View previous topic :: View next topic |
Author |
Message |
vetaltm Author
Joined: 05 Feb 2006 Posts: 751
|
Posted: Fri Oct 17, 2008 10:35 am Post subject: Re: DNSBL: Two Questions |
|
|
h8spam wrote: |
1. I don't see my counters increase. The "Hits" and "False Positives" stay at 0 forever. Why is that?
|
This is possible if the plug-in can't check the IPs via DNS protocol. If DNS servers in your network fail to handle the queries, the plug-in switches to checking IPs via HTTP service on antispamsniper.com. This service uses own predefined list of DNSBL services and thus the statistics are not updated.
h8spam wrote: |
2. I have 4 DNSBL's selected for scanning incoming mail. However when I look at the logs, my log entries only show 2 of the DNSBL's being scanned. Here is an example:
Reason: Blacklisted URL (somedomain.com, hits=1 [.+])
Why is that? Also is there a way I can tell which DNSBL's returned a positive scan and which ones returned a negative scan?
|
DNSBL and URIBL are different services. The sender IPs from message headers are checked via DNSBL services, but URIBL services are used to check the domains from message body. When you see in log the record having a reason "Blacklisted URL" - it is a hit of URIBL services. The reason "Blacklisted IP" appears in log for the messages having sender IP listed in DNSBL services. |
|
Back to top |
|
|
vetaltm Author
Joined: 05 Feb 2006 Posts: 751
|
Posted: Fri Oct 17, 2008 5:46 pm Post subject: |
|
|
h8spam wrote: | Should I debug the DNS resolution problem or not worry about it? If I should debug it, what do you suggest for a method? |
The plug-in switches to HTTP service for checking IPs only in case if something wrong with the available DNS servers. For example, it is possible in a corporate network, where internet access is restricted and the local DNS server doesn't support forwarding DNS requests. Apparently this is not your case, because the plug-in is able to check the domains via URIBL (there was a record in Filtering log with the reason "Blacklisted URL").
First make sure that the checkbox "Check the IP addresses in incoming messages" is enabled on DNSBL page. If it is enabled, please check the Filtering log in plug-in and try to find a record with the reason "Blacklisted IP". If there are no such records, probably everything works properly and DNSBL statistics is zero because there were no messages with blacklisted sender IPs yet. If there are messages blocked by IP in log, but DNSBL statistics is zero anyway, you can try to find a problem with DNS server or leave everything as-is. In fact checking IPs via HTTP service works a bit faster in most cases, and zero statistics is the only disadvantage. |
|
Back to top |
|
|
|
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
Powered by phpBB © 2001, 2005 phpBB Group
|