Liste de diffusion Message #15592
De: Stefan Jeglinski <>
Sujet: Re: postfix and zen vs sbl-xbl
Date: Tue, 29 Apr 2008 17:41:03 -0400
A: SIMS Discussions <>
What do you get if you do a DNS lookup, i.e. 'dig'  in a terminal session?

;        IN      A

;; ANSWER SECTION: 300 IN  A 300 IN  A 300 IN  A 300 IN  A 300 IN  A 300 IN  A

So.... an A record is being returned, but none are the expected answer (either or nothing). According to the postfix docs, if I do not specify, for example, reject_rbl_client, I will get a reject if any A record is returned.

But what are those A records? Ah-ha - barefruit, the bastards. Because I'm using an earthlink upstream resolver.

The other possibility is that you may be forwarding your DNS queries to a server that plays games with them.


I would say this may be what is happening. I used to run djbdns on my Linux box but that's fallen by the wayside at the moment with OSX. Looks like I might need to return.

You may get around ISP DNS injection by specifying the Spamhaus return codes in your postfix config:

smtpd_client_restrictions = reject_rbl_client,

Otherwise, reject_rbl_client will catch on any answer from the DNS query, and since DNS injection is done to inject bogus A records pointing at real IP's, it will make reject_rbl_client catch if you don't specify the lookup result.

Yep, there you go. Haven't tried it yet, but I will bet that's what's going on.

Bill, you are still a lifesaver. My roughly 5-yr-old (?) offer of dinner and a beer in the RTP NC area if you ever make it here is still good!

Stefan Jeglinski

S'abonner aux messages S'abonner aux sommaires S'abonner aux indexes Se désabonner Ecrire un email au responsable de la liste