DCC not answering

Bugs in eFa 4
Post Reply
arned
Posts: 5
Joined: 10 Feb 2020 09:37

DCC not answering

Post by arned »

Hello,

I have an error with DCC servers not answering.
I have installed eFa 4.0.2 on a fresh centOS 7 with 4 GB RAM.
Using the command "cdcc info" i get the following:

Code: Select all

# 02/17/20 11:42:08 CET  /var/dcc/map
# Re-resolve names after 12:46:21
# 12 total, 0 working servers
# continue not asking DCC server 32 seconds after 1 failures
IPv6 on   version=3

@,-                         RTT-1000 ms  32768
#  127.0.0.1,-
#      not answering

dcc.nova53.net,-            RTT+0 ms    anon
#  173.71.176.215,-
#      not answering

dcc1.dcc-servers.net,-      RTT+0 ms    anon
#  74.92.232.243,-
#      not answering
#  137.208.8.63,-
#      not answering

dcc2.dcc-servers.net,-      RTT+0 ms    anon
#  192.84.137.21,-
#      not answering
#  195.20.8.232,-
#      not answering

dcc3.dcc-servers.net,-      RTT+0 ms    anon
#  209.169.14.27,-
#      not answering
#  212.223.102.90,-
#      not answering

dcc4.dcc-servers.net,-      RTT+0 ms    anon
#  69.171.29.33,-
#      not answering
#  192.135.10.194,-
#      not answering

dcc5.dcc-servers.net,-      RTT+0 ms    anon
# *136.199.199.160,-
#      not answering
#  157.131.0.46,-
#      not answering

################
# 02/17/20 11:42:08 CET  greylist /var/dcc/map
# Re-resolve names after 13:42:08
# 1 total, 0 working servers
# continue not asking greylist server 32 seconds after 1 failures

@,-                         Greylist 32768
# *127.0.0.1,6276
#      not answering

When i enter the command "tail -f /var/log/maillog" I get this output:

Code: Select all

Feb 17 11:48:21 cas1 MailScanner[31902]: MailWatch: Starting up MailWatch SQL Blacklist
Feb 17 11:48:21 cas1 MailScanner[31902]: MailWatch: Read 0 blacklist entries
Feb 17 11:48:21 cas1 MailScanner[31902]: Config: calling custom init function MailWatchLogging
Feb 17 11:48:21 cas1 MailScanner[31902]: MailWatch: Started MailWatch SQL Logging child
Feb 17 11:48:21 cas1 MailScanner[31902]: Config: calling custom init function SQLWhitelist
Feb 17 11:48:21 cas1 MailScanner[31902]: MailWatch: Starting up MailWatch SQL Whitelist
Feb 17 11:48:21 cas1 MailScanner[31902]: MailWatch: Read 2 whitelist entries
Feb 17 11:48:21 cas1 MailScanner[31902]: Using SpamAssassin results cache
Feb 17 11:48:21 cas1 MailScanner[31902]: Connected to SpamAssassin cache database
Feb 17 11:48:21 cas1 MailScanner[31902]: Enabling SpamAssassin auto-whitelist functionality...
Feb 17 11:48:22 cas1 dccifd[2556]: no working DCC servers @ dcc.nova53.net dcc1.dcc-servers.net ... at 127.0.0.1 173.71.176.215 173.71.176.215 ...
Feb 17 11:48:22 cas1 dccifd[2556]: continue not asking DCC 32 seconds after 1 failures
Feb 17 11:48:26 cas1 MailScanner[31910]: MailScanner Email Processor version 5.2.2 starting...
Feb 17 11:48:26 cas1 MailScanner[31910]: Reading configuration file /etc/MailScanner/MailScanner.conf
Feb 17 11:48:26 cas1 MailScanner[31910]: Reading configuration file /etc/MailScanner/conf.d/README
Feb 17 11:48:26 cas1 MailScanner[31910]: Read 868 hostnames from the phishing whitelist
Feb 17 11:48:26 cas1 MailScanner[31910]: Read 5807 hostnames from the phishing blacklists
Feb 17 11:48:26 cas1 MailScanner[31910]: Config: calling custom init function SQLBlacklist
Feb 17 11:48:26 cas1 MailScanner[31910]: MailWatch: Starting up MailWatch SQL Blacklist
Feb 17 11:48:26 cas1 MailScanner[31910]: MailWatch: Read 0 blacklist entries
Feb 17 11:48:26 cas1 MailScanner[31910]: Config: calling custom init function MailWatchLogging
Feb 17 11:48:26 cas1 MailScanner[31910]: MailWatch: Started MailWatch SQL Logging child
Feb 17 11:48:26 cas1 MailScanner[31910]: Config: calling custom init function SQLWhitelist
Feb 17 11:48:26 cas1 MailScanner[31910]: MailWatch: Starting up MailWatch SQL Whitelist
Feb 17 11:48:26 cas1 MailScanner[31910]: MailWatch: Read 2 whitelist entries
Feb 17 11:48:26 cas1 MailScanner[31910]: Using SpamAssassin results cache
Feb 17 11:48:26 cas1 MailScanner[31910]: Connected to SpamAssassin cache database
Feb 17 11:48:26 cas1 MailScanner[31910]: Enabling SpamAssassin auto-whitelist functionality...
Feb 17 11:48:27 cas1 dccifd[2556]: continue not asking DCC 27 seconds after 1 failures

