[exim] DNS blacklists downloads?

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
M 
Brent Jones at ->
Delete this message
Reply to this message
Author: Peter Kirk
Date:  
To: exim users
Subject: [exim] DNS blacklists downloads?
Hi All

I have noticed about 3 times today my exim server has used a lot on DNS,
about 2GB a time. Below are the logs from my bandwidth monitoring 

x.x.x.x         b.dns.br         2135.61 MB
x.x.x.x         200.160.0.10         2135.47 MB
x.x.x.x         jim1.us.archive.org     2135.32 MB
x.x.x.x         ns20.ja.net         223        MB
x.x.x.x         ns8.spamhaus.org     199.27      MB


I have checked the ip addresses and it has to do with the dns
blacklisting in exim. Any ideas why it would use so much bandwidth.

I looked more into the logs for 200.160.0.10 on our Cisco ASA and got
the following

Nov 11 15:16:57 %ASA-6-302015: Built outbound UDP connection 17443293
for outside:200.160.0.10/53 (200.160.0.10/53) to hsn:x.x.x.x/55074
(x.x.x.x/55074)
Nov 11 15:16:57 %ASA-6-302015: Built outbound UDP connection 17443293
for outside:200.160.0.10/53 (200.160.0.10/53) to hsn:x.x.x.x /55074
(x.x.x.x /55074)
Nov 11 15:16:57 %ASA-6-302015: Built outbound UDP connection 17443293
for outside:200.160.0.10/53 (200.160.0.10/53) to hsn:x.x.x.x /55074
(x.x.x.x /55074)
Nov 11 15:19:01 %ASA-6-302016: Teardown UDP connection 17443293 for
outside:200.160.0.10/53 to hsn:x.x.x.x /55074 duration 0:02:03 bytes 176
Nov 11 15:19:01 %ASA-6-302016: Teardown UDP connection 17443293 for
outside:200.160.0.10/53 to hsn:x.x.x.x /55074 duration 0:02:03 bytes 176
Nov 11 15:19:01 %ASA-6-302016: Teardown UDP connection 17443293 for
outside:200.160.0.10/53 to hsn:x.x.x.x /55074 duration 0:02:03 bytes 176

Nov 11 16:05:33 %ASA-6-302015: Built outbound UDP connection 17614488
for outside:200.160.0.10/53 (200.160.0.10/53) to hsn:x.x.x.x /55074
(x.x.x.x /55074)
Nov 11 16:05:33 %ASA-6-302015: Built outbound UDP connection 17614488
for outside:200.160.0.10/53 (200.160.0.10/53) to hsn:x.x.x.x /55074
(x.x.x.x /55074)
Nov 11 16:05:33 %ASA-6-302015: Built outbound UDP connection 17614488
for outside:200.160.0.10/53 (200.160.0.10/53) to hsn:x.x.x.x /55074
(x.x.x.x /55074)
Nov 11 16:07:37 %ASA-6-302016: Teardown UDP connection 17614488 for
outside:200.160.0.10/53 to hsn:x.x.x.x /55074 duration 0:02:03 bytes
2239204366
Nov 11 16:07:37 %ASA-6-302016: Teardown UDP connection 17614488 for
outside:200.160.0.10/53 to hsn:x.x.x.x /55074 duration 0:02:03 bytes
2239204366
Nov 11 16:07:37 %ASA-6-302016: Teardown UDP connection 17614488 for
outside:200.160.0.10/53 to hsn:x.x.x.x /55074 duration 0:02:03 bytes
2239204366

As you can see, it downloaded about 1GB at a time :-(

Thanks for help in advance
This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-Re: [exim] anti-spam... what's next?Re: [exim] Exim Restrict outgoing relay by ip address->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)