warning: dnsblog_query lookup error
Locked
warning: dnsblog_query lookup error
 
|
Hello I have the issue with mail from Outlook, or Hotmail this Warning appair and the mail don’t deliver to me. Apr 8 08:04:24 ail postfix/dnsblog[7379]: warning: dnsblog_query: lookup error for DNS query 109.75.92.40.list.dnswl.org: Host or domain name not found. Name service error for name=109.75.92.40.list.dnswl.org type=A: Host not found, try again Apr 8 08:23:10 ail postfix/dnsblog[7943]: warning: dnsblog_query: lookup error for DNS query 42.89.92.40.list.dnswl.org: Host or domain name not found. Name service error for name=42.89.92.40.list.dnswl.org type=A: Host not found, try again postscreen_dnsbl_sites = zen.spamhaus.org*3 b.barracudacentral.org*2 bl.spameatingmonkey.net*2 bl.spamcop.net dnsbl.sorbs.net psbl.surriel.com bl.mailspike.net list.dnswl.org=127.0.[0..255].0*-2 list.dnswl.org=127.0.[0..255].1*-3 list.dnswl.org=127.0.[0..255].[2..3]*-4 root@nmail:/etc/postfix# ping 42.89.92.40 PING 42.89.92.40 (42.89.92.40) 56(84) bytes of data. 181 packets transmitted, 0 received, 100% packet loss, time 482ms root@nmail:/etc/postfix# cat /etc/resolv.conf nameserver 8.8.8.8 nameserver 46.38.225.230 regards Mauri |
Re: warning: dnsblog_query lookup error
|
|
On April 8, 2021 8:29:09 AM GMT+02:00, Maurizio Caloro <[hidden email]> wrote: >Hello > >I have the issue with mail from Outlook, or Hotmail this Warning appair >and >the mail don't deliver to me. > > > >Apr 8 08:04:24 ail postfix/dnsblog[7379]: warning: dnsblog_query: >lookup >error for DNS query 109.75.92.40.list.dnswl.org: Host or domain name >not >found. Name service error for name=109.75.92.40.list.dnswl.org type=A: >Host >not found, try again > > > >Apr 8 08:23:10 ail postfix/dnsblog[7943]: warning: dnsblog_query: >lookup >error for DNS query 42.89.92.40.list.dnswl.org: Host or domain name not >found. Name service error for name=42.89.92.40.list.dnswl.org type=A: >Host >not > >found, try again > > > >postscreen_dnsbl_sites = zen.spamhaus.org*3 > > b.barracudacentral.org*2 > > bl.spameatingmonkey.net*2 > > bl.spamcop.net > > dnsbl.sorbs.net > > psbl.surriel.com > > bl.mailspike.net > > list.dnswl.org=127.0.[0..255].0*-2 > > list.dnswl.org=127.0.[0..255].1*-3 > > list.dnswl.org=127.0.[0..255].[2..3]*-4 > > > >root@nmail:/etc/postfix# ping 42.89.92.40 > >PING 42.89.92.40 (42.89.92.40) 56(84) bytes of data. > >181 packets transmitted, 0 received, 100% packet loss, time 482ms > > > >root@nmail:/etc/postfix# cat /etc/resolv.conf > >nameserver 8.8.8.8 > >nameserver 46.38.225.230 > > >regards > >Mauri > > > > -- Christian Kivalo |
AW: warning: dnsblog_query lookup error
|
|
>>You should not use public dns servers to query dnsbls as they are likely blocked due to excessive query volume at the dnsbl. Install and use >>a local resolver like unbound, knot, bind and use nameserver 127.0.0.1 in /etc/resolv.conf
root@nmail:/etc/postfix# cat /etc/resolv.conf nameserver 127.0.0.1 nameserver 8.8.8.8 Please I can ping everything ...... root@nmail:/etc/postfix# ping 42.89.92.40 PING 42.89.92.40 (42.89.92.40) 56(84) bytes of data. 16 packets transmitted, 0 received, 100% packet loss, time 354ms root@nmail:/etc/postfix# ping 109.75.92.40 PING 109.75.92.40 (109.75.92.40) 56(84) bytes of data. 3 packets transmitted, 0 received, 100% packet loss, time 27ms Thanks Mauri -----Ursprüngliche Nachricht----- Von: [hidden email] <[hidden email]> Im Auftrag von Christian Kivalo Gesendet: