W2K8 DNS errors; false positives with spamcop, sorbs, yahoo - ORF Forums

W2K8 DNS errors; false positives with spamcop, sorbs, yahoo RSS Back to forum

1

Hi. I've got a few annoying issues and looking for some expert advice. Running W2K8 SP2, E2K10, ORF 5.1, all fully patched up to date.

1. Seeing a ton of "DNS error. Test: "DNSBL: SPAMHAUS-ZEN", server: "192.168.1.8", domain: "11.63.39.216.zen.spamhaus.org", record type: A, protocol: UDP. DNS timeout error." in the logs. Recently disabled eDNS and increased MaxCacheTTL to 172800 per previous posts that I've read. Appears to have helped, but still not perfect.

1a. Occasionally I'll see "Because of problems with using DNS server 192.168.1.8, subsequent lookups will be performed using DNS server 192.168.1.7". Both are W2K8 SP2 servers.

2. Yahoo email appears to be getting more frequently blacklisted, mostly by Spamcop and sometimes by SORBS, to the point where we're getting too many false positives. I've got the auto-sender-whitelist set to 6 months, but it's a CPA office, so we sometimes talk to people only every 12 months (If 12 was an option, that would be ideal). I'm whitelisting nearly every Yahoo email, which is becoming a lot of work.

I'd like to remove Spamcop and SORBS from filtering if I can get Spamhaus to work without DNS errors. Based on the stats, SORBS can be removed with a marginal affect on filtering, but Spamcop is still catching a lot. Looking forward to some ideas on how I can fix and optimize things. Thanks.


by Jeff Zell 5 years ago
2

@Jeff Zell: 1: Does your local DNS server has any public forwarders configured? See http://vamsoft.com/r?o-hto-adm-dns

Another user reported similar problems with a Windows 2008 DNS server and clearing the DNS cache solved the problem in that case. Unfortunately, it had to be done periodically. Later, he upgraded to 2008 R2 and installed this hotfix:

http://support.microsoft.com/kb/2508835

and that solved the problem for good.

1a: if ORF detects that lookups often fail using a DNS server, it will fall back to another automatically (if you have multiple DNS servers set).

2: does SORBS have the 127.0.0.6 and 127.0.0.10 actions enabled (Administration Tool: Blacklists / DNS Blacklist, double-click SORBS, SMTP actions tab)? If so, I recommend disabling them.

by Krisztián Fekete (Vamsoft) 5 years ago
(in reply to this post)

3

Hi Peter,

No public forwarders, SORBS does not have 127.0.0.6 and .10 enabled, servers are local; these have been this way for months/years. DNS cache was cleared just now.

The patch says it applies to W2K8 R2 RTM and SP1. Has this been tested on SP2? Or is it included with SP2?

by Jeff Zell 5 years ago
4

@Jeff Zell: I do not know... I suspect a DNS related problem, though you might want to contact Spamhaus regarding this to find out why their servers do not respond. There most common cause is using public forwarders or a non-public forwarder which uses public forwarders: if any upstream DNS server relies on such public servers, the query will fail.

by Krisztián Fekete (Vamsoft) 5 years ago
(in reply to this post)

5

The dns.exe file in SP2 has a later date than that patch, so I'm going to assume that fix is already applied.

I found an email for Spamhaus, but I doubt I'll get a reply. There's no forums or boards or newsgroup that I could find, maybe you know of one. They seem to hide themselves rather well, I'd really like a business model like that!

After reading through the Spamhaus FAQs, I think they may have the server's IP listed as a commercial customer subject to the $250/yr subscription. The site talks about how they'll block inquiries without notice if you're deemed a commercial user; we don't meet their criteria, but maybe we got listed somehow. I turned off Spamhaus for now and enabled Spamrats until I can get an answer.

Thanks for your help.

by Jeff Zell 5 years ago

New comment

Fill in the form below to add a new comment. All fields are required. If you are a registered user on our site, please sign in first.

It will not be published.
hnp1 | hnp2