10 Replies Latest reply: Jul 20, 2006 4:52 PM by rukiddin2
rukiddin2 Level 1 Level 1 (5 points)
I never had this problem before, but recently I moved my server to a new location, and as I was testing all my DNS and other settings using www.DNSREPORT.com, the MAIL portion of the test is giving a FAIL due to the fact that the server times out before a response can be given. When I disable the Blacklist filters, the test passes fine.

When I test the blacklist with the SPAMHAUS method, it seems to work.

Does this test fail for everyone? or is this problem just mine? I still seem to get mail (seems slow though) when I have the blacklists enabled. I need to determine if I should keep the blacklists enabled, disable them, or is this something that could be running better and just needs reconfigured?

Any help would be appreciated (especially if someone else can tell me that their blacklists are enabled and they pass the DNSREPORT test)

Mike

PowerMac G4 500Mhz, Mac OS X (10.4.7)
  • 1. Re: SPAMHAUS and other blacklist filters timing out with www.DNSREPORT.com
    davidh Level 4 Level 4 (1,890 points)
    I use spamhouse sbl & xbl, and mail works fine.

    the dnsreport passes as well.

    Have you checked spamhaus to see if your server has been listed (by them) perhaps ?

    Since you moved your server... is it behind a Router/NAT/PAT ?
    Do your public DNS records reflect your new public static IP ?
  • 2. Re: SPAMHAUS and other blacklist filters timing out with www.DNSREPORT.com
    rukiddin2 Level 1 Level 1 (5 points)
    It's still failing.. (or at least timing out). The IP address is not listed as being bad at SPAMHAUS.

    All the other listings on DNSREPORT are reporting back as perfectly fine. Not even a single warning. So my IP address, DNS Settings, etc. should all be correct.

    The second I disable the black list filtering, the Mail portion of the DNS report passes (and does so extremely fast)

    Could this be a performance issue? I'm running the server on a Power Mac G4 500Mhz, with 1GB of ram. Everything else seems fine, it's just the black list that isn't working.

    Please, help me fix this. My junkmail has more than quadrupled since I disabled it.

    Thanks

    Mike
  • 3. Re: SPAMHAUS and other blacklist filters timing out with www.DNSREPORT.com
    davidh Level 4 Level 4 (1,890 points)
    with spamhaus enabled, post the unedited content of (type into the Terminal, followed by the "Return" key):

    postconf -n
  • 4. Re: SPAMHAUS and other blacklist filters timing out with www.DNSREPORT.com
    davidh Level 4 Level 4 (1,890 points)
    with spamhaus enabled, post the unedited content of (type into the Terminal, followed by the "Return" key):

    postconf -n
  • 5. Re: SPAMHAUS and other blacklist filters timing out with www.DNSREPORT.com
    rukiddin2 Level 1 Level 1 (5 points)
    Here it is.. feel free to tell me anything else you see that is wrong too.

    command_directory = /usr/sbin
    config_directory = /etc/postfix
    content_filter = smtp-amavis:[127.0.0.1]:10024
    daemon_directory = /usr/libexec/postfix
    debugpeerlevel = 2
    enableserveroptions = yes
    html_directory = no
    inet_interfaces = all
    mail_owner = postfix
    mailboxsizelimit = 0
    mailbox_transport = cyrus
    mailq_path = /usr/bin/mailq
    manpage_directory = /usr/share/man
    mapsrbldomains =
    messagesizelimit = 0
    mydestination = $myhostname,localhost.$mydomain,localhost,mail.jumico.com,10.1.1.125,64.58.179. 233,castlewoodholdings.com,jumico.com
    mydomain = jumico.com
    mydomain_fallback = localhost
    myhostname = mail.jumico.com
    mynetworks = 127.0.0.1/32,192.168.0.0/24,68.122.22.50/32,68.122.22.51/32,64.58.179.233/32,10 .1.0.0/24
    mynetworks_style = host
    newaliases_path = /usr/bin/newaliases
    queue_directory = /private/var/spool/postfix
    readme_directory = /usr/share/doc/postfix
    sample_directory = /usr/share/doc/postfix/examples
    sendmail_path = /usr/sbin/sendmail
    setgid_group = postdrop
    smtpdclientrestrictions = permit_mynetworks rejectrblclient sbl-xbl.spamhaus.org permit
    smtpdpw_server_securityoptions = plain,login
    smtpdrecipientrestrictions = permitsasl_authenticated,permit_mynetworks,reject_unauthdestination,permit
    smtpdsasl_authenable = yes
    smtpdtls_keyfile =
    smtpduse_pwserver = yes
    unknownlocal_recipient_rejectcode = 550
    virtualmailboxdomains = hash:/etc/postfix/virtual_domains
    virtual_transport = lmtp:unix:/var/imap/socket/lmtp
  • 6. Re: SPAMHAUS and other blacklist filters timing out with www.DNSREPORT.com
    davidh Level 4 Level 4 (1,890 points)
    well,

