URIBL_BLOCKED

General eFa discussion
Post Reply
Michaelv
Posts: 16
Joined: 29 Apr 2014 14:01

URIBL_BLOCKED

Post by Michaelv » 15 Jan 2015 04:25

Hi All,

Just to make some users aware.
if you check your Reports -> Spamassassin Rule Hits.

If you see that is affecting a lot of your emails (based on the count vs the total emails). For me during testing, it was 99% of emails hit this rule.

This means that you are using your ISP or some public DNS servers like Google(8.8.8.8)

The reason is that these DNS is doing too much lookups to those RBL DNS. These RBL DNS blocks request above a certain number of queries per IP unless you are a paid subscriber.

To avoid that, ideally you should have your DNS recursor that does direct queries to these RBL DNS. This allows these RBL DNS to only see your recursor IP and not mix with hundreds of other anti-spam servers requests.

For me, I disabled the dnsmasq and installed unbound recursor within the same vm.
Unbound is nice because you can specify the amount of memory to use for dns cache and its own memory footprint is small which is important if you have a memory limit.
named has a fixed memory limit but its own code is bloated and uses memory. Powerdns recursor cache size is based on number of entries which is a bit tricky to manage memory utilisation.

Regards,

Michael

User avatar
darky83
Site Admin
Posts: 533
Joined: 30 Sep 2012 11:03
Location: eFa
Contact:

Re: URIBL_BLOCKED

Post by darky83 » 16 Apr 2015 06:59

Made the post sticky as it seems more and more users are running in to this issue.
Version eFa 4.0.0 now available!

User avatar
pdwalker
Posts: 1186
Joined: 18 Mar 2015 09:16

Re: URIBL_BLOCKED

Post by pdwalker » 16 Apr 2015 09:04

linked to the wiki

Mcoulianos
Posts: 4
Joined: 22 Apr 2015 21:17

Re: URIBL_BLOCKED

Post by Mcoulianos » 22 Apr 2015 21:19

Can we get more of an explanation on this? I'm getting a ton of delayed emails coming from google mail servers ever since the 3.0.0.7 update and as soon as I whitelist an address the delays stop so its definitely something in E.F.A. causing them. Not seeing anything on the wiki regarding this.

User avatar
pdwalker
Posts: 1186
Joined: 18 Mar 2015 09:16

Re: URIBL_BLOCKED

Post by pdwalker » 23 Apr 2015 00:35

Delayed mail <> URIBL_BLOCKED

Your issue is different, if I'm understanding what you've said correctly. Your issue sounds like you don't like grey listing.

thebjorn
Posts: 5
Joined: 03 May 2015 12:47

Re: URIBL_BLOCKED

Post by thebjorn » 17 May 2015 19:18

Ok, so I've followed the instructions at http://tecadmin.net/setup-caching-names ... os-redhat/ to install a caching nameserver on the efa box. I've also updated the primary dns under option 4 -> 4 of the EFA config program. I'm still getting the error.

When I try the command listed to test the setup I get

Code: Select all

[root@efa3 MailScanner]# host -tTXT 3.0.0.127.multi.uribl.com
3.0.0.127.multi.uribl.com descriptive text "127.0.0.1 -> Query Refused. See http://uribl.com/refused.shtml for more information [Your DNS IP: 74.125.74.81]"
74.125.74.81 is apparently a google ip, but I have no idea where it is coming from..?

I've restarted the named service, do I need to reboot the entire system? (or am I going in the entirely wrong direction?)

thebjorn
Posts: 5
Joined: 03 May 2015 12:47

Re: URIBL_BLOCKED

Post by thebjorn » 17 May 2015 19:39

I knew I'd find the solution as soon as I posted the question ;-) Based on the bug report (https://github.com/E-F-A/v3/issues/150) I ended up at a commit (https://github.com/E-F-A/v3/commit/34e2 ... f3e78c018d) where I noticed that dnsmasq is a service... A quick

Code: Select all

service dnsmasq restart
and it is working from the command line

Code: Select all

[root@efa3 MailScanner]# host -tTXT 2.0.0.127.multi.uribl.com
2.0.0.127.multi.uribl.com descriptive text "permanent testpoint"
.. and the errors are gone -- yay :-)

User avatar
shawniverson
Posts: 2900
Joined: 13 Jan 2014 23:30
Location: Rushville, Indiana, USA
Contact:

Re: URIBL_BLOCKED

Post by shawniverson » 18 May 2015 02:57

The next update will fix this permanently for users affected.
Version eFa 4.0.0 now available!

thebjorn
Posts: 5
Joined: 03 May 2015 12:47

Re: URIBL_BLOCKED

Post by thebjorn » 02 Jun 2015 14:16

After my success message above, I got a message from gmail saying:

<xxx@mydomain.com>: mail for [email.mydomain.com] loops back to myself

so obviously something wasn't correctly configured. I forget what I did to get it working again, but during the upgrade this problem popped up again - after the kernel update and preventing the EFA-Update from working (something like "downloaded version file is corrupt" - I forgot to take a copy of the message).

