DNS Blacklist just not working

hcl-bot · April 24, 2005, 1:50pm

I think I tried everything but…

Domino Server 6.5.4. (Didn’t work on 6.5.3 either) / Windows Server 2003

Here is what I did…

[All Servers] Configuration Document

DNS Blackfilter Enabled

DNS Blacklist Sites sbl.spamhaus.org ; dnsbl.sorbs.net ; bl.spamcop.net ; opm.blitzed.org

Desired action log & reject messages

Testmail to: nelson-sbl-test@crynwr.com = Uh-oh, your SBL block is not working!

Misc Events Server Log

Performing DNSBL filter lookup for 107.178.203.192.sbl.spamhaus.org

DNSBL filter lookup returned status: No address associated with name

Performing DNSBL filter lookup for 107.178.203.192.dnsbl.sorbs.net

DNSBL filter lookup returned status: No address associated with name

Performing DNSBL filter lookup for 107.178.203.192.bl.spamcop.net

DNSBL filter lookup returned status: No address associated with name

Performing DNSBL filter lookup for 107.178.203.192.opm.blitzed.org

DNSBL filter lookup returned status: No address associated with name

107.178.203.192 is NOT my firewall

command prompt nslookup 107.178.203.192.sbl.spamhaus.org on the Domino Server

=

Server: xxxxx.xxxxxx.com

Address: xxx.xxx.xxx.xxxx

Name: 107.178.203.192.sbl.spamhaus.org

Address: 127.0.0.2

I think this is how it should look like => Isn’t it?

Domino Server Console: trace 107.178.203.192.sbl.spamhaus.org

=

Determining path to server 107.178.203.192.SBL.SPAMHAUS.ORG

Available Ports: TCPIP

Checking normal priority connection documents only…

Allowing wild card connection documents…

Enabling name service requests and probes…

Checking for 107.178.203.192.SBL.SPAMHAUS.ORG on TCPIP using address ‘107.178.203.192.SBL.SPAMHAUS.ORG’

Requesting IP Address for 107.178.203.192.SBL.SPAMHAUS.ORG from DNS

DNS returned address 127.0.0.2 for 107.178.203.192.SBL.SPAMHAUS.ORG

Connected to the wrong server xxx/xxx using address 107.178.203.192.SBL.SPAMHAUS.ORG

Unable to connect to 107.178.203.192.SBL.SPAMHAUS.ORG on TCPIP (Connection denied. The server you connected to has a different name from the one requested.)

Checking low and normal priority connection documents…

No default passthru server defined

Unable to find any path to 107.178.203.192.SBL.SPAMHAUS.ORG because Unable to find path to server

The DNS lookup was successful. Even on the Server console…

Why isn’t it working? Has anyone an idea? Would be great if someone could help me… (Already quite desperate )

Thank you in advance

Michel Compagnoni

hcl-bot · April 26, 2005, 5:18am

Subject: DNS Blacklist just not working

192.203.178.107 is Crynwr’s test server which is listed in the SBL and should cause a hit on any system protected by sbl.spamhaus.org

You seem to have done everything right - you are using log and reject as the blacklist action, right?

The only apparent difference between your setup and mine is the server OS. We have Win2K here. I wonder if that is a clue?

Whose name servers are you querying for DNSBL lookups?

hcl-bot · April 26, 2005, 4:56pm

Subject: RE: DNS Blacklist just not working

You seem to have done everything right - > you are using log and reject as the blacklist

action, right?

Yes

The only apparent difference between your

setup and mine is the server OS. We have Win2K

here. I wonder if that is a clue?

That might be. I will install a test server on a XP machine and try it there. Probably that will solve the mystery.

Whose name servers are you querying for DNSBL

lookups?

sbl.spamhaus.org ; dnsbl.sorbs.net ; bl.spamcop.net ; opm.blitzed.org

Thank you for your help.

Michel Compagnoni

hcl-bot · April 2, 2007, 1:57pm

Subject: RE: DNS Blacklist just not working

At the end I found a rather extreme solution to my problem… Only a solution for small companies!

Setup a new Lotus Domino Server 7.0.2 (first server or standalone). The setup routine creates a new names.nsf. Replace the existing names.nsf with the new one. Copy all relevant documents to the new names.nsf.

I restarted the server and it worked like a charm.

Who notes what the problem was???

I have to assume that ‘something’ within the names.nsf was just not the way it was supposed to be. (This server was updated from R5 to R6 to R7). I copied the same server documents from the old names.nsf therefore it was not the documents…

hcl-bot · September 18, 2008, 3:21pm

Subject: RE: DNS Blacklist just not working

Hello MichelI have the same problem on my Domino R.6.5.4 intl (updated from R4, than R5).

Everything is OK in the DNS Blacklist config. Also, the DNS reverse Lookup works but not the DNS Blacklist!!

You said you changed the names from a clean 7.0.2, I suppose after the migration from R6.x to R7.0.2, right?

Never tried to do this with R.6.5.4?

What about to create a new db from the Pubnames NTF? I cannot see advantages to create it from a new setup…

Also may be useful to create the Db with the same Replica ID, to avoid replica problems with server and clients…

If you read this post… try to give me your opinion.

Thanks Gian Paolo

hcl-bot · September 22, 2008, 8:53am

Subject: SOLUTION

I migrate the server to 8.0.2 and the DNS Blacklist still not working. So it was a configuration problem and not related to Domino directory database!

First, I debugged the SMTP, adding these notes.ini parameters:

SMTPDEBUGCONTROLS=3

SMTPDEBUGDNSBL=1

After I could see the problem in the Misc Log:

"DNS Blacklist: Skipping because  (88.244.131.40) is considered local"

So I can understend the reason of that, checking the Configuration Parameter in the SMPT Inbound Controls:

“Perform Anti-Relay enforcement for these connecting hosts”

was configured to “None”, after changing it to “External Hosts”, the DNS Blacklist filter all worked fine!!

Do not forget to deactivete the debug notes.ini when finished:

SMTPDEBUGCONTROLS=0

SMTPDEBUGDNSBL=0

Bye

GP