It just keeps on repeating and at a certain point stops retrying.
Does anyone have a solution with this problem?

Thanks in advance!
henk
Posts: 517
Joined: 14 Dec 2015 22:16
Location: Netherlands
Contact:

Re: DCC not answering

Post by henk »

Did you read? viewtopic.php?t=3354

Can be a DNS / Firewall issue
“We are stuck with technology when what we really want is just stuff that works.” -Douglas Adams
arned
Posts: 5
Joined: 10 Feb 2020 09:37

Re: DCC not answering

Post by arned »

Thank you for the quick reply.

Just to be sure i dissabled the firewall so it wouldn't block anything (with no success).
I also checked the dns configuration, i can ping 8.8.8.8 and www.google.com.
However, i can access mailscanner with the set ip-address(192.168.x.x), but can't use the localhost name (hostname.domain.com).
Could this be an issue with the dns configuration?
arned
Posts: 5
Joined: 10 Feb 2020 09:37

Re: DCC not answering

Post by arned »

Update: We are 2 interns that are assigned to start up a eFa server in the most recent version so we have little to no experience. :D
After some searching we discovered that the eFa 3.0.0.8 server that is running right now has the same public IP as the eFa server that is deployed.
Could this possibly be the issue? This still doesn't explain why we can't reach the eFa mailscanner with my hostname (possible with IP)

Thanks in advance!

Kind regards, 2 students
TFNcap
Posts: 30
Joined: 25 Apr 2020 07:17

Re: DCC not answering

Post by TFNcap »

I have the same problem, is there any improvement?

up
eFa-4.0.2 - ©
henk
Posts: 517
Joined: 14 Dec 2015 22:16
Location: Netherlands
Contact:

Re: DCC not answering

Post by henk »

Hi arned,

You did mention the install of eFa 4.0.2 on a fresh centOS 7 with 4 GB RAM.

Can you explain how you added dcc.nova53.net?

Think about this:
eFa 3.0.0.8 server that is running right now has the same public IP as the eFa server that is deployed.
:doh:

Got the feeling you need to learn some basic things first. :think:

To check your dns:

Code: Select all

ping dcc4.dcc-servers.net
“We are stuck with technology when what we really want is just stuff that works.” -Douglas Adams
TFNcap
Posts: 30
Joined: 25 Apr 2020 07:17

Re: DCC not answering

Post by TFNcap »

henk wrote: 21 May 2020 09:37 Hi arned,

You did mention the install of eFa 4.0.2 on a fresh centOS 7 with 4 GB RAM.

