How to install dnsmasq/other caching nameserver for Spamassassin when server host DNS gets "query to URIBL was blocked"
Posted: Fri Dec 08, 2017 8:04 pm
Greetings,
I have been running a Vesta CP install for many years and I'm very happy with it, thank you for this great software. My issue is actually with my server's host – since I use OVH, Spamassassin usually returns the result "ADMINISTRATOR NOTICE: The query to URIBL was blocked" because Vesta's DNS has to use OVH's DNS server (or another high-volume DNS server such as Google's) and these overload the URIBL servers and get blocked after a certain amount of queries:
https://wiki.apache.org/spamassassin/Dn ... nsbl-block
As a result of this I have a terrible amount of spam because Spamassassin can never query the blacklist servers and the email addresses used have been around for a while. At the link above, Spamassassin recommends using a caching DNS server to get around this problem of having queries refused. I have tried a couple of times to install dnsmasq, but both installs have ended up with my server ending up with no DNS at all, so I thought I should come here and just ask for help with it.
The last steps I followed to attempt to install DNSMasq today are these ones:
https://www.techrepublic.com/article/ho ... nd-server/
The very brief version of these instructions for CentOS:
in /etc/dnsmasq.conf:
in /etc/resolv.dnsmasq:
in /etc/resolv.conf:
This ended up with being able to run successfully but when I eventually ran I always received the result
When I ran it was named that had an existing binding to 127.0.0.1:53. I have the feeling I may be running up against something important about Vesta's DNS service and/or the way it combines with OVH or CentOS 6.9, so I'm not sure how to proceed. I have reverted to Vesta's default behavior (everything works normally again and I have a clean slate to try new fixes, but my spam issue remains unaddressed) and I'd be very appreciative for some guidance on how to set up a caching DNS service so I can resume making successful connections to Spamassassin blacklist servers. I am using CentOS 6.9.
Based on the following posts which all report being blocked from using the Spamassassin blacklists due to the use of a host DNS or Google's DNS, and which are all unsolved:
viewtopic.php?f=12&t=14674
viewtopic.php?f=12&t=10713
viewtopic.php?f=12&t=15109
I think that this is not an uncommon administrative issue for a Vesta install with Spamassassin, CentOS 6.x, and large server host (or a desire to use Google's DNS, which should be possible as a choice if the host DNS doesn't perform well or has other issues). Being able to run a local caching DNS server is also useful for other applications. Thank you for your help!
I have been running a Vesta CP install for many years and I'm very happy with it, thank you for this great software. My issue is actually with my server's host – since I use OVH, Spamassassin usually returns the result "ADMINISTRATOR NOTICE: The query to URIBL was blocked" because Vesta's DNS has to use OVH's DNS server (or another high-volume DNS server such as Google's) and these overload the URIBL servers and get blocked after a certain amount of queries:
https://wiki.apache.org/spamassassin/Dn ... nsbl-block
As a result of this I have a terrible amount of spam because Spamassassin can never query the blacklist servers and the email addresses used have been around for a while. At the link above, Spamassassin recommends using a caching DNS server to get around this problem of having queries refused. I have tried a couple of times to install dnsmasq, but both installs have ended up with my server ending up with no DNS at all, so I thought I should come here and just ask for help with it.
The last steps I followed to attempt to install DNSMasq today are these ones:
https://www.techrepublic.com/article/ho ... nd-server/
The very brief version of these instructions for CentOS:
Code: Select all
sudo yum install dnsmasq
sudo groupadd -r dnsmasq
sudo useradd -r -g dnsmasq dnsmasq
Code: Select all
listen-address=127.0.0.1
port=53
bind-interfaces
user=dnsmasq
group=dnsmasq
pid-file=/var/run/dnsmasq.pid
domain-needed
bogus-priv
no-hosts
dns-forward-max=150
cache-size=1000
no-negcache
neg-ttl=3600
resolv-file=/etc/resolv.dnsmasq
no-poll
Code: Select all
nameserver (the IP address of the real external DNS server)
Code: Select all
nameserver 127.0.0.1
Code: Select all
dnsmasq --test
Code: Select all
service dnsmasq restart
Code: Select all
dnsmasq: failed to create listening socket for port 53: Address already in use [fail]
Code: Select all
netstat -anlp | grep -w LISTEN
Based on the following posts which all report being blocked from using the Spamassassin blacklists due to the use of a host DNS or Google's DNS, and which are all unsolved:
viewtopic.php?f=12&t=14674
viewtopic.php?f=12&t=10713
viewtopic.php?f=12&t=15109
I think that this is not an uncommon administrative issue for a Vesta install with Spamassassin, CentOS 6.x, and large server host (or a desire to use Google's DNS, which should be possible as a choice if the host DNS doesn't perform well or has other issues). Being able to run a local caching DNS server is also useful for other applications. Thank you for your help!