warning: dnsblog_query lookup error

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
13 messages Options
Reply | Threaded
Open this post in threaded view
|

warning: dnsblog_query lookup error

Maurizio Caloro-2

Hello

I have the issue with mail from Outlook, or Hotmail this Warning appair and the mail don’t deliver to me.

 

Apr  8 08:04:24  ail postfix/dnsblog[7379]: warning: dnsblog_query: lookup error for DNS query 109.75.92.40.list.dnswl.org: Host or domain name not found. Name service error for name=109.75.92.40.list.dnswl.org type=A: Host not found, try again

 

Apr  8 08:23:10 ail postfix/dnsblog[7943]: warning: dnsblog_query: lookup error for DNS query 42.89.92.40.list.dnswl.org: Host or domain name not found. Name service error for name=42.89.92.40.list.dnswl.org type=A: Host not

found, try again

 

postscreen_dnsbl_sites = zen.spamhaus.org*3

        b.barracudacentral.org*2

        bl.spameatingmonkey.net*2

        bl.spamcop.net

        dnsbl.sorbs.net

        psbl.surriel.com

        bl.mailspike.net

        list.dnswl.org=127.0.[0..255].0*-2

        list.dnswl.org=127.0.[0..255].1*-3

        list.dnswl.org=127.0.[0..255].[2..3]*-4

 

root@nmail:/etc/postfix# ping 42.89.92.40

PING 42.89.92.40 (42.89.92.40) 56(84) bytes of data.

181 packets transmitted, 0 received, 100% packet loss, time 482ms

 

root@nmail:/etc/postfix# cat /etc/resolv.conf

nameserver 8.8.8.8

nameserver 46.38.225.230

 

regards

Mauri

 

 

Reply | Threaded
Open this post in threaded view
|

Re: warning: dnsblog_query lookup error

Christian Kivalo


On April 8, 2021 8:29:09 AM GMT+02:00, Maurizio Caloro <[hidden email]> wrote:

>Hello
>
>I have the issue with mail from Outlook, or Hotmail this Warning appair
>and
>the mail don't deliver to me.
>
>
>
>Apr  8 08:04:24  ail postfix/dnsblog[7379]: warning: dnsblog_query:
>lookup
>error for DNS query 109.75.92.40.list.dnswl.org: Host or domain name
>not
>found. Name service error for name=109.75.92.40.list.dnswl.org type=A:
>Host
>not found, try again
>
>
>
>Apr  8 08:23:10 ail postfix/dnsblog[7943]: warning: dnsblog_query:
>lookup
>error for DNS query 42.89.92.40.list.dnswl.org: Host or domain name not
>found. Name service error for name=42.89.92.40.list.dnswl.org type=A:
>Host
>not
>
>found, try again
>
>
>
>postscreen_dnsbl_sites = zen.spamhaus.org*3
>
>        b.barracudacentral.org*2
>
>        bl.spameatingmonkey.net*2
>
>        bl.spamcop.net
>
>        dnsbl.sorbs.net
>
>        psbl.surriel.com
>
>        bl.mailspike.net
>
>        list.dnswl.org=127.0.[0..255].0*-2
>
>        list.dnswl.org=127.0.[0..255].1*-3
>
>        list.dnswl.org=127.0.[0..255].[2..3]*-4
>
>
>
>root@nmail:/etc/postfix# ping 42.89.92.40
>
>PING 42.89.92.40 (42.89.92.40) 56(84) bytes of data.
>
>181 packets transmitted, 0 received, 100% packet loss, time 482ms
>
>
>
>root@nmail:/etc/postfix# cat /etc/resolv.conf
>
>nameserver 8.8.8.8
>
>nameserver 46.38.225.230
You should not use public dns servers to query dnsbls as they are likely blocked due to excessive query volume at the dnsbl. Install and use a local resolver like unbound, knot, bind and use nameserver 127.0.0.1 in /etc/resolv.conf
>
>
>regards
>
>Mauri
>
>
>
>

--
Christian Kivalo
Reply | Threaded
Open this post in threaded view
|

AW: warning: dnsblog_query lookup error

Maurizio Caloro-2
>>You should not use public dns servers to query dnsbls as they are likely blocked due to excessive query volume at the dnsbl. Install and use >>a local resolver like unbound, knot, bind and use nameserver 127.0.0.1 in /etc/resolv.conf

root@nmail:/etc/postfix# cat /etc/resolv.conf
nameserver 127.0.0.1
nameserver 8.8.8.8

Please I can ping everything ......