Can you explain how you added dcc.nova53.net?

Think about this:
eFa 3.0.0.8 server that is running right now has the same public IP as the eFa server that is deployed.
:doh:

Got the feeling you need to learn some basic things first. :think:

To check your dns:

Code: Select all

ping dcc4.dcc-servers.net
maybe you give me an idea :whistle:

Code: Select all

PING dcc1.dcc-servers.net (137.208.8.63) 56(84) bytes of data.
64 bytes from dccd.wu-wien.ac.at (137.208.8.63): icmp_seq=1 ttl=48 time=66.5 ms
64 bytes from dccd.wu-wien.ac.at (137.208.8.63): icmp_seq=2 ttl=48 time=66.5 ms
64 bytes from dccd.wu-wien.ac.at (137.208.8.63): icmp_seq=3 ttl=48 time=66.5 ms
64 bytes from dccd.wu-wien.ac.at (137.208.8.63): icmp_seq=4 ttl=48 time=66.4 ms
64 bytes from dccd.wu-wien.ac.at (137.208.8.63): icmp_seq=5 ttl=48 time=66.5 ms
64 bytes from dccd.wu-wien.ac.at (137.208.8.63): icmp_seq=6 ttl=48 time=66.7 ms
64 bytes from dccd.wu-wien.ac.at (137.208.8.63): icmp_seq=7 ttl=48 time=66.5 ms
64 bytes from dccd.wu-wien.ac.at (137.208.8.63): icmp_seq=8 ttl=48 time=66.5 ms
64 bytes from dccd.wu-wien.ac.at (137.208.8.63): icmp_seq=9 ttl=48 time=66.4 ms
64 bytes from dccd.wu-wien.ac.at (137.208.8.63): icmp_seq=10 ttl=48 time=66.5 ms
64 bytes from dccd.wu-wien.ac.at (137.208.8.63): icmp_seq=11 ttl=48 time=66.5 ms
64 bytes from dccd.wu-wien.ac.at (137.208.8.63): icmp_seq=12 ttl=48 time=66.5 ms
64 bytes from dccd.wu-wien.ac.at (137.208.8.63): icmp_seq=13 ttl=48 time=66.5 ms
^C
--- dcc1.dcc-servers.net ping statistics ---
13 packets transmitted, 13 received, 0% packet loss, time 12019ms
rtt min/avg/max/mdev = 66.427/66.553/66.726/0.186 ms
--------------------------------------------------------------------
command : cdcc info

Code: Select all

# 05/21/20 23:11:57 +03  /var/dcc/map
# Re-resolve names after 00:37:01
# 12 total, 0 working servers
# continue not asking DCC server 63 seconds after 2 failures
IPv6 on   version=3

@,-                         RTT-1000 ms  32768
#  127.0.0.1,-
#      not answering

dcc1.dcc-servers.net,-      RTT+0 ms    anon
#  74.92.232.243,-
#      not answering
#  137.208.8.63,-
#      not answering

dcc2.dcc-servers.net,-      RTT+0 ms    anon
#  157.131.0.46,-
#      not answering
#  192.84.137.21,-
#      not answering

dcc3.dcc-servers.net,-      RTT+0 ms    anon
#  209.169.14.27,-
#      not answering
#  212.223.102.90,-
#      not answering

dcc4.dcc-servers.net,-      RTT+0 ms    anon
#  184.23.168.46,-
#      not answering
#  192.135.10.194,-
#      not answering

dcc5.dcc-servers.net,-      RTT+0 ms    anon
#  204.90.71.235,-
#      not answering
# *209.169.14.26,-
#      not answering
#  212.223.15.198,-
#      not answering

