Carlos E. R. wrote:
This must be affecting any openSUSE user that uses SA in default configuration.
Possibly, but what is the problem?
That we are spamming spamhaus? :-D
Well, _we_ are not - at most, some of our users' nameservers are. Besides, it's nothing new.
It is not a problem for me, because the clever folk at SA detect that error message of "open resolver" and handle it with a score of zero.
In the ticket I looked at, spamhaus delivered a correct code, indicating "excessive queries". A code that doesn't produce any score. FYI, there is no open resolver on 195.135.221.145 - hence my suggestion that it is a red herring. The wrong error message.
But the queries are sent, none the less.
Yup. As expected.
Maybe, I could do something to my dnsmasq to obviate the forwarders and do direct queries for these. [snip] And the syntax for dnsmasq doesn't have a provision for using the root servers and down from there.
Dunno, it is possible that dnsmasq simply doesn't support such a setup - dnsmasq is called "a light-weight DNS forwarder", so maybe it does not support the full lookup process itself.
To disable the Spamhaus RBL's add these lines to your local.cf :
RCVD_IN_ZEN 0 RCVD_IN_XBL 0 RCVD_IN_PBL 0
The names of the individual RBL checks may change over time so be sure to keep an eye on them after upgrades. ······················++-
AFAIK that doesn't disable the test, it disables its results. The tests are still done, so it is useless.
No, it disables the test. -- Per Jessen, Zürich (7.7°C) Member, openSUSE Heroes (2016 - present) We're hiring - https://en.opensuse.org/openSUSE:Heroes