Problem with a certain domain

Fri Jun 7 12:59:20 UTC 2024

Am 2024-06-06 18:35, schrieb Matus UHLAR - fantomas:
> if the problem happens again, you can call 'rndc dumpdb' to dump 
> named's cache and see all records your named remembers about 
> mallorcazeitung.es and epi.es
> perhaps they can help to explain why named can't resolve anything.
> 

Yes, it always happens when the mail is checked against the DNS block 
list. In the journal I can read:

Jun 07 14:30:26 mx1 named[118262]: success resolving 
'mallorcazeitung.es.multi.uribl.com/A' after disabling qname 
minimization due to 'ncache nxdomain'
Jun 07 14:30:26 mx1 named[118262]: success resolving 
'212.132.135.159.dnsbl.sorbs.net/A' after disabling qname minimization 
due to 'ncache nxdomain'
Jun 07 14:30:28 mx1 named[118262]: success resolving 
'www-cdn-lb-tf.gslb.prensaiberica.net/A' after disabling qname 
minimization due to 'ncache nxdomain'
Jun 07 14:30:28 mx1 named[118262]: success resolving 
'caching.c354.edge2befaster.net/A' after disabling qname minimization 
due to 'ncache nxdomain'
Jun 07 14:30:28 mx1 named[118262]: success resolving 
'aec01.euc.edgetcdn.net/A' after disabling qname minimization due to 
'ncache nxdomain'
Jun 07 14:30:28 mx1 named[118262]: success resolving 
'aec01.eug.edgetcdn.net/A' after disabling qname minimization due to 
'ncache nxdomain'
Jun 07 14:30:28 mx1 named[118262]: success resolving 
'161.237.127.79.zen.spamhaus.org/A' after disabling qname minimization 
due to 'ncache nxdomain'
Jun 07 14:30:28 mx1 named[118262]: success resolving 
'129.211.127.79.zen.spamhaus.org/A' after disabling qname minimization 
due to 'ncache nxdomain'
Jun 07 14:30:28 mx1 named[118262]: success resolving 
'209.44.199.138.zen.spamhaus.org/A' after disabling qname minimization 
due to 'ncache nxdomain'
Jun 07 14:30:40 mx1 named[118262]: shut down hung fetch while resolving 
's1._domainkey.mg-esp-prod-eu-eu.mallorcazeitung.es/TXT'
Jun 07 14:30:43 mx1 named[118262]: shut down hung fetch while resolving 
'_adsp._domainkey.newsletter.mallorcazeitung.es/TXT'
[...]
Jun 07 14:32:05 mx1 postfix/smtpd[193761]: warning: timeout talking to 
proxy localhost:10024
Jun 07 14:32:05 mx1 postfix/smtpd[193761]: proxy-reject: END-OF-MESSAGE: 
451 4.3.0 Error: queue file write error; from=
[...]
Jun 07 14:32:05 mx1 postfix/cleanup[193820]: 77BB2202612: 
message-id=<tq-clx4lu9bx1mh201a809bohel1 at newsletter.mallorcazeitung.es>
Jun 07 14:32:05 mx1 opendkim[691]: 77BB2202612: no signing table match 
for 'schlagzeilen at newsletter.mallorcazeitung.es'
Jun 07 14:32:10 mx1 opendkim[691]: 77BB2202612: key retrieval failed 
(s=s1, d=mg-esp-prod-eu-eu.mallorcazeitung.es): 
's1._domainkey.mg-esp-prod-eu-eu.mallorcazeitung.es' query timed out

A found an explanation for "shut down hung fetch" in your list archiv

"This usually means there's a circular dependency somewhere in the
resolution or validation process. For example, we can't resolve a name
without looking up the address of a name server, but that lookup can't
succeed until the original name is resolved. The two lookups will wait 
on
each other for ten seconds, and then the whole query times out and 
issues
that log message."

I'm trying to work around the problem by whitelisting the address in 
Spamassassin so it doesn't check against the DNS blocklists. But 
unfortunately that doesn't work at the moment.

nano /etc/spamassassin/local.cf
whitelist_from_rcvd	schlagzeilen at newsletter.mallorcazeitung.es	piano.io

Spamassassin Doc
"Use this (whitelist_from_rcvd) to supplement the whitelist_from 
addresses with a check against the Received headers. The first parameter 
is the address to whitelist, and the second is a string to match the 
relay's rDNS. "

In the header of the mail I find
Received: from mgptr-132-188.piano.io (mgptr-132-188.piano.io 
[159.135.132.188])
[...]
 From: Mallorca Zeitung <schlagzeilen at newsletter.mallorcazeitung.es>