Anonymous | Login | 2024-12-22 05:49 MST |
Main | My View | View Issues | Change Log | Roadmap | Repositories |
View Issue Details [ Jump to Notes ] | [ Issue History ] [ Print ] | ||||||||
ID | Project | Category | View Status | Date Submitted | Last Update | ||||
0008911 | ClearOS | spamassassin | public | 2016-05-27 07:36 | 2019-06-06 06:02 | ||||
Reporter | NickH | ||||||||
Assigned To | |||||||||
Priority | normal | Severity | minor | Reproducibility | always | ||||
Status | closed | Resolution | no change required | ||||||
Platform | OS | OS Version | |||||||
Product Version | 6.7.0 | ||||||||
Target Version | Fixed in Version | ||||||||
Summary | 0008911: Certain spamassassin checks fail because clearos uses dnsmasq for DNS resolution | ||||||||
Description | Certain spamassassin (SA) checks fail because clearos uses dnsmasq for DNS resolution. These are the X-Spam-Status messages URIBL_BLOCKED=0.001. They occur because the SA DNS RBL checks are sent via dnsmasq to your external DNS provider (ISP or public) and look, to the RBL, as if they come from your DNS provider and not from you. The daily free quota of RBL checks from a single source get rapidly used up if you use an external DNS provider and the likelihood is they will fail. To mitigate the problem you need to run your own DNS recursive resolver, at least for spamassassin. This can be done on one of three ways: 1 - install your chosen resolver (unbound, BIND, PowerDNS etc, but preferably simple to configure). Configure it to listen on localhost:1053 and add the following line to /etc/mail/spamassassin/local.cf: dns_server [127.0.0.1]:1053 This is the simplest case and uses your chosen resolver for spamassassin only. 2 - Install the chosen resolver as above, but don't change /etc/mail/spamassassin/local.cf. Then point dnsmasq to your chosen resolver by adding the following to /etc/dnsmasq.conf: no-resolv server=127.0.0.1#1053 This means dnsmasq uses your chosen resolver as its upstream resolver. No further changes are needed to ClearOS. 3 - remove dnsmasq DNS resolution capability by adding cache-size=0 to /etc/dnsmasq.conf and install your chosen DNS resolver without restricting its listening IP and port. This is the trickiest one as the webconfig is a bit tied into dnsmasq with the hosts file. dnsmasq would still be needed to handle DHCP This is not a magic bullet as you can still exceed your free limit of lookups even on a modest volume of e-mails, but now you get the possibility of subscribing to the RBL you want as DNS lookups will appear to come from you. | ||||||||
Tags | No tags attached. | ||||||||
Attached Files | |||||||||
Issue History | |||
Date Modified | Username | Field | Change |
2016-05-27 07:36 | NickH | New Issue | |
2016-06-09 10:02 | user2 | Status | new => confirmed |
2016-06-09 10:02 | user2 | Target Version | => 7.2.0 Updates |
2016-07-07 12:54 | user2 | Target Version | 7.2.0 Updates => 7.3.0 Beta 1 |
2016-11-16 09:12 | user2 | Target Version | 7.3.0 Beta 1 => 7.3.0 Beta 1 |
2016-11-16 09:19 | user2 | Target Version | 7.3.0 Beta 1 => |
2019-06-06 06:02 | NickH | Note Added: 0012101 | |
2019-06-06 06:02 | NickH | Status | confirmed => closed |
2019-06-06 06:02 | NickH | Resolution | open => no change required |