While having multiple name servers can help redundancy in
the event of a
failure, more than 3 in your resolv.conf file is probably
unnecessary
and can be undesirable in instances such as these (scripts
that may time
out waiting on a definitive answer).
On the postfix side, I'd suggest using
"reject_unknown_sender_domain"
and "reject_unknown_recipient_domain" in your
recipient restrictions.
This will cause postfix to temporarily reject the message
until the
domain resolves. This is an easy way to cut down on spam
sent from
forged (non existent) domains. I personally choose to not
accept email
from non-existent domains as a rule. If someone wants to
send mail, they
can use a valid address so that their email can be responded
to or
bounced without filling up my queue.
-Blake
Nathan Surginer wrote:
> Blake,
>
> Thanks for the info on this. I do have multiple DNS
servers available on
> this install, but as you pointed out, that domain is
definitely dead. I'll
> try to look around for some SMTP restrictions for
postfix to help bounce
> messages like this, but I haven't come across anything
previously. Let me
> know if you are aware of anything.
>
> Thanks again,
> Nathan
>
>
> -----Original Message-----
> From: maia-users-bounces renaissoft.com
> [mailto:maia-users-bouncesrenaissoft.com] On Behalf
Of Blake Hudson
> Sent: Friday, May 11, 2007 5:57 PM
> To: maia-usersrenaissoft.com
> Subject: Re: [Maia-users] SA TIMED OUT... Help
Deciphering This Error...
>
> I'm going to guess this is a DNS timeout by the
frequent mention of DNS
> resolver and the pdu-super-dealz.com name...
>
> Searching via dns stuff reveals this record is not
available because the
> parent name servers are timing out.
> --------------
>
> Searching for pdu.super-dealz.com A record at
i.root-servers.net
> [192.36.148.17]: Got referral to B.GTLD-SERVERS.NET.
(zone: com.) [took 189
> ms]
> Searching for pdu.super-dealz.com A record at
B.GTLD-SERVERS.NET.
> [192.33.14.30]: Got referral to ns2.super-dealz.com.
(zone:
> super-dealz.com.) [took 235 ms]
> Searching for pdu.super-dealz.com A record at
ns2.super-dealz.com.
> [66.78.30.6]: Timed out. Trying again.
> Searching for pdu.super-dealz.com A record at
ns2.super-dealz.com.
> [66.78.30.6]: Timed out. Trying again.
> Searching for pdu.super-dealz.com A record at
ns1.super-dealz.com.
> [66.78.30.5]: Timed out. Trying again.
> Searching for pdu.super-dealz.com A record at
ns2.super-dealz.com.
> [66.78.30.6]: Timed out. Trying again.
> Searching for pdu.super-dealz.com A record at
ns2.super-dealz.com.
> [66.78.30.6]: Timed out. Trying again.
> Searching for pdu.super-dealz.com A record at
ns2.super-dealz.com.
> [66.78.30.6]: Timed out. Trying again.
> --------------
>
>
> Normally a DNS server will time out after a few
seconds... not the 30
> second(IIRC) default timeout for spamassassin... do you
have multiple
> name servers to query in your resolv.conf or an
unusually short SA
> timeout?
>
> In any event, the message will stay at the upstream MTA
and retry on the
> next iteration of it running through its deferred
queue, eventually
> bouncing if the problem continues past your queue
lifetime. So
> intermittent DNS issues should work themselves out
eventually, in this
> instance the message looks like spam and can probably
be
> killed/bounced/whatever. Though I might recommend doing
some basic DNS
> checks prior to accepting email in your upstream MTA,
if possible.
>
> -Blake
>
>
>
> Nathan Surginer wrote:
>
>> I just happened to be tailing the log when I saw
this go by. I've seen
>>
> the
>
>> logwatch a few times mention something about
messages making SA time out,
>> but never saw the output. Can anyone make any
sense of this? This is on
>>
> a
>
>> FC5 box that's been running a few months.
>>
>>
>> May 11 17:14:59 trap amavis[24586]: (24586-05) SA
TIMED OUT, backtrace: at
>>
/usr/lib64/perl5/5.8.8/x86_64-linux-thread-multi/IO/Select.p
m line
>> 105nteval {...} called at
>>
/usr/lib64/perl5/5.8.8/x86_64-linux-thread-multi/IO/Select.p
m line
>>
105ntIO::Select::can_read('IO::Select=ARRAY(0x4eaef90)',
5) called at
>>
>>
>
/usr/lib64/perl5/vendor_perl/5.8.8/x86_64-linux-thread-multi
/Net/DNS/Resolve
>
>> r/Base.pm line
>>
>>
> 836ntNet: NS::Reso
lver::Base::send_udp('Net:NS::Reso
lver=HASH(0x6147b90
>
>> )', 'Net:NS::Pack
et=HASH(0x6522e80)',
>>
>>
>
'\xx\x\x\x\x\x\x\x\x\x\x\xpd
>
>>
u\xsuper-dealz\xcom\x\x\x\x\x')
called at
>>
>>
>
/usr/lib64/perl5/vendor_perl/5.8.8/x86_64-linux-thread-multi
/Net/DNS/Resolve
>
>> r/Base.pm line
>>
>>
> 476ntNet:NS::Reso
lver::Base::send('Net:NS::Reso
lver=HASH(0x6147b90)',
>
>> 'pdu.super-dealz.com', 'A') called at
>>
>>
>
/usr/lib64/perl5/vendor_perl/5.8.8/x86_64-linux-thread-multi
/Net/DNS/Resolve
>
>> r/Base.pm line 433ntNet:NS...
>>
>> Nathan
>>
>>
>>
>> ________________________________
>>
>> Nathan Surginer
>> Systems Manager
>> ________________________________
>>
>> Office 770-838-0373 http://InfoAge.US
>> Fax 770-838-0374 NathanSInfoAge.US
>>
>> _______________________________________________
>> Maia-users mailing list
>> Maia-usersrenaissoft.com
>> http://www.renaissoft.com/mailman/listinfo/maia-users
>>
>>
>
> _______________________________________________
> Maia-users mailing list
> Maia-usersrenaissoft.com
> http://www.renaissoft.com/mailman/listinfo/maia-users
>
>
_______________________________________________
Maia-users mailing list
Maia-usersrenaissoft.com
http://www.renaissoft.com/mailman/listinfo/maia-users
|