Donnerstag, 8. April 2021 09:02 An: [hidden email] Betreff: Re: warning: dnsblog_query lookup error On April 8, 2021 8:29:09 AM GMT+02:00, Maurizio Caloro <[hidden email]> wrote: >Hello > >I have the issue with mail from Outlook, or Hotmail this Warning appair >and the mail don't deliver to me. >cat /etc > > >Apr 8 08:04:24 ail postfix/dnsblog[7379]: warning: dnsblog_query: >lookup >error for DNS query 109.75.92.40.list.dnswl.org: Host or domain name >not found. Name service error for name=109.75.92.40.list.dnswl.org >type=A: >Host >not found, try again > > > >Apr 8 08:23:10 ail postfix/dnsblog[7943]: warning: dnsblog_query: >lookup >error for DNS query 42.89.92.40.list.dnswl.org: Host or domain name not >found. Name service error for name=42.89.92.40.list.dnswl.org type=A: >Host >not > >found, try again > > > >postscreen_dnsbl_sites = zen.spamhaus.org*3 > > b.barracudacentral.org*2 > > bl.spameatingmonkey.net*2 > > bl.spamcop.net > > dnsbl.sorbs.net > > psbl.surriel.com > > bl.mailspike.net > > list.dnswl.org=127.0.[0..255].0*-2 > > list.dnswl.org=127.0.[0..255].1*-3 > > list.dnswl.org=127.0.[0..255].[2..3]*-4 > > > >root@nmail:/etc/postfix# ping 42.89.92.40 > >PING 42.89.92.40 (42.89.92.40) 56(84) bytes of data. > >181 packets transmitted, 0 received, 100% packet loss, time 482ms > > > >root@nmail:/etc/postfix# cat /etc/resolv.conf > >nameserver 8.8.8.8 > >nameserver 46.38.225.230 > > >regards > >Mauri > > > > -- Christian Kivalo |
Re: warning: dnsblog_query lookup error
|
|
On April 8, 2021 9:10:04 AM GMT+02:00, Maurizio Caloro <[hidden email]> wrote: >>>You should not use public dns servers to query dnsbls as they are >likely blocked due to excessive query volume at the dnsbl. Install and >use >>a local resolver like unbound, knot, bind and use nameserver >127.0.0.1 in /etc/resolv.conf > >root@nmail:/etc/postfix# cat /etc/resolv.conf >nameserver 127.0.0.1 >nameserver 8.8.8.8 > >Please I can ping everything ...... > >root@nmail:/etc/postfix# ping 42.89.92.40 >PING 42.89.92.40 (42.89.92.40) 56(84) bytes of data. >16 packets transmitted, 0 received, 100% packet loss, time 354ms > >root@nmail:/etc/postfix# ping 109.75.92.40 >PING 109.75.92.40 (109.75.92.40) 56(84) bytes of data. >3 packets transmitted, 0 received, 100% packet loss, time 27ms Try the query directly. I'm only using a local unbound on this server for name resolution. This is what I get: valo:~ $ dig 109.75.92.40.list.dnswl.org +short 127.0.3.0 valo:~ $ >Thanks >Mauri >-----Ursprüngliche Nachricht----- >Von: [hidden email] <[hidden email]> >Im Auftrag von Christian Kivalo >Gesendet: Donnerstag, 8. April 2021 09:02 >An: [hidden email] >Betreff: Re: warning: dnsblog_query lookup error > > > >On April 8, 2021 8:29:09 AM GMT+02:00, Maurizio Caloro ><[hidden email]> wrote: >>Hello >> >>I have the issue with mail from Outlook, or Hotmail this Warning >appair >>and the mail don't deliver to me. >>cat /etc >> >> >>Apr 8 08:04:24 ail postfix/dnsblog[7379]: warning: dnsblog_query: >>lookup >>error for DNS query 109.75.92.40.list.dnswl.org: Host or domain name >>not found. Name service error for name=109.75.92.40.list.dnswl.org >>type=A: >>Host >>not found, try again >> >> >> >>Apr 8 08:23:10 ail postfix/dnsblog[7943]: warning: dnsblog_query: >>lookup >>error for DNS query 42.89.92.40.list.dnswl.org: Host or domain name >not >>found. Name service error for name=42.89.92.40.list.dnswl.org type=A: >>Host >>not >> >>found, try again >> >> >> >>postscreen_dnsbl_sites = zen.spamhaus.org*3 >> >> b.barracudacentral.org*2 >> >> bl.spameatingmonkey.net*2 >> >> bl.spamcop.net >> >> dnsbl.sorbs.net >> >> psbl.surriel.com >> >> bl.mailspike.net >> >> list.dnswl.org=127.0.[0..255].0*-2 >> >> list.dnswl.org=127.0.[0..255].1*-3 >> >> list.dnswl.org=127.0.[0..255].[2..3]*-4 >> >> >> >>root@nmail:/etc/postfix# ping 42.89.92.40 >> >>PING 42.89.92.40 (42.89.92.40) 56(84) bytes of data. >> >>181 packets transmitted, 0 received, 100% packet loss, time 482ms >> >> >> >>root@nmail:/etc/postfix# cat /etc/resolv.conf >> >>nameserver 8.8.8.8 >> >>nameserver 46.38.225.230 >You should not use public dns servers to query dnsbls as they are >likely blocked due to excessive query volume at the dnsbl. Install and >use a local resolver like unbound, knot, bind and use nameserver >127.0.0.1 in /etc/resolv.conf >> >> >>regards >> >>Mauri >> >> >> >> > >-- >Christian Kivalo -- Christian Kivalo |
Re: AW: warning: dnsblog_query lookup error
|
|
In reply to this post by Maurizio Caloro-2
Maurizio Caloro:
> >>You should not use public dns servers to query dnsbls as they are likely blocked due to excessive query volume at the dnsbl. Install and use >>a local resolver like unbound, knot, bind and use nameserver 127.0.0.1 in /etc/resolv.conf > > root@nmail:/etc/postfix# cat /etc/resolv.conf > nameserver 127.0.0.1 > nameserver 8.8.8.8 <<=== THIS IS A PUBLIC DNS SERVER You should not use public dns servers to query dnsbls. Wietse |
Re: warning: dnsblog_query lookup error
|
|
In reply to this post by Christian Kivalo
>On April 8, 2021 8:29:09 AM GMT+02:00, Maurizio Caloro <[hidden email]> wrote:
>>I have the issue with mail from Outlook, or Hotmail this Warning appair >>and the mail don't deliver to me. >>Apr 8 08:04:24 ail postfix/dnsblog[7379]: warning: dnsblog_query: lookup >>error for DNS query 109.75.92.40.list.dnswl.org: Host or domain name not >>found. Name service error for name=109.75.92.40.list.dnswl.org type=A: >>Host not found, try again >>root@nmail:/etc/postfix# cat /etc/resolv.conf >> >>nameserver 8.8.8.8 >> >>nameserver 46.38.225.230 On 08.04.21 09:01, Christian Kivalo wrote: >You should not use public dns servers to query dnsbls as they are likely > blocked due to excessive query volume at the dnsbl. Install and use a > local resolver like unbound, knot, bind and use nameserver 127.0.0.1 in > /etc/resolv.conf in addition to this, you can whitelist outlook's IP ranges at postscreen level, as they "likely" aren't what postscreen is supposed to stop - bots. -- Matus UHLAR - fantomas, [hidden email] ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. 10 GOTO 10 : REM (C) Bill Gates 1998, All Rights Reserved! |
Re: warning: dnsblog_query lookup error
|
|
On 2021-04-08 14:16, Matus UHLAR - fantomas wrote:
> in addition to this, you can whitelist outlook's IP ranges at > postscreen > level, as they "likely" aren't what postscreen is supposed to stop - > bots. there is bots at microsoft, there servers try port 465, and 587 randomly, no mta would do this |
Re: warning: dnsblog_query lookup error
|
|
>On 2021-04-08 14:16, Matus UHLAR - fantomas wrote:
>>in addition to this, you can whitelist outlook's IP ranges at >>postscreen >>level, as they "likely" aren't what postscreen is supposed to stop - >>bots. On 08.04.21 15:31, Benny Pedersen wrote: >there is bots at microsoft, there servers try port 465, and 587 >randomly, no mta would do this no sane person runs postscreen at 465/587 ports. -- Matus UHLAR - fantomas, [hidden email] ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Windows found: (R)emove, (E)rase, (D)elete |
