Gordon you are right – as usual :) Of course I messed up my hurried bind config and didn’t comment out the forwarders… [root(a)mail /]# host -tTXT polizei.gv.at.multi.uribl.com Host polizei.gv.at.multi.uribl.com not found: 3(NXDOMAIN) Better now :) Von: users [mailto:users-bounces(a)exim4u.org] Im Auftrag von Gordon Dickens Gesendet: Dienstag, 29. März 2016 17:10 An: Exim4U General Discussion <users(a)exim4u.org> Betreff: Re: [Exim4U] Facing a problem with false positives using uribl.com Blacklisting? Your query is being refused by uribl.com and its 99.99% probably because the DNS query continues to be made from your ISP's nameserver. So, you need to figure out why you are not using your nameserver. Most probably, its not configured properly or your /etc/hosts file doesn't have an entry for localhost. FYI, Gordon On 03/29/2016 10:55 AM, Harald Valkanover wrote: OK more reading – more ideas :) Requesting a TXT does the trick and let some light shine on the issue: [root(a)mail /]# host -tTXT polizei.gv.at.multi.uribl.com polizei.gv.at.multi.uribl.com descriptive text "127.0.0.1 -> Query Refused. See http://uribl.com/refused.shtml for more information [Your DNS IP: 188.40.25.2]" Looks like I misunderstood “gold entry” and still a DNS in my Upstream is blocked :( Any better ideas than looking for an external, small DNS Server to point my local caching bind to? Von: users [mailto:users-bounces(a)exim4u.org] Im Auftrag von valki(a)valki.com <mailto:valki(a)valki.com> Gesendet: Dienstag, 29. März 2016 15:28 An: users(a)exim4u.org <mailto:users(a)exim4u.org> Betreff: [Exim4U] Facing a problem with false positives using uribl.com Blacklisting? Hi there! I just upgraded to exim4u 3 weeks ago and seem to have a problem regarding false positives when using uribl within exim4u. After some reading through the docs I found a topic regarding the problem when the mailserver is using a "big" public nameserver and therefore the requests may be blocked. So I installed quickly a forwarding bind99 - but still the problem persists. As an example: Incoming Email: 2016-03-29 14:42:57 1aksz2-000JNC-RN H=mx.bmi.gv.at [78.41.149.30] X=TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256 CV=no F=<Oeffentlichkeitsarbeit-V(a)polizei.gv.at <mailto:Oeffentlichkeitsarbeit-V(a)polizei.gv.at> > rejected during MIME ACL checks: Blacklisted URL in message. (polizei.gv.at) in. See http://lookup.uribl.com. It claims that polizei.gv.at (austrian authority for racecontrol for autobahns) should be on a blacklist? Dont think so... [root(a)mail /]# nslookup polizei.gv.at.multi.uribl.com Server: 144.76.161.138 Address: 144.76.161.138#53 Non-authoritative answer: Name: polizei.gv.at.multi.uribl.com Address: 127.0.0.1 As far as I learned this should mean that its on the "gold" list eg. NOT on the blacklist. And as there is no 127.0.0.255 I assume that my local bind is doing its job well. So how can I find out why that email is being refused? kind regards, Valki _______________________________________________ users mailing list users(a)exim4u.org <mailto:users(a)exim4u.org> https://exim4u.org/mailman/listinfo/users

Gordon just a final thought on that topic... Do you think it could be a good improvement to figure out a way to detect the blocking of the used DNS server (response 127.0.0.1) and disable the feature in such a case? Because when the folks at uribl decide to block my small DNS one day then I won't take notice of that except that (maybe important) mails are dropped... :-) kind regards, Valki Am Di., Mrz. 29, 2016 17:33 schrieb Gordon Dickens : Glad that you figured it out! You should be good to go now.... Good Luck! Gordon On 03/29/2016 11:28 AM, Harald Valkanover wrote: Gordon you are right – as usual J Of course I messed up my hurried bind config and didn’t comment out the forwarders… [root(a)mail /]# host -tTXT polizei.gv.at.multi.uribl.com Host polizei.gv.at.multi.uribl.com not found: 3(NXDOMAIN) Better now J Von: users [mailto:users-bounces(a)exim4u.org (mailto:users-bounces(a)exim4u.org)] Im Auftrag von Gordon Dickens Gesendet: Dienstag, 29. März 2016 17:10 An: Exim4U General Discussion (mailto:users(a)exim4u.org) Betreff: Re: [Exim4U] Facing a problem with false positives using uribl.com Blacklisting? Your query is being refused by uribl.com and its 99.99% probably because the DNS query continues to be made from your ISP's nameserver. So, you need to figure out why you are not using your nameserver. Most probably, its not configured properly or your /etc/hosts file doesn't have an entry for localhost. FYI, Gordon On 03/29/2016 10:55 AM, Harald Valkanover wrote: OK more reading – more ideas J Requesting a TXT does the trick and let some light shine on the issue: [root(a)mail /]# host -tTXT polizei.gv.at.multi.uribl.com polizei.gv.at.multi.uribl.com descriptive text "127.0.0.1 -> Query Refused. See http://uribl.com/refused.shtml (http://uribl.com/refused.shtml) for more information [Your DNS IP: 188.40.25.2]" Looks like I misunderstood “gold entry” and still a DNS in my Upstream is blocked L Any better ideas than looking for an external, small DNS Server to point my local caching bind to? Von: users [mailto:users-bounces(a)exim4u.org (mailto:users-bounces(a)exim4u.org)] Im Auftrag von valki(a)valki.com (mailto:valki(a)valki.com) Gesendet: Dienstag, 29. März 2016 15:28 An: users(a)exim4u.org (mailto:users(a)exim4u.org) Betreff: [Exim4U] Facing a problem with false positives using uribl.com Blacklisting? Hi there! I just upgraded to exim4u 3 weeks ago and seem to have a problem regarding false positives when using uribl within exim4u. After some reading through the docs I found a topic regarding the problem when the mailserver is using a "big" public nameserver and therefore the requests may be blocked. So I installed quickly a forwarding bind99 - but still the problem persists. As an example: Incoming Email: 2016-03-29 14:42:57 1aksz2-000JNC-RN H=mx.bmi.gv.at [78.41.149.30] X=TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256 CV=no F= rejected during MIME ACL checks: Blacklisted URL in message. (polizei.gv.at) in. See http://lookup.uribl.com (http://lookup.uribl.com). It claims that polizei.gv.at (austrian authority for racecontrol for autobahns) should be on a blacklist? Dont think so... [root(a)mail /]# nslookup polizei.gv.at.multi.uribl.com Server: 144.76.161.138 Address: 144.76.161.138#53 Non-authoritative answer: Name: polizei.gv.at.multi.uribl.com Address: 127.0.0.1 As far as I learned this should mean that its on the "gold" list eg. NOT on the blacklist. And as there is no 127.0.0.255 I assume that my local bind is doing its job well. So how can I find out why that email is being refused? kind regards, Valki _______________________________________________ users mailing list users(a)exim4u.org (mailto:users(a)exim4u.org) https://exim4u.org/mailman/listinfo/users (https://exim4u.org/mailman/listinfo/users) _______________________________________________ users mailing list users(a)exim4u.org (mailto:users(a)exim4u.org) https://exim4u.org/mailman/listinfo/users (https://exim4u.org/mailman/listinfo/users)