################
# 05/21/20 23:11:57 +03  greylist /var/dcc/map
# Re-resolve names after 01:11:23
# 1 total, 0 working servers
# continue not asking greylist server 64 seconds after 2 failures

@,-                         Greylist 32768
# *127.0.0.1,6276
#      not answering
Can you explain how you added dcc.nova53.net?
I don't have this
eFa 3.0.0.8 server that is running right now has the same public IP as the eFa server that is deployed.
I don't understand what you mean by that :cry:

maybe a necessary information : GreyList OFF i dont use..

what do you think? :snooty:

information
note: I use this
ISO image

It is also possible to install eFa4 from ISO image, this combines CentOS 7 with the install script in one single instance.
You can download the ISO from: https://mirrors.efa-project.org/images/ ... 0/eFa4.iso (1.1GB)(MD5)
4cpu 8gb ram
all updates are done
  • efa
  • webmin
  • yum
I think DCC was working 30 days ago
yum I feel like it's broken after the update
I noticed it wasn't working 10 days ago
this is all i know

Best regards
eFa-4.0.2 - ©
TFNcap
Posts: 30
Joined: 25 Apr 2020 07:17

Re: DCC not answering

Post by TFNcap »

source: https://support.configserver.com/en/kno ... -front-end
Ensure that the following ports are open in any software or hardware firewalls:

DCC - out-bound UDP port 6277
DCC - out-bound TCP port 587 (for reporting spam)
Razor - out-bound TCP port 2703
I tried from this website : https://www.yougetsignal.com/tools/open-ports/

Port 6277 is closed
Port 587 is open
Port 2703 is closed


and
razor also fails in my system :idea:
  • Are these ports closed?
  • what do you think?
  • how can i open these ports
Best regards
eFa-4.0.2 - ©
TFNcap
Posts: 30
Joined: 25 Apr 2020 07:17

Re: DCC not answering

Post by TFNcap »

I tested 30 seconds ago (cdcc info)

Code: Select all

# 05/23/20 13:10:39 +03  /var/dcc/map
# Re-resolve names after 14:07:28  Check RTTs after 13:25:38
# 1 total, 0 working servers
# continue not asking DCC server 437 seconds after 5 failures
IPv6 on   version=3

@,-                         RTT-1000 ms  32768
# *127.0.0.1,-
#      not answering

dcc1.dcc-servers.net,-      RTT+0 ms    anon
#   undefined name or wrong IP version

dcc2.dcc-servers.net,-      RTT+0 ms    anon
#   undefined name or wrong IP version

dcc3.dcc-servers.net,-      RTT+0 ms    anon
#   undefined name or wrong IP version

dcc4.dcc-servers.net,-      RTT+0 ms    anon
#   undefined name or wrong IP version

dcc5.dcc-servers.net,-      RTT+0 ms    anon
#   undefined name or wrong IP version

################
# 05/23/20 13:10:39 +03  greylist /var/dcc/map
# Re-resolve names after 14:58:40
# 1 total, 0 working servers
# continue not asking greylist server 32 seconds after 1 failures

@,-                         Greylist 32768
# *127.0.0.1,6276
#      not answering
eFa-4.0.2 - ©
User avatar
shawniverson
Posts: 3644
Joined: 13 Jan 2014 23:30
Location: Indianapolis, Indiana USA
Contact:

Re: DCC not answering

Post by shawniverson »

There's chatter on spamassasin forums about the dcc servers not working anywhere right now.
TFNcap
Posts: 30
Joined: 25 Apr 2020 07:17

Re: DCC not answering

Post by TFNcap »

shawniverson wrote: 23 May 2020 14:31 There's chatter on spamassasin forums about the dcc servers not working anywhere right now.
himmmmmm.... pending/follow :shifty:
eFa-4.0.2 - ©
TFNcap
Posts: 30
Joined: 25 Apr 2020 07:17

