DNS resolver for MailCleaner
Added about 6 years ago
How to configure DNS resolver for MailCleaner.¶
|WARNING : Don't use public DNS (i.e Google or such) as it will lead to undefined behaviour, instability or delay!|
A common configuration mistake with MailCleaner is to use public DNS.
RBLs results are given by DNS queries. Each received message that go through all analyzing process will usually involve 10 to 20 DNS queries. As a if you are overusing their DNS, result public DNS will end up blacklisting you and you will get wrong answers to your DNS queries.
This can lead to reject messages for no reasons, accept messages that should have been stopped or even worse, having a public DNS that let your queries timeout which may increase the messages in MailCleaner queues and in the end a very delayed mail flow.
You can set up your DNS resolution in : (this has to be done on each server, so you ll need to connect to the web interface of each host, one by one)
- Configuration > Base System > DNS settings
Primary DNS server : 127.0.0.1
MailCleaner servers come with their own local DNS , so when using 127.0.0.1, you benefit from a cache and if needed, resolutions are done directly to root DNS servers (their list is updated on a daily basis)
Of course you can setup MailCleaner to use your own local DNS resolver, especially if you need to resolve local non public zone.
But be warned that MailCleaner use it intensively and it has to be reliable.
Firewall configuration to allow MailCleaner to perform DNS resolution¶
If MailCleaner is behind a firewall, add this rules to your firewall:
- MailCleaner -> Internet: allow traffic for port 53 (dns) both TPC and UDP
NOTE : MailCleaner cannot be used as DNS resolver, it only listen on 127.0.0.1.
- Using 127.0.0.1 as a local resolver (and local DNS cache) in MailCleaner really improves anti-spam speed.
- Decreases drastically the load of your DNS server.
- If you plan to set up a MailCleaner Cluster, during the cluster setup, the hostname of every host must to be resolved externally.
- In Configure > Domains > [your domain] > Delivery > Destination servers, all the FQDN you define here must to be resolved externally.