Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Connect » DNS failure in Warning log
  •  
cwachs

Messages: 101
Karma: 0
Send a private message to this user
My warning log is full (10 of thousands of lines) like these:

[30/Mar/2009 13:47:10] DNS failure while trying to find address 61.34.65.69.bl.spamcop.net in blacklist SpamCop
[30/Mar/2009 23:49:10] DNS failure while trying to find address 61.34.65.69.db.wpbl.info in blacklist Barracuda Central

That IP address (61.34.65.69) is my SPAM gateway device's IP address backwards. I am running SPAM control on the Kerio server as well as passing all mail through the SPAM gateway.

Is this a configuration problem on my end?

[Updated on: Tue, 31 March 2009 06:56]


-----------
Server installation:
Kerio Connect 7.1
OS X Server 10.5.8
Apple G4 X Serve
  •  
pantera10

Messages: 56
Karma: 0
Send a private message to this user
Hi,
Did you read that ?
http://forums.kerio.com/index.php?t=msg&th=15079&sta rt=0&S=03e55c5446e336ab18dc717d8adc75e1

It might explains why you have so much error Smile

Kerio Connect 7.0.1 on Open Suse 11.1 64 bits
Outlook 2007 with KOFF. 100 users
  •  
TorW

Messages: 769
Karma: 9
Send a private message to this user
There are two errors here:

1. You are trying to look up your own spam gateway in blacklists, so tell KMS that 69.65.34.61 is whitelisted. Imagine the consequences if your spam gateway really ends up in a blacklist Shocked

2. Consider NOT using blacklist lookups on KMS if you have already done them on the spam gateway. In any case, check that you are using proper nameservers on KMS. For some reason, KMS can't look up stuff in the blacklists. Use the same nameserver as other internet-facing machines on your network.
  •  
cwachs

Messages: 101
Karma: 0
Send a private message to this user
pantera10 wrote on Tue, 31 March 2009 04:03

Hi,
Did you read that ?
http://forums.kerio.com/index.php?t=msg&th=15079&sta rt=0&S=03e55c5446e336ab18dc717d8adc75e1

It might explains why you have so much error Smile


I did read that a few weeks ago and have pulled out the out of date lists.

You ask, why use Kerio's SPAM fighting when I have a boundry device? Since the boundry device is shared, I have much better control on Kerio which is not shared. The settings on the device are fairly "generous." They error on the side of one piece of HAM tagged as SPAM is a deal killer so I get SPAM that slips through. Kerio catches 90% of that - which is why I want to run 2 of them.

[Updated on: Tue, 31 March 2009 18:57]


-----------
Server installation:
Kerio Connect 7.1
OS X Server 10.5.8
Apple G4 X Serve
  •  
sedell

Messages: 1168
Karma: 1
Send a private message to this user
You can't run RBL checks against mail received from a gateway device. The RBL check looks up the connecting IP, which will always be your mail gateway.

Scott
  •  
evsmetal

Messages: 42
Karma: 0
Send a private message to this user
I get a lot of these in my warning log:

[31/Mar/2009 13:47:25] DNS failure while trying to find address XX.XX.XX.XX.bl.spamcop.net in blacklist SpamCop
[01/Apr/2009 12:36:31] DNS failure while trying to find address XX.XX.XX.XX.zen.spamhaus.org in blacklist SpamHaus SBL-XBL
[01/Apr/2009 12:58:30] DNS failure while trying to find address XX.XX.XX.XX.zen.spamhaus.org in blacklist SpamHaus SBL-XBL
[01/Apr/2009 13:10:07] DNS failure while trying to find address XX.XX.XX.XX.db.wpbl.info in blacklist WPBL - Weighted Private Block List


The IP xx.xx.xx.xx addresses are all different. (Hmm, one does belong to the external IP of my branch location firewall, but for the most part, they're not part of my IP block).

70% of the failures are going to SpamHaus.

I've also disabled the checks to dsbl.org.

The DNS entries on the server are correct. I can happily surf out or ping external addresses.

Win 2003 server
2 LAN adapters

Curiously, when I try the 'repair' option on the NIC (either one) it does come back with an error about not being able to register with DNS. I'm not running a DNS service on this box (no internal DNS servers anywhere in my corporation). I saw a DNS client running, and stopped that, but the repair still fails.

Any one have any insight? (I'm more concerned with the warning log entries..)

[Updated on: Thu, 02 April 2009 00:14]

  •  
freakinvibe

Messages: 1542
Karma: 62
Send a private message to this user
Did you read this post?

http://forums.kerio.com/index.php?t=msg&goto=50461

Also you should enable DNS logging in debug log to get the details what is failing and post the results here.

Dexion AG - The Blackberry Specialists in Switzerland
https://dexionag.ch
  •  
TorW

Messages: 769
Karma: 9
Send a private message to this user
Spamhaus may block you without warning from doing lookups if you send them more than 300,000 queries a day. See http://www.spamhaus.org/organization/dnsblusage.html for details and a workaround involving money.

If you know for a fact that you do less than 300,000 queries to Spamhaus per day, remember that the DNS server which asks on behalf of you may also generate queries from other mail servers.

Setting up your own caching-only DNS server may help the situation somewhat. djbdns or tinydns is easy to set up and operate.
  •  
evsmetal

Messages: 42
Karma: 0
Send a private message to this user
I read the other thread and got some good info from there.

I changed the DNS entry on the mail server to use OpenDNS instead of my ISPs DNS. And as a secondary, I used Verizon's open DNS (4.2.2.2).

Tho, curiously, KMS seems to be using the secondary one first, UNLESS it's actually performing the DNS lookup from the 2nd NIC, which has only Verizon's open DNS defined.

Seems to have stopped the warnings (but might be too soon to tell as it's after office hours here, so mail flow has dropped off anyway.)

Thanks for the replies.
  •  
evsmetal

Messages: 42
Karma: 0
Send a private message to this user
As an update, I can say that I still occasionally get DNS warnings about SpamHaus after specifying new DNS entries on the server, but it's cut them down by ~85%, so I'll live with it. I guess it's a "too much traffic" thing, so, out of my (and KMS') control.

Does anyone know what KMS does with the message at this point? Is it being delivered?
Previous Topic: Pop3 download not finding mailbox To: <NULL>
Next Topic: LDAP errors from Administration Console
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Thu Oct 19 14:52:01 CEST 2017

Total time taken to generate the page: 0.00480 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.