Re: DCC not answering

Post by TFNcap »

servers active again but my problem still continues

Code: Select all

# 05/21/20 23:11:57 +03  /var/dcc/map
# Re-resolve names after 00:37:01
# 12 total, 0 working servers
# continue not asking DCC server 63 seconds after 2 failures
IPv6 on   version=3

@,-                         RTT-1000 ms  32768
#  127.0.0.1,-
#      not answering

dcc1.dcc-servers.net,-      RTT+0 ms    anon
#  74.92.232.243,-
#      not answering
#  137.208.8.63,-
#      not answering

dcc2.dcc-servers.net,-      RTT+0 ms    anon
#  157.131.0.46,-
#      not answering
#  192.84.137.21,-
#      not answering

dcc3.dcc-servers.net,-      RTT+0 ms    anon
#  209.169.14.27,-
#      not answering
#  212.223.102.90,-
#      not answering

dcc4.dcc-servers.net,-      RTT+0 ms    anon
#  184.23.168.46,-
#      not answering
#  192.135.10.194,-
#      not answering

dcc5.dcc-servers.net,-      RTT+0 ms    anon
#  204.90.71.235,-
#      not answering
# *209.169.14.26,-
#      not answering
#  212.223.15.198,-
#      not answering

################
# 05/21/20 23:11:57 +03  greylist /var/dcc/map
# Re-resolve names after 01:11:23
# 1 total, 0 working servers
# continue not asking greylist server 64 seconds after 2 failures

@,-                         Greylist 32768
# *127.0.0.1,6276
#      not answering
my new research

something caught my attention
I did port query with nmap and the result is
all ports are closed
I don't know if I'm making the right searches
I will have a request
can you run the cdcc info command
Does your DCC work?


Image
eFa-4.0.2 - ©
smyers119
Posts: 108
Joined: 29 Nov 2019 11:36

Re: DCC not answering

Post by smyers119 »

You must have a dns issue then here's my results:

Code: Select all

[user@host ~]$ cdcc info
# 05/25/20 10:18:57 EDT  /var/dcc/map
# Re-resolve names after 11:30:37  Check RTTs after 10:33:56
# 266.09 ms threshold, 220.97 ms average    12 total, 10 working servers
IPv6 on   version=3

dcc1.dcc-servers.net,-      RTT+0 ms    anon
#  74.92.232.243,-                                          Etherboy ID 1002
#      88% of 32 requests ok  341.31+0 ms RTT          100 ms queue wait
#  137.208.8.63,-                                             wuwien ID 1290
#     100% of 32 requests ok  208.54+0 ms RTT          100 ms queue wait
#  209.169.14.29,-                                     x.dcc-servers ID 104
#     100% of 32 requests ok  167.06+0 ms RTT          100 ms queue wait

dcc2.dcc-servers.net,-      RTT+0 ms    anon
#  157.131.0.46,-                                              sonic ID 1255
#     100% of 32 requests ok  185.95+0 ms RTT          100 ms queue wait
#  192.84.137.21,-                                           INFN-TO ID 1233
#     100% of 32 requests ok  222.63+0 ms RTT          100 ms queue wait

dcc3.dcc-servers.net,-      RTT+0 ms    anon
#  54.156.255.136,-
#      not answering
#  209.169.14.27,-                                     x.dcc-servers ID 104
#     100% of 32 requests ok  166.09+0 ms RTT          100 ms queue wait

dcc4.dcc-servers.net,-      RTT+0 ms    anon
#  192.135.10.194,-                                           debian ID 1169
#     100% of 32 requests ok  227.45+0 ms RTT          100 ms queue wait
#  212.223.102.90,-                                                  ID 1480
#     100% of 32 requests ok  208.04+0 ms RTT          100 ms queue wait

dcc5.dcc-servers.net,-      RTT+0 ms    anon
# *204.90.71.235,-                                       MGTINTERNET ID 1170
#     100% of 32 requests ok  121.92+0 ms RTT          100 ms queue wait
#  212.223.15.198,-                                                  ID 1481
#     100% of 32 requests ok  208.81+0 ms RTT          100 ms queue wait