root@nmail:/etc/postfix# ping 42.89.92.40
PING 42.89.92.40 (42.89.92.40) 56(84) bytes of data.
16 packets transmitted, 0 received, 100% packet loss, time 354ms

root@nmail:/etc/postfix# ping 109.75.92.40
PING 109.75.92.40 (109.75.92.40) 56(84) bytes of data.
3 packets transmitted, 0 received, 100% packet loss, time 27ms

Thanks
Mauri
-----Urspr√ľngliche Nachricht-----
Von: [hidden email] <[hidden email]> Im Auftrag von Christian Kivalo
Gesendet: Donnerstag, 8. April 2021 09:02
An: [hidden email]
Betreff: Re: warning: dnsblog_query lookup error



On April 8, 2021 8:29:09 AM GMT+02:00, Maurizio Caloro <[hidden email]> wrote:

>Hello
>
>I have the issue with mail from Outlook, or Hotmail this Warning appair
>and the mail don't deliver to me.
>cat /etc
>
>
>Apr  8 08:04:24  ail postfix/dnsblog[7379]: warning: dnsblog_query:
>lookup
>error for DNS query 109.75.92.40.list.dnswl.org: Host or domain name
>not found. Name service error for name=109.75.92.40.list.dnswl.org
>type=A:
>Host
>not found, try again
>
>
>
>Apr  8 08:23:10 ail postfix/dnsblog[7943]: warning: dnsblog_query:
>lookup
>error for DNS query 42.89.92.40.list.dnswl.org: Host or domain name not
>found. Name service error for name=42.89.92.40.list.dnswl.org type=A:
>Host
>not
>
>found, try again
>
>
>
>postscreen_dnsbl_sites = zen.spamhaus.org*3
>
>        b.barracudacentral.org*2
>
>        bl.spameatingmonkey.net*2
>
>        bl.spamcop.net
>
>        dnsbl.sorbs.net
>
>        psbl.surriel.com
>
>        bl.mailspike.net
>
>        list.dnswl.org=127.0.[0..255].0*-2
>
>        list.dnswl.org=127.0.[0..255].1*-3
>
>        list.dnswl.org=127.0.[0..255].[2..3]*-4
>
>
>
>root@nmail:/etc/postfix# ping 42.89.92.40
>
>PING 42.89.92.40 (42.89.92.40) 56(84) bytes of data.
>
>181 packets transmitted, 0 received, 100% packet loss, time 482ms
>
>
>
>root@nmail:/etc/postfix# cat /etc/resolv.conf
>
>nameserver 8.8.8.8
>
>nameserver 46.38.225.230
You should not use public dns servers to query dnsbls as they are likely blocked due to excessive query volume at the dnsbl. Install and use a local resolver like unbound, knot, bind and use nameserver 127.0.0.1 in /etc/resolv.conf
>
>
>regards
>
>Mauri
>
>
>
>

--
Christian Kivalo

Reply | Threaded
Open this post in threaded view
|

Re: warning: dnsblog_query lookup error

Christian Kivalo


On April 8, 2021 9:10:04 AM GMT+02:00, Maurizio Caloro <[hidden email]> wrote:

>>>You should not use public dns servers to query dnsbls as they are
>likely blocked due to excessive query volume at the dnsbl. Install and
>use >>a local resolver like unbound, knot, bind and use nameserver
>127.0.0.1 in /etc/resolv.conf
>
>root@nmail:/etc/postfix# cat /etc/resolv.conf
>nameserver 127.0.0.1
>nameserver 8.8.8.8
>
>Please I can ping everything ......
>
>root@nmail:/etc/postfix# ping 42.89.92.40
>PING 42.89.92.40 (42.89.92.40) 56(84) bytes of data.
>16 packets transmitted, 0 received, 100% packet loss, time 354ms
>
>root@nmail:/etc/postfix# ping 109.75.92.40
>PING 109.75.92.40 (109.75.92.40) 56(84) bytes of data.
>3 packets transmitted, 0 received, 100% packet loss, time 27ms
You don't need to ping anything.
Try the query directly. I'm only using a local unbound on this server for name resolution.
This is what I get:
valo:~ $ dig 109.75.92.40.list.dnswl.org +short
127.0.3.0
valo:~ $

