Question regarding DNSBL behaviour


I have a question regarding DNSBL usage with the smtpd_client_restrictions parameter.

I have a server configured to check SpamHaus:
. . .
smtpd_client_restrictions = reject_rbl_client[2..11],
. . .

This has been working very well, although I noticed the following error in my syslog:

Sep 7 16:13:08 server postfix/smtpd[28363]: warning: RBL lookup error: Host or domain name not found. Name service error for type=A: Host not found, try again

I am wondering - in normal checks against SpamHaus, if a host is not listed and the result is NXDOMAIN, I am assuming that Postfix interprets that the host is “ok” and does not log any information. In this case, though, it has logged the information and I am wondering if this is because Postfix was unable to contact SpamHaus at all, not just regarding the record: ?


- J


Re: Question regarding DNSBL behaviour

By Bill Cole at 09/10/2019 - 16:41

A common cause of this is is if your DNS resolver thinks that you have
IPv6 connectivity (e.g. because you have an autoconfigured interface or
a VPN with an IPv6 address) but you really do not. The extensive
collection of DNS servers handling the zone includes
many names that have as many AAAA records as they do A records and if
your resolvers tries one of those, you get a message as above.

Re: Question regarding DNSBL behaviour

By Wietse Venema at 09/10/2019 - 15:15

J Doe:
This service is free for low-volume clients only. If you send your
Spamhaus queries through a shared DNS resolver (like an ISP), then
you may exceed their 'free service' limits. You may be better off
using your own DNS resolver.


Re: Question regarding DNSBL behaviour

By J Doe at 09/10/2019 - 15:30

Hi Wietse,

Yes, that is a good point. I believe I’m ok regarding query limits - I do run my own resolver for this server and the amount of e-mail that transits this particular server is very low.

- J

Re: Question regarding DNSBL behaviour

By Noel Jones at 09/10/2019 - 14:53

On 9/10/2019 1:44 PM, J Doe wrote:

Lookup error: means something didn't work; your DNS told postfix it
couldn't find spamhaus at all, but it was a temporary error so try
again. Postfix will ignore the result.

If you get this rarely, it's nothing to worry about. If it happens
often, there may be a problem with your DNS server or network

-- Noel Jones

Re: Question regarding DNSBL behaviour

By J Doe at 09/10/2019 - 15:09

Hi Noel,

Thanks for your reply. Ok, that’s what I was thinking - that it was a temporary DNS error for contacting SpamHaus, not SpamHaus saying that address was not listed. Just wanted to double-check.

- J

Re: Question regarding DNSBL behaviour

By Benny Pedersen at 09/10/2019 - 15:20

J Doe skrev den 2019-09-10 21:09:

<a href="" title=""></a>

no PTR, no problem