@,-                         RTT-1000 ms  32768
#  127.0.0.1,-
#      not answering

################
# 05/25/20 10:18:57 EDT  greylist /var/dcc/map
# Re-resolve names after 12:18:56
# 1 total, 0 working servers
# continue not asking greylist server 32 seconds after 1 failures

@,-                         Greylist 32768
# *127.0.0.1,6276
#      not answering

User avatar
pdwalker
Posts: 1553
Joined: 18 Mar 2015 09:16

Re: DCC not answering

Post by pdwalker »

I get similar results to smyers119.
TFNcap
Posts: 30
Joined: 25 Apr 2020 07:17

Re: DCC not answering

Post by TFNcap »

smyers119 wrote: 25 May 2020 14:21 You must have a dns issue then here's my results:
Current IP settings for ens160 are:
1) BOOTPROTO : none
2) IPV6_AUTOCONF : no
3) IP : 1xx.2x.2xx.1xx
4) Netmask : 255.255.255.248
5) Gateway : 1xx.2x.2xx.1xx
6) Use IPv6 DNS : no
7) IPv6 IP :
8) IPv6 Prefix :
9) IPv6 Gateway :
10) DNS Recursion : DISABLED
11) Primary DNS : 208.67.222.222
12) Secondary DNS : 208.67.220.220
13) Hostname : anxxxxam
14) Domain Name : txxxxxt.com
eFa-4.0.2 - ©
smyers119
Posts: 108
Joined: 29 Nov 2019 11:36

Re: DCC not answering

Post by smyers119 »

Yea, it's not going to work while using public dns. you need to use recursion or the dcc, rbi, and other services will not work (they limit the amount of querys per day/month per ip
User avatar
pdwalker
Posts: 1553
Joined: 18 Mar 2015 09:16

Re: DCC not answering

Post by pdwalker »

smyers119 is correct.

You will need to enable option 10, DNS recursion, and not have a primary and secondary DNS configured.

The DCC services don't support requests from public DNS servers, but they will support small amounts of requests from non public DNS servers.

The same thing applies to the RBLs used by postfix to help determine if a message is spam nor not.

Is there a reason why you have not enabled recursion?

[edit] more info here: viewtopic.php?f=5&t=4291
TFNcap
Posts: 30
Joined: 25 Apr 2020 07:17

Re: DCC not answering

Post by TFNcap »

smyers119 wrote: 26 May 2020 23:59 Yea, it's not going to work while using public dns. you need to use recursion or the dcc, rbi, and other services will not work (they limit the amount of querys per day/month per ip
pdwalker wrote: 27 May 2020 04:42 smyers119 is correct.

You will need to enable option 10, DNS recursion, and not have a primary and secondary DNS configured.

The DCC services don't support requests from public DNS servers, but they will support small amounts of requests from non public DNS servers.

The same thing applies to the RBLs used by postfix to help determine if a message is spam nor not.

Is there a reason why you have not enabled recursion?

[edit] more info here: viewtopic.php?f=5&t=4291
Is there a reason why you have not enabled recursion?
no special reason
I read an article on the internet, so i closed...
Having the DNS Recursion feature turned on means you are exposed to “DNS Amplification Attack” attacks. This attack is also known as DNS-strengthened DDOS attack. Therefore, the DNS Recursion feature needs to be turned off and we will look at how to do this. Assuming you are more or less familiar with the results of the DDOS attack, what is DNS Amplification Attack?...................



anyway ... now my settings are like this

Code: Select all

Current IP settings for ens160 are:
 1) BOOTPROTO            :  none
 2) IPV6_AUTOCONF        :  no
 3) IP                   :  1xx.2x.2xx.1xx
 4) Netmask              :  255.255.255.248
 5) Gateway              :  1xx.2x.2xx.1xx
 6) Use IPv6 DNS         :  no
 7) IPv6 IP              :
 8) IPv6 Prefix          :
 9) IPv6 Gateway         :
10) DNS Recursion        :  ENABLED
11) Primary DNS          :
12) Secondary DNS        :
13) Hostname             :  axxxxxxm
14) Domain Name          :  txxxxxt.com

e) Return to main menu

 Note: Network will reset when changing values.
I changed the settings and rebooted the system
putty + shell + cdcc info !!!???
and...

