DNS Caching for Spamassassin RBLs

This article was posted more than 1 year ago. Please keep in mind that the information on this page may be outdated, insecure, or just plain wrong today.

So I’m tweaking the mail filter server which is a Debian Linux server running Postfix, MailScanner and SpamAssassin.

I just wanted to share some of the performance improvements after installing pdns-recursor for local caching.

Install PowerDNS

root@mxfilter:~# apt-get install pdns-recursor

Obtain a sample spam email

root@mxfilter:~# wget http://people.apache.org/~wtogami/sample-spam.eml

First Test

root@mxfilter:~# cat sample-spam.eml | spamassassin -D 2>&1 | grep 'async: timing' | sed 's/^.*dbg: async: //'
timing: 0.740 . dns:A:45.135.176.118.iadb.isipp.com.
timing: 0.741 . dns:A:45.135.176.118.dnsbl.sorbs.net.
timing: 0.749 . dns:TXT:45.135.176.118.sa-accredit.habeas.com.
timing: 0.749 . dns:A:45.135.176.118.bb.barracudacentral.org.
timing: 0.750 . dns:TXT:45.135.176.118.bl.spamcop.net.
timing: 0.752 . dns:A:45.135.176.118.psbl.surriel.com.
timing: 0.753 . dns:A:45.135.176.118.list.dnswl.org.
timing: 0.756 . dns:A:45.135.176.118.zen.spamhaus.org.
timing: 0.758 . dns:A:45.135.176.118.bl.score.senderscore.com.
timing: 1.790 . dns:TXT:45.135.176.118.sa-trusted.bondedsender.org.

Second Test

timing: 0.002 . dns:A:45.135.176.118.iadb.isipp.com.
timing: 0.006 . dns:TXT:45.135.176.118.sa-accredit.habeas.com.
timing: 0.012 . dns:A:45.135.176.118.list.dnswl.org.
timing: 0.016 . dns:A:45.135.176.118.bl.score.senderscore.com.
timing: 0.206 . dns:A:45.135.176.118.psbl.surriel.com.
timing: 0.996 . dns:A:45.135.176.118.dnsbl.sorbs.net.
timing: 1.001 . dns:TXT:45.135.176.118.bl.spamcop.net.
timing: 1.003 . dns:A:45.135.176.118.bb.barracudacentral.org.
timing: 1.003 . dns:TXT:45.135.176.118.sa-trusted.bondedsender.org.
timing: 1.009 . dns:A:45.135.176.118.zen.spamhaus.org.

After running pdns-recursor for about 5 minutes here are some statistics.

root@mxfilter:~# rec_control get-all
all-outqueries  116
dlg-only-drops  0
dont-outqueries 0
outgoing-timeouts       0
tcp-outqueries  4
throttled-out   0
throttled-outqueries    0
unreachables    0
answers-slow    0
answers0-1      0
answers1-10     0
answers10-100   1
answers100-1000 24
case-mismatches 0
chain-resends   0
client-parse-errors     0
edns-ping-matches       0
edns-ping-mismatches    0
ipv6-outqueries 0
no-packet-error 0
noedns-outqueries       120
noerror-answers 15
noping-outqueries       0
nsset-invalidations     0
nxdomain-answers        18
over-capacity-drops     0
qa-latency      893
questions       33
resource-limits 0
server-parse-errors     0
servfail-answers        0
spoof-prevents  0
tcp-client-overflow     0
tcp-questions   0
unauthorized-tcp        0
unauthorized-udp        0
unexpected-packets      0
cache-entries   496
cache-hits      0
cache-misses    25
concurrent-queries      0
negcache-entries        10
nsspeeds-entries        369
packetcache-entries     24
packetcache-hits        8
packetcache-misses      25
sys-msec        36
tcp-clients     0
throttle-entries        0
uptime  462
user-msec       48
Leave a Comment

Comments

No comments yet. Why don’t you start the discussion?

Leave a Reply

Your email address will not be published. Required fields are marked *