I uninstalled (yum remove) bind and bind-chroot, reset the DNS to our domain controller, rebooted, and was able to run EFA-Update. Mail is again flowing, but I'm still getting

0.00 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/Dns ... nsbl-block for more information.

Was this supposed to be fixed in the 3.0.0.8 release?

User avatar
shawniverson
Posts: 2900
Joined: 13 Jan 2014 23:30
Location: Rushville, Indiana, USA
Contact:

Re: URIBL_BLOCKED

Post by shawniverson » 02 Jun 2015 14:54

You will need to turn on full recursive DNS on your EFA appliance.

EFA-Configure --> 4) IP Settings -->4) DNS Recursion

Make sure your EFA can query DNS outbound on port 53.
Version eFa 4.0.0 now available!

thebjorn
Posts: 5
Joined: 03 May 2015 12:47

Re: URIBL_BLOCKED

Post by thebjorn » 02 Jun 2015 15:47

You're awsome! :clap:

sxfx
Posts: 9
Joined: 04 Dec 2017 19:05

Re: URIBL_BLOCKED

Post by sxfx » 07 Dec 2017 10:49

I'm using DNS Recursion but i'm getting the block message. Any ideas?

User avatar
pdwalker
Posts: 1186
Joined: 18 Mar 2015 09:16

Re: URIBL_BLOCKED

Post by pdwalker » 08 Dec 2017 07:41

Verify your DNS settings.

Are you really recursing? or are you actually using someone else's DNS server to make the query on your behalf?

Are you using a shared IP?

sxfx
Posts: 9
Joined: 04 Dec 2017 19:05

Re: URIBL_BLOCKED

Post by sxfx » 08 Dec 2017 13:37

Hello! Here some things:

[root@efa /]# cat /etc/resolv.conf
nameserver 127.0.0.1


[root@efa /]# host -tTXT 2.0.0.127.multi.uribl.com
2.0.0.127.multi.uribl.com descriptive text "permanent testpoint"

I only see this message"ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/Dns ... nsbl-block for more information." when i test my dkim against http://dkimvalidator.com

This message is to they or for me?

Can you send a email test to http://dkimvalidator.com (they will geive you a random mail to test)

And.. how I debug it on my box? /var/log/maillog show nothing. Thanks

henk
Posts: 401
Joined: 14 Dec 2015 22:16
Location: Netherlands
Contact:

Re: URIBL_BLOCKED

Post by henk » 09 Dec 2017 00:39

As pdwalker stated
Verify your DNS settings. -What dns server do you use?
Could you list the content of
  • 1. /etc/unbound/unbound.conf
    2. /etc/unbound/conf.d/forwarders.conf
and list stats

Code: Select all

unbound-control stats_noreset |grep total 
Dig multiple times and check the query time. ( should be ;; Query time: 0 msec)

Code: Select all

dig @127.0.0.1  dcc.nova53.net

sxfx
Posts: 9
Joined: 04 Dec 2017 19:05

Re: URIBL_BLOCKED

Post by sxfx » 11 Dec 2017 15:14

/etc/unbound/unbound.conf
https://pastebin.com/asuWcuS6

/etc/unbound/conf.d/forwarders.conf
https://pastebin.com/nCW3X6Vz

[root@efa ~]# unbound-control stats_noreset |grep total
https://pastebin.com/qEEbAtS4

Thanks!

henk
Posts: 401
Joined: 14 Dec 2015 22:16
Location: Netherlands
Contact:

Re: URIBL_BLOCKED

Post by henk » 11 Dec 2017 23:16

Hi sxfx,

Your config is the default config and seems to work fine. ( from your EFA machine viewpoint)

As your resolv.conf points to-> nameserver 127.0.0.1 What is your DNS server to forward dns requests?

Since DNS queries are expected to come from verifiable IP addresses, and 127.0.0.1 cannot be mapped to a public IP address, the query probably failed because the RBL / BRBL could not identify a public IP address.On top of that its generally limited to no more than 100K queries from ANY SINGLE DNS SERVER IP ADDRESS in a given day.( So try point to a LOCAL DNS SERVER, with a PUBLICALLY MAPABLE IP ADDRESS)

You could force a forwarding dns server in /etc/unbound/conf.d/forwarders.conf

Code: Select all

forward-zone:
  name: "."
  forward-addr: xxx.xxx.xxx.xxx      # Forward dns server IP
  forward-first: yes
Or take a look at viewtopic.php?t=2567

Janvhirashe
Posts: 1
Joined: 19 Jul 2019 06:42

Re: URIBL_BLOCKED

Post by Janvhirashe » 19 Jul 2019 06:55

I was facing the same problem, but know it has fixed. There is no problem know.

Post Reply