    If your server is behind a Router/NAT, then why are you listing both the private (RFC 1918) address and the public one ? That won't work like you think.
    http://www.faqs.org/rfcs/rfc1918.html

    And why are we seeing 192.168.0.0/24 in mynetworks, after you've placed
    10.1.1.125 in mydestination ?

    mydestination should not have IP addresses in it.
    mydestination = $myhostname, $mydomain, localhost.$mydomain, jumico.com, castlewoodholdings.com

    see http://www.postfix.org/BASICCONFIGURATIONREADME.html#mydestination

    Also, why are we seeing 68.122.22.50/32,68.122.22.51/32 in "mynetworks" when your server is at 64.58.179.233 ?

    Besides, 68.122.22.50/32,68.122.22.51/32 is probably not what you intend.

    How are you handling internal (private/LAN/RFC 1918) addressing re: DNS, vs. your public-facing IP ?
  • 7. Re: SPAMHAUS and other blacklist filters timing out with www.DNSREPORT.com
    rukiddin2 Level 1 Level 1 (5 points)
    Here is the new and improved output from the postconf -n command. I think I've cleared up every issue you raised. I even added the proxy_interfaces = 64.58.179.233 command which I believe answers your last question.

    The 68.122.22.51 address is a location of users that need to be able to send and recieve mail through the server. The 10.1.1.0/24 is the subnet behind a NAT/Router.

    Everything appears to be working great EXCEPT the filters. the WWW.DNSREPORT.COM website still failes to connect to my mail server when I have any blacklist filter enabled.

    command_directory = /usr/sbin
    config_directory = /etc/postfix
    content_filter = smtp-amavis:[127.0.0.1]:10024
    daemon_directory = /usr/libexec/postfix
    debugpeerlevel = 2
    enableserveroptions = yes
    html_directory = no
    inet_interfaces = all
    mail_owner = postfix
    mailboxsizelimit = 0
    mailbox_transport = cyrus
    mailq_path = /usr/bin/mailq
    manpage_directory = /usr/share/man
    mapsrbldomains =
    messagesizelimit = 0
    mydestination = $myhostname,localhost.$mydomain,castlewoodholdings.com,jumico.com,mail.jumico.c om
    mydomain = jumico.com
    mydomain_fallback = localhost
    myhostname = mail.jumico.com
    mynetworks = 127.0.0.1/32,68.122.22.51/32,64.58.179.233/32,10.1.1.0/24
    mynetworks_style = host
    newaliases_path = /usr/bin/newaliases
    proxy_interfaces = 64.58.179.233
    queue_directory = /private/var/spool/postfix
    readme_directory = /usr/share/doc/postfix
    sample_directory = /usr/share/doc/postfix/examples
    sendmail_path = /usr/sbin/sendmail
    setgid_group = postdrop
    smtpdclientrestrictions = permit_mynetworks rejectrblclient sbl-xbl.spamhaus.org permit
    smtpdpw_server_securityoptions = none
    smtpdrecipientrestrictions = permitmynetworks,reject_unauthdestination,permit
    smtpdsasl_authenable = no
    smtpdtls_keyfile =
    smtpduse_pwserver = no
    unknownlocal_recipient_rejectcode = 550
    virtualmailboxdomains = hash:/etc/postfix/virtual_domains
    virtual_transport = lmtp:unix:/var/imap/socket/lmtp
  • 8. Re: SPAMHAUS and other blacklist filters timing out with www.DNSREPORT.com
    rukiddin2 Level 1 Level 1 (5 points)
    The more and more I look at this the more I am convinced this must be a port issue on the router. Are there any ports out of the ordinary that need to be opened in order for the blacklist filters to work properly?
  • 9. Re: SPAMHAUS and other blacklist filters timing out with www.DNSREPORT.com
    davidh Level 4 Level 4 (1,890 points)
    Some info is here, although perhaps not relevant (can't know):
    http://www.spamhaus.org/faq/answers.lasso?section=DNSBL%20Technical#83

    Some quick googling points to UDP port 53 (effectively a DNS query), and (possibly... ) port 1039 TCP & UDP which you'd want to allow only for established connections
  • 10. Re: SPAMHAUS and other blacklist filters timing out with www.DNSREPORT.com
    rukiddin2 Level 1 Level 1 (5 points)
    While not giving the answer, enough clues were provided to where I finally solved my problem.

    The link you provided mentioned that AT&T's DNS servers didn't allow blacklist lookups, so I decided to enable the DNS on the server itself, enable recursive lookups, and had it use itself as a DNS server, and BANG, everything worked! So it was my DNS provider that was causing all my issues. Go figure.

    Just an FYI, the DNS provider was COX business services, so if anyone else has a similar problem and you use cox, now you know how to fix it.

    Thanks for the help! Now to nail down my SMTP authentication issues...

    Mike