>Thanks
>Mauri
>-----Urspr√ľngliche Nachricht-----
>Von: [hidden email] <[hidden email]>
>Im Auftrag von Christian Kivalo
>Gesendet: Donnerstag, 8. April 2021 09:02
>An: [hidden email]
>Betreff: Re: warning: dnsblog_query lookup error
>
>
>
>On April 8, 2021 8:29:09 AM GMT+02:00, Maurizio Caloro
><[hidden email]> wrote:
>>Hello
>>
>>I have the issue with mail from Outlook, or Hotmail this Warning
>appair
>>and the mail don't deliver to me.
>>cat /etc
>>
>>
>>Apr  8 08:04:24  ail postfix/dnsblog[7379]: warning: dnsblog_query:
>>lookup
>>error for DNS query 109.75.92.40.list.dnswl.org: Host or domain name
>>not found. Name service error for name=109.75.92.40.list.dnswl.org
>>type=A:
>>Host
>>not found, try again
>>
>>
>>
>>Apr  8 08:23:10 ail postfix/dnsblog[7943]: warning: dnsblog_query:
>>lookup
>>error for DNS query 42.89.92.40.list.dnswl.org: Host or domain name
>not
>>found. Name service error for name=42.89.92.40.list.dnswl.org type=A:
>>Host
>>not
>>
>>found, try again
>>
>>
>>
>>postscreen_dnsbl_sites = zen.spamhaus.org*3
>>
>>        b.barracudacentral.org*2
>>
>>        bl.spameatingmonkey.net*2
>>
>>        bl.spamcop.net
>>
>>        dnsbl.sorbs.net
>>
>>        psbl.surriel.com
>>
>>        bl.mailspike.net
>>
>>        list.dnswl.org=127.0.[0..255].0*-2
>>
>>        list.dnswl.org=127.0.[0..255].1*-3
>>
>>        list.dnswl.org=127.0.[0..255].[2..3]*-4
>>
>>
>>
>>root@nmail:/etc/postfix# ping 42.89.92.40
>>
>>PING 42.89.92.40 (42.89.92.40) 56(84) bytes of data.
>>
>>181 packets transmitted, 0 received, 100% packet loss, time 482ms
>>
>>
>>
>>root@nmail:/etc/postfix# cat /etc/resolv.conf
>>
>>nameserver 8.8.8.8
>>
>>nameserver 46.38.225.230
>You should not use public dns servers to query dnsbls as they are
>likely blocked due to excessive query volume at the dnsbl. Install and
>use a local resolver like unbound, knot, bind and use nameserver
>127.0.0.1 in /etc/resolv.conf
>>
>>
>>regards
>>
>>Mauri
>>
>>
>>
>>
>
>--
>Christian Kivalo

--
Christian Kivalo
Reply | Threaded
Open this post in threaded view
|

Re: AW: warning: dnsblog_query lookup error

Wietse Venema
In reply to this post by Maurizio Caloro-2
Maurizio Caloro:
> >>You should not use public dns servers to query dnsbls as they are likely blocked due to excessive query volume at the dnsbl. Install and use >>a local resolver like unbound, knot, bind and use nameserver 127.0.0.1 in /etc/resolv.conf
>
> root@nmail:/etc/postfix# cat /etc/resolv.conf
> nameserver 127.0.0.1
> nameserver 8.8.8.8 <<=== THIS IS A PUBLIC DNS SERVER

You should not use public dns servers to query dnsbls.

        Wietse
Reply | Threaded
Open this post in threaded view
|

Re: warning: dnsblog_query lookup error

Matus UHLAR - fantomas
In reply to this post by Christian Kivalo
>On April 8, 2021 8:29:09 AM GMT+02:00, Maurizio Caloro <[hidden email]> wrote:
>>I have the issue with mail from Outlook, or Hotmail this Warning appair
>>and the mail don't deliver to me.

>>Apr  8 08:04:24  ail postfix/dnsblog[7379]: warning: dnsblog_query: lookup
>>error for DNS query 109.75.92.40.list.dnswl.org: Host or domain name not
>>found.  Name service error for name=109.75.92.40.list.dnswl.org type=A:
>>Host not found, try again

>>root@nmail:/etc/postfix# cat /etc/resolv.conf
>>
>>nameserver 8.8.8.8
>>
>>nameserver 46.38.225.230

On 08.04.21 09:01, Christian Kivalo wrote:
>You should not use public dns servers to query dnsbls as they are likely
> blocked due to excessive query volume at the dnsbl.  Install and use a
> local resolver like unbound, knot, bind and use nameserver 127.0.0.1 in
> /etc/resolv.conf

in addition to this, you can whitelist outlook's IP ranges at postscreen
level, as they "likely" aren't what postscreen is supposed to stop - bots.

