say ff.uribl.com to find it's IP address to enter into the dns_server config.

UPDATE:

I use MailScanner for my spam scanning and while this does use SpamAssassin, it seems that this fix won't work.

I will continue digging.
 
Last edited:

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,908
2,216
463
Hello,

Have you considered using different resolvers in your /etc/resolv.conf file? For instance, does your data center offer their own resolvers for you to use instead of the Google public resolvers?

Thank you.
 

DigitalEssence

Well-Known Member
May 21, 2014
49
5
8
cPanel Access Level
Root Administrator
Thanks for everyone's help, I'm all sorted!

The issue was that the host added my server IP address in resolv.conf where it should have been the Loopback address. Once I'd added this to the top of the list, Exim started to block emails based on RBL checks and then a quick restart of MailScanner and I'm seeing RBL checks in the logs and no blocked messages.

I've kept in the original Google servers as a fallback (I assume that's how it works) and for anyone else with this issue, here is a copy of my resolv.conf

> cat resolv.conf
# Generated by SolusVM
nameserver 127.0.0.1
nameserver 8.8.8.8
nameserver 8.8.4.4


Thanks,

Heds
 
  • Like
Reactions: bloatedstoat

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,908
2,216
463
I'm happy to see the issue is now resolved. Thank you for updating us with the outcome.
 

Dhrupodi

Member
Sep 8, 2019
22
1
3
root
cPanel Access Level
Root Administrator
Yes, it just helped me. My SpamAssassin queries to URIBL and DNSWL have been blocked for well over a year, and it was finally resolved by adding dns_server 127.0.0.0 to /etc/mail/spamassassin/local.cf (see the "DNS implications..." link for more details).

Hi!

could you share your /etc/mail/spamassassin/local.cf and /etc/resolv.conf files?
 

aztopdavid

Well-Known Member
Jan 1, 2016
53
9
58
Arizona
cPanel Access Level
Root Administrator
I'll give you just the relevant bits:

In my /etc/mail/spamassassin/l local.cf file, I added this at the end:

dns_server 127.0.0.1 # added to fix blocking of URIBL and DNSWL queries

My resolv.conf file has two "nameserver" entries with the ip addresses of two of my host's resolvers
 
  • Like
Reactions: Dhrupodi

Dhrupodi

Member
Sep 8, 2019
22
1
3
root
cPanel Access Level
Root Administrator
I'll give you just the relevant bits:

In my /etc/mail/spamassassin/l local.cf file, I added this at the end:

dns_server 127.0.0.1 # added to fix blocking of URIBL and DNSWL queries

My resolv.conf file has two "nameserver" entries with the ip addresses of two of my host's resolvers

Thanks a lot for clarifying this.

Apart from a cPanel server, I have a DA server where I put the following:

cat /etc/resolv.conf

nameserver 127.0.0.1
nameserver 74.x.x.x
nameserver 74.x.x.x

After adding the loopback address, the issue appears to have been solved, but effectively made the server a recursive DNS resolver.


I will try the local.cnf method on the cPanel server now.
 

renecd

Member
Mar 26, 2020
9
1
1
badland-vibes-tackiness-handoff
cPanel Access Level
DataCenter Provider
Suggestions here assume using Bind. Powerdns, which appears to be the recommended solution, does not provide a caching nameserver. How to fix?

Ordinarily I'd just install a Powerdns Recursor, but I'm always a bit worried about how that will affect WHM's own Powerdns Auth server.
 
Last edited: