RBL timing out {Scanned by WPPi.Net}

Tue Dec 23 22:27:25 GMT 2003

If that were true and a complete picture of your dns setup, then you would
have to explicitely add dns servers for every site that you browse to -
therefore I suspect you're confused about your own setup.  Anything's
possible of course...

I'm betting that you currently allow your dns servers to either:
        1) connect to any other server for dns queries
        or
        2) connect to a couple of ISP dns servers that do recursive queries
for you.

You didn't answer the question of whether your system is its own DNS server
(ie /etc/resolv.conf contains only one nameserver entry and that entry lists
the system's own ip address), but what it comes down to is that you just
need to be able to do dns lookups from this system and whatever DNS server
you query must in turn be able to query the RBL zones that you want to use.
Once that's working, you'll be good to go.

Typical set-up for most firewalled companies would be:

Mailscanner
|
|
V
Internal DNS server
|
|
V
-------- Firewall / Access Lists ----------
|
|
V
ISP DNS servers
|
|
V
RBL DNS servers

In that set-up, your internal dns server only needs network access to the
ISP dns servers, which handle the query against the RBL name servers on your
behalf.

What "nameserver" lines do you have in your /etc/resolv.conf?  Localhost,
internal dns servers, or isp dns servers?

--
Trever

> -----Original Message-----
> From: SW [mailto:wppiphoto at wppi.com]
> Sent: Tuesday, December 23, 2003 4:46 PM
> To: MAILSCANNER at JISCMAIL.AC.UK
> Subject: Re: RBL timing out {Scanned by WPPi.Net}
>
>
> Matt,
>
> Our firewall blocks entire IP blocks with no traffic
> coming-in or going-out.
> DNS is premitted to go out but only to those IP blocks which are not
> blocked. The only way I see I can get RBL to work is by
> inputting an IP
> address/range for the ORDB-RBL servers that mailscanner/spamassassin
> contact.
>
> Thanks,
>
> SW
> ----- Original Message -----
> From: "Matt Kettler" <mkettler at EVI-INC.COM>
> To: <MAILSCANNER at JISCMAIL.AC.UK>
> Sent: Tuesday, December 23, 2003 4:20 PM
> Subject: Re: RBL timing out {Scanned by WPPi.Net}
>
>
> At 04:08 PM 12/23/2003, SW wrote:
> >I'm trying to figure out what ip address and port(s) I need
> to open up on
> my
> >firewall to allow the use of ORDB-RBL w/ Mailscanner and
> spamassassin:
> >
> >MailScanner: RBL Check ORDB-RBL timed out and was killed, consecutive
> >failure 1 of 7
>
> It's a DNS query. You need to be able to do DNS resolution.
>
> If your MS/SA machine is it's own resolving server, then it
> needs to be
> able to query to arbitrary DNS servers.
>
> If your MS/SA machine uses another server for resolution it
> needs to be
> able to talk to that DNS server, and that DNS server needs to
> be able to
> talk to query DNS servers.
>
> You can tell what machine is being used as a resolver by looking at
> /etc/resolv.conf. A machine that's it's own resolver will
> have "localhost"
>
>
>
>
>
> WPPi.com & WPPi.Net MailScanner Signature
> This message has been scanned for viruses
> and dangerous content by MailScanner, and
> is believed to be clean.
> -----------------------------------------
>