--
Matus UHLAR - fantomas, [hidden email] ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
10 GOTO 10 : REM (C) Bill Gates 1998, All Rights Reserved!
Reply | Threaded
Open this post in threaded view
|

Re: warning: dnsblog_query lookup error

Benny Pedersen-2
On 2021-04-08 14:16, Matus UHLAR - fantomas wrote:

> in addition to this, you can whitelist outlook's IP ranges at
> postscreen
> level, as they "likely" aren't what postscreen is supposed to stop -
> bots.

there is bots at microsoft, there servers try port 465, and 587
randomly, no mta would do this

Reply | Threaded
Open this post in threaded view
|

Re: warning: dnsblog_query lookup error

Matus UHLAR - fantomas
>On 2021-04-08 14:16, Matus UHLAR - fantomas wrote:
>>in addition to this, you can whitelist outlook's IP ranges at
>>postscreen
>>level, as they "likely" aren't what postscreen is supposed to stop -
>>bots.

On 08.04.21 15:31, Benny Pedersen wrote:
>there is bots at microsoft, there servers try port 465, and 587
>randomly, no mta would do this

no sane person runs postscreen at 465/587 ports.

--
Matus UHLAR - fantomas, [hidden email] ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Windows found: (R)emove, (E)rase, (D)elete
Reply | Threaded
Open this post in threaded view
|

Re: warning: dnsblog_query lookup error

Benny Pedersen-2
On 2021-04-08 15:56, Matus UHLAR - fantomas wrote:

>> On 2021-04-08 14:16, Matus UHLAR - fantomas wrote:
>>> in addition to this, you can whitelist outlook's IP ranges at
>>> postscreen
>>> level, as they "likely" aren't what postscreen is supposed to stop -
>>> bots.
>
> On 08.04.21 15:31, Benny Pedersen wrote:
>> there is bots at microsoft, there servers try port 465, and 587
>> randomly, no mta would do this
>
> no sane person runs postscreen at 465/587 ports.

it does not change abusers ips
Reply | Threaded
Open this post in threaded view
|

Re: warning: dnsblog_query lookup error

Rob McGee
On 2021-04-08 09:12, Benny Pedersen wrote:

> On 2021-04-08 15:56, Matus UHLAR - fantomas wrote:
>>> On 2021-04-08 14:16, Matus UHLAR - fantomas wrote:
>>>> in addition to this, you can whitelist outlook's IP ranges at
>>>> postscreen
>>>> level, as they "likely" aren't what postscreen is supposed to stop -
>>>> bots.
>>
>> On 08.04.21 15:31, Benny Pedersen wrote:
>>> there is bots at microsoft, there servers try port 465, and 587
>>> randomly, no mta would do this
>>
>> no sane person runs postscreen at 465/587 ports.
>
> it does not change abusers ips

Whitelisting in postscreen only affects postscreen itself, not any other
ports nor services.

http://www.postfix.org/postconf.5.html#postscreen_access_list
--
   http://rob0.nodns4.us/
Reply | Threaded
Open this post in threaded view
|

Re: warning: dnsblog_query lookup error

Benny Pedersen-2
On 2021-04-08 18:22, Rob McGee wrote:

> Whitelisting in postscreen only affects postscreen itself, not any
> other
> ports nor services.
>
> http://www.postfix.org/postconf.5.html#postscreen_access_list

fail2ban can make cidr list used in postscreen based on abuse on port
other then port 25, wake up :=)

i had just hoped auth BL would be part of postfix itself

block ip if same ip abuse auth only ports

postscreen could do this aswell without any help from outside tools, but
current not supported, this does not mean its bad idea

and yes i know how to monitor it in shorewall without giving accept to
that ip trying

if anyone is willing to make c code to postfix it basicly SASL AUTH
Blacklist so postscreen can use this ip list to active block port 25
clients

never mind i do this in shorewall where i have no custommers now
Reply | Threaded
Open this post in threaded view
|

Re: warning: dnsblog_query lookup error

Wietse Venema
Benny Pedersen:
> if anyone is willing to make c code to postfix it basicly SASL AUTH
> Blacklist so postscreen can use this ip list to active block port 25
> clients

Use something like fail2ban to update an lmdb-based postscreen_access_list,
or to update an rbldns service. No Postfix changes needed.

        Wietse
Reply | Threaded
Open this post in threaded view
|

Re: warning: dnsblog_query lookup error

@lbutlr
In reply to this post by Benny Pedersen-2
On 08 Apr 2021, at 07:31, Benny Pedersen <[hidden email]> wrote:
> On 2021-04-08 14:16, Matus UHLAR - fantomas wrote:
>> in addition to this, you can whitelist outlook's IP ranges at postscreen
>> level, as they "likely" aren't what postscreen is supposed to stop - bots.
>
> there is bots at microsoft, there servers try port 465, and 587 randomly, no mta would do this

I can think of at least one seemingly very obvious reason why a company that deals in a lot of email like Microsoft or Google would be occasionally scanning servers 587 and 465 ports.

Premature blacklisting of servers that allow open submission.

--
Professor falls into a hole
        (Raiders of the Lost Ark)