Code: Select all

# 05/27/20 18:25:28 +03  /var/dcc/map
# Re-resolve names after 19:13:48  Check RTTs after 18:40:23
# 12 total, 0 working servers
# continue not asking DCC server 190 seconds after 5 failures
IPv6 on   version=3

@,-                         RTT-1000 ms  32768
#  127.0.0.1,-
#      not answering

dcc1.dcc-servers.net,-      RTT+0 ms    anon
#  74.92.232.243,-
#      not answering
#  137.208.8.63,-
#      not answering

dcc2.dcc-servers.net,-      RTT+0 ms    anon
#  157.131.0.46,-
#      not answering
#  192.84.137.21,-
#      not answering

dcc3.dcc-servers.net,-      RTT+0 ms    anon
#  209.169.14.27,-
#      not answering
#  212.223.102.90,-
#      not answering

dcc4.dcc-servers.net,-      RTT+0 ms    anon
#  184.23.168.46,-
#      not answering
#  192.135.10.194,-
#      not answering

dcc5.dcc-servers.net,-      RTT+0 ms    anon
#  204.90.71.235,-
#      not answering
# *209.169.14.26,-
#      not answering
#  212.223.15.198,-
#      not answering

################
# 05/27/20 18:25:28 +03  greylist /var/dcc/map
# Re-resolve names after 19:21:11
# 1 total, 0 working servers
# continue not asking greylist server 32 seconds after 1 failures

@,-                         Greylist 32768
# *127.0.0.1,6276
#      not answering
:cry:
as if something is still missing

Is there anything you want to review in my settings
or should I wait 1 day maybe
eFa-4.0.2 - ©
smyers119
Posts: 108
Joined: 29 Nov 2019 11:36

Re: DCC not answering

Post by smyers119 »

Its probably cached results. Either wait a day clear dns cache or reboot.
User avatar
pdwalker
Posts: 1553
Joined: 18 Mar 2015 09:16

Re: DCC not answering

Post by pdwalker »

If your eFa box is not exposing the DNS server to the internet, then you are in no danger of being used for DNS amplification attacks.

The only ports exposed to the internet on my machine are mail related only. Everything is blocked and only the mail related services are mapped from the firewall to the eFa box.

So as long as my mail services remain secure (and patched), I should be safe enough.

Only expose the minimum you need to the internet.
TFNcap
Posts: 30
Joined: 25 Apr 2020 07:17

Re: DCC not answering

Post by TFNcap »

yes you are right I will tell you after testing with all the details...

coming soon stay tuned.... :geek:
eFa-4.0.2 - ©
User avatar
pdwalker
Posts: 1553
Joined: 18 Mar 2015 09:16

Re: DCC not answering

Post by pdwalker »

henk wrote: 17 Feb 2020 11:16 Did you read? viewtopic.php?t=3354

Can be a DNS / Firewall issue
I've had a looooong look.

The system is setup correctly. However, the country in question is blocking all direct dns requests except to those of well known public servers.

I assume that they are doing this for censorship purposes.

I was able to get around this from the command line by setting up a dns server that would accept tcp dns requests on a non standard port, and then testing from the computer to see if I could get around the blocks - it worked. Accessing the same dns server via standard ports fails which confirms the block.

What a PITA.

I am going to see if how to configure unbound to use an upstream dns server, using tcp, on a non standard port for anyone else suffering from the "great china firewall problem in my country"

Bah!
Post Reply