Centos - Unbboud 和 URIBL_BLOCKED 黑名单

Centos - Unbboud 和 URIBL_BLOCKED 黑名单

我面临以下问题: 我的网站有联系表格。人们通过联系表格联系我。每次发送联系表格后我都会收到一封电子邮件。大约一周以来,Outlook 会将我自己的电子邮件(从我的网站发送)标记为垃圾邮件。

这些电子邮件的标题有:

tests=ALL_TRUSTED,DKIM_SIGNED,
    DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FORGED_REPLYTO,URIBL_BLOCKED autolearn=no

这个问题的主要目的: 退出URIBL_BLOCKED列表并让 spamassassin 不添加URIBL_BLOCKED标题。

以下是我的故障排除:

我的resolve.conf有:

# cat /etc/resolv.conf
; generated by /usr/sbin/dhclient-script
search localdomain
nameserver 62.149.128.4
nameserver 62.149.132.4
nameserver 2001:4860:4860::8888

有人告诉我,原因可能是 DNS 问题。许多黑名单服务不允许来自免费 DNS 服务器的查询,这可能包括我的 VPS 提供商使用的 DNS。

对于电子邮件服务器,我被建议使用自己的递归解析器。例如Unbound

这就是我决定选择的原因Unbound

我安装了Unbound。它的配置是:

]# cat /etc/unbound/unbound.conf | egrep -v "^\s*(#|$)"
server:
        verbosity: 1
        statistics-interval: 0
        statistics-cumulative: no
        extended-statistics: yes
        num-threads: 4
         interface: 0.0.0.0
        interface-automatic: no
         port: 53
        so-reuseport: yes
        ip-transparent: yes
         cache-max-ttl: 86400
         do-ip4: yes
         do-udp: yes
         do-tcp: yes
         access-control: 0.0.0.0/0 refuse
         access-control: 127.0.0.0/8 allow
        chroot: ""
        username: "unbound"
        directory: "/etc/unbound"
        log-time-ascii: yes
        pidfile: "/var/run/unbound/unbound.pid"
         hide-version: yes
        harden-glue: yes
        harden-dnssec-stripped: yes
        harden-below-nxdomain: yes
        harden-referral-path: yes
        unwanted-reply-threshold: 10000000
        prefetch: yes
        prefetch-key: yes
        rrset-roundrobin: yes
        minimal-responses: yes
        module-config: "ipsecmod validator iterator"
        trust-anchor-signaling: yes
        trusted-keys-file: /etc/unbound/keys.d/*.key
        auto-trust-anchor-file: "/var/lib/unbound/root.key"
        val-clean-additional: yes
        val-permissive-mode: no
        val-log-level: 1
        include: /etc/unbound/local.d/*.conf
        ipsecmod-enabled: no
        ipsecmod-hook: "/usr/libexec/ipsec/_unbound-hook"
python:
remote-control:
        server-key-file: "/etc/unbound/unbound_server.key"
        server-cert-file: "/etc/unbound/unbound_server.pem"
        control-key-file: "/etc/unbound/unbound_control.key"
        control-cert-file: "/etc/unbound/unbound_control.pem"
include: /etc/unbound/conf.d/*.conf

现在/etc/resolv.conf看起来像:

# cat /etc/resolv.conf
; generated by /usr/sbin/dhclient-script
search localdomain
;nameserver 62.149.128.4
;nameserver 62.149.132.4
;nameserver 2001:4860:4860::8888
nameserver ::1
nameserver 127.0.0.1
options trust-ad

安装 Unbound 之前进行连接测试:

dig ubuntu.com @localhost -> 135 msec
# host -tA 2.0.0.127.multi.uribl.com

安装 Unbound 后进行连接测试:

dig ubuntu.com @localhost -> 0 msec
# host -tA 2.0.0.127.multi.uribl.com

安装Unboud之前的黑名单查询:

2.0.0.127.multi.uribl.com has address 127.0.0.1

安装Unboud后的黑名单查询:

2.0.0.127.multi.uribl.com has address 127.0.0.14

当我跑步时spamd retstart我得到:

# spamd retstart
server socket setup failed, retry 1: spamd: could not create IO::Socket::IP socket on [127.0.0.1]:783: Address already in use
server socket setup failed, retry 2: spamd: could not create IO::Socket::IP socket on [127.0.0.1]:783: Address already in use
server socket setup failed, retry 3: spamd: could not create IO::Socket::IP socket on [127.0.0.1]:783: Address already in use
server socket setup failed, retry 4: spamd: could not create IO::Socket::IP socket on [127.0.0.1]:783: Address already in use
server socket setup failed, retry 5: spamd: could not create IO::Socket::IP socket on [127.0.0.1]:783: Address already in use
server socket setup failed, retry 6: spamd: could not create IO::Socket::IP socket on [127.0.0.1]:783: Address already in use
server socket setup failed, retry 7: spamd: could not create IO::Socket::IP socket on [127.0.0.1]:783: Address already in use
server socket setup failed, retry 8: spamd: could not create IO::Socket::IP socket on [127.0.0.1]:783: Address already in use
server socket setup failed, retry 9: spamd: could not create IO::Socket::IP socket on [127.0.0.1]:783: Address already in use
spamd: could not create IO::Socket::IP socket on [127.0.0.1]:783: Address already in use

然后我重新启动了整个 VPS 机器并重新运行:

host -tA 2.0.0.127.multi.uribl.com
2.0.0.127.multi.uribl.com has address 127.0.0.1

# unbound-control dump_cache日志:

[1651605758] unbound-control[12193:0] warning: control-enable is 'no' in the config file.
[1651605758] unbound-control[12193:0] error: connect: Connection refused for 127.0.0.1

其他日志:

# netstat -antup |grep unbound
tcp        0      0 0.0.0.0:53              0.0.0.0:*               LISTEN      12181/unbound
udp        0      0 0.0.0.0:53              0.0.0.0:*                           12181/unbound
udp        0      0 0.0.0.0:53              0.0.0.0:*                           12181/unbound
udp        0      0 0.0.0.0:53              0.0.0.0:*                           12181/unbound
udp        0      0 0.0.0.0:53              0.0.0.0:*                           12181/unbound
udp        0      0 0.0.0.0:53              0.0.0.0:*                           11927/unbound
udp        0      0 0.0.0.0:53              0.0.0.0:*                           11927/unbound
udp        0      0 0.0.0.0:53              0.0.0.0:*                           11927/unbound
udp        0      0 0.0.0.0:53              0.0.0.0:*                           11927/unbound

知道我还能做什么来从 uribl 中取消列出吗?

请帮忙

更新: 从我上次在服务器上进行更改后等待了大约 12 个小时,测试的结果是:

# host -tTXT 2.0.0.127.multi.uribl.com
2.0.0.127.multi.uribl.com descriptive text "127.0.0.1 -> Query Refused. See http://uribl.com/refused.shtml for more information [Your DNS IP: 62.149.128.122]"


nslookup -q=txt 2.0.0.127.multi.uribl.com
Server:         62.149.128.4
Address:        62.149.128.4#53

    Non-authoritative answer:
    2.0.0.127.multi.uribl.com       text = "127.0.0.1 -> Query Refused. See http://uribl.com/refused.shtml for more information [Your DNS IP: 62.149.128.123]"
    
    Authoritative answers can be found from:

所以看起来我不再在该列表中了……但是 Spamassassin 仍在触发URIBL_BLOCKED规则

根据评论的建议,我修复了resolv.conf文件:新resolv.conf

#options trust-ad
#; generated by /usr/sbin/dhclient-script
#search localdomain
#nameserver 62.149.128.4
#nameserver 62.149.132.4
#nameserver 2001:4860:4860::8888
nameserver ::1
nameserver 127.0.0.1
options trust-ad

相关内容