Re: warning: dnsblog_query lookup error
|
|
On 2021-04-08 15:56, Matus UHLAR - fantomas wrote:
>> On 2021-04-08 14:16, Matus UHLAR - fantomas wrote: >>> in addition to this, you can whitelist outlook's IP ranges at >>> postscreen >>> level, as they "likely" aren't what postscreen is supposed to stop - >>> bots. > > On 08.04.21 15:31, Benny Pedersen wrote: >> there is bots at microsoft, there servers try port 465, and 587 >> randomly, no mta would do this > > no sane person runs postscreen at 465/587 ports. it does not change abusers ips |
|
|
On 2021-04-08 09:12, Benny Pedersen wrote:
> On 2021-04-08 15:56, Matus UHLAR - fantomas wrote: >>> On 2021-04-08 14:16, Matus UHLAR - fantomas wrote: >>>> in addition to this, you can whitelist outlook's IP ranges at >>>> postscreen >>>> level, as they "likely" aren't what postscreen is supposed to stop - >>>> bots. >> >> On 08.04.21 15:31, Benny Pedersen wrote: >>> there is bots at microsoft, there servers try port 465, and 587 >>> randomly, no mta would do this >> >> no sane person runs postscreen at 465/587 ports. > > it does not change abusers ips Whitelisting in postscreen only affects postscreen itself, not any other ports nor services. http://www.postfix.org/postconf.5.html#postscreen_access_list -- http://rob0.nodns4.us/ |
Re: warning: dnsblog_query lookup error
|
|
On 2021-04-08 18:22, Rob McGee wrote:
> Whitelisting in postscreen only affects postscreen itself, not any > other > ports nor services. > > http://www.postfix.org/postconf.5.html#postscreen_access_list fail2ban can make cidr list used in postscreen based on abuse on port other then port 25, wake up :=) i had just hoped auth BL would be part of postfix itself block ip if same ip abuse auth only ports postscreen could do this aswell without any help from outside tools, but current not supported, this does not mean its bad idea and yes i know how to monitor it in shorewall without giving accept to that ip trying if anyone is willing to make c code to postfix it basicly SASL AUTH Blacklist so postscreen can use this ip list to active block port 25 clients never mind i do this in shorewall where i have no custommers now |
Re: warning: dnsblog_query lookup error
|
|
Benny Pedersen:
> if anyone is willing to make c code to postfix it basicly SASL AUTH > Blacklist so postscreen can use this ip list to active block port 25 > clients Use something like fail2ban to update an lmdb-based postscreen_access_list, or to update an rbldns service. No Postfix changes needed. Wietse |
|
|
In reply to this post by Benny Pedersen-2
On 08 Apr 2021, at 07:31, Benny Pedersen <[hidden email]> wrote:
> On 2021-04-08 14:16, Matus UHLAR - fantomas wrote: >> in addition to this, you can whitelist outlook's IP ranges at postscreen >> level, as they "likely" aren't what postscreen is supposed to stop - bots. > > there is bots at microsoft, there servers try port 465, and 587 randomly, no mta would do this I can think of at least one seemingly very obvious reason why a company that deals in a lot of email like Microsoft or Google would be occasionally scanning servers 587 and 465 ports. Premature blacklisting of servers that allow open submission. -- Professor falls into a hole (Raiders of the Lost Ark) |
«
Return to Postfix Users
|
1 view|%1 views
| Free forum by Nabble | Edit this page |