and i see that : MX_MISSING (3.5) [] )> Domain has no resolvable MX ???? HFILTER_HELO_IP_A (1) [mail-40130.protonmail.ch] MIME_BASE64_TEXT_BOGUS (1) MIME_BASE64_TEXT (0.1) how must i tuned rspamd server (mail) in order to resolv domain ? on server i can do ping domain.com and it's working
le@mail3:~$ ping mail-40130.protonmail.ch PING mail-40130.protonmail.ch (185.70.40.130) 56(84) bytes of data. 64 bytes from mail-40130.protonmail.ch (185.70.40.130): icmp_seq=1 ttl=57 time=51.3 ms 64 bytes from mail-40130.protonmail.ch (185.70.40.130): icmp_seq=2 ttl=57 time=51.4 ms 64 bytes from mail-40130.protonmail.ch (185.70.40.130): icmp_seq=3 ttl=57 time=51.3 ms ^C --- mail-40130.protonmail.ch ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 5ms rtt min/avg/max/mdev = 51.286/51.335/51.411/0.192 ms
Where do you see that? Which domain is that? Is it your domain? If by resolv you mean resolve in name service, it is not rspamd that does any resolving. RSpamd sends the query to name service and gets answer back. Is the host in /etc/hosts file? Check with Code: grep -i mail-40130 /etc/hosts What if you query name service for that hostname, what happens? Code: host mail-40130.protonmail.ch
That doesn't say it can't resolve the server's hostname, as you did with your ping example, it says that a domain (which I would presume is the domain of the sender's email address) does not have a resolvable MX record. I again presume that it either has no MX records, or the records it has point to hostnames which themselves do not resolve. You don't say what the domain is, nor provide mail logs, so not much more can be guessed at, except perhaps by someone more familiar with rspamd's messages, but at this point I'd think there's nothing wrong with your server.
hello jesse ! thank you for answering. our first mail domain and cloud etc ... is in ipsconfig !! tadadadadad . (with your advice no issue at all! but we change the password .) In fact i must allow ispconfig server (so mail server then rpsamd) to use dns query on any server on the web . and rspamd work great. Do you think it's a good idea ? Which strategy did you recommend for DNS resolving ? (we have 2 ispconfig ns , but they do not forward if they don't have the zone)
If the mail server runs a local caching resolver (a good idea for performance and to avoid rbl query limits on shared dns servers), yes, firewall rules will need to allow it to send queries to any server. I am switching to rspamd, but don't have much experience yet to say if it is or isn't a good idea. I'm leaving amavis installed as well, so it's a simple config change to switch between them. Your mail server shouldn't use shared dns resolvers for reasons stated above, but otherwise it's up to you. In general the closer your servers are network-wise, the more performant your queries will be (so again, a local caching resolver might make sense).
I don't want to take over this topic, but I'm very interested in your experience. I don't want to convert yet as it seems it is still a bit buggy with ISPConfig, but not for long when you start using it I suspect
so i must deploy a third dns server dedicated to solving dns ,and cache, for ispconfig server ? server not in ispconfig database. that's it ? or simply add a third ispconfig server with ns role, but can it become cache and solver (forwarders) server only ?
I always run a caching resolver right on mail servers. There wouldn't be a need for a 3rd server just to handle queries, you could set up the two you already have to recurse queries from your mail server if you wanted to (it's separate named config, unrelated to what ISPConfig adds).
i create a new DNS server , an ispconfig server (with db , included in monitoring etc). i want to ad our zone (domain.com) , but for internal ip only . i don't want to use domain.com which hosted by ns1 ans n2 : exposed dns servers which is dedicated to internet dns query for adding internal ip. So nsinternal.domain .com server is dedicated to act as a cache and forward dns server. i decided to creat domain .com zone (again) ... i got : "There is already a record for this zone." .. this is logic but so who can i create DNS internal record, for domain .com , without exposed them to entire web ? web1.domain.com is (example) 85.56.65.101 BUt also know for local admin as (and ansible) as : web1.domain.com 10.33.33.101 (and so o for webx , dbx, mailx etc ...) this is a newb question put ... yo soy assi ;-)
We told you before, you don't have to set up another OS with BIND on it, just a resolver that caches your queries. To set up something like you try now, add a record to /etc/hosts for nsinternal.example.com.
Take a look at https://cwiki.apache.org/confluence/display/SPAMASSASSIN/CachingNameserver for example and eventually search for more explanations online.
The RSPAMD instructions explain how to setup caching DNS server on rspamd host. The rspamd docs explain why this is desirable: https://www.rspamd.com/doc/faq.html#resolver-setup
thank you Taleman and th0m. Reading all those good advices, i just install two (we have two VLAN) CT (promox), then setup bind for : - caching, - forwarding (secure dns ) - host our internal dns zone (same name as external : so ispconfig can't do that properly)
i'm trying this fix , edit : fix ok ... but why .... ??? where 10.10.10.13 is my local DNS server cache and forwarder. Code: /etc/rspamd/local.d/options.inc local_addrs = "127.0.0.0/8, ::1"; dns { nameserver = ["10.10.10.13:53:10"]; } And their is an issue because : https://www.rspamd.com/doc/faq.html#resolver-setup ok , but my resolv.conf is good : nameserver 10.10.10.13 ... so why ? MX_MISSING !
