Re: [exim] DNS blacklists downloads?

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
MPeter Kirk at <-
 
Delete this message
Reply to this message
Author: Brent Jones
Date:  
To: Peter Kirk
CC: exim users
Subject: Re: [exim] DNS blacklists downloads?
On Tue, Nov 11, 2008 at 6:35 AM, Peter Kirk <peterki@???> wrote:
> Hi All
>
> I have noticed about 3 times today my exim server has used a lot on DNS,
> about 2GB a time. Below are the logs from my bandwidth monitoring
>
> x.x.x.x                 b.dns.br                2135.61 MB
> x.x.x.x                 200.160.0.10            2135.47 MB
> x.x.x.x                 jim1.us.archive.org     2135.32 MB
> x.x.x.x                 ns20.ja.net             223        MB
> x.x.x.x                 ns8.spamhaus.org        199.27    MB

>
> I have checked the ip addresses and it has to do with the dns
> blacklisting in exim. Any ideas why it would use so much bandwidth.
>
> I looked more into the logs for 200.160.0.10 on our Cisco ASA and got
> the following
>
> Nov 11 15:16:57 %ASA-6-302015: Built outbound UDP connection 17443293
> for outside:200.160.0.10/53 (200.160.0.10/53) to hsn:x.x.x.x/55074
> (x.x.x.x/55074)
> Nov 11 15:16:57 %ASA-6-302015: Built outbound UDP connection 17443293
> for outside:200.160.0.10/53 (200.160.0.10/53) to hsn:x.x.x.x /55074
> (x.x.x.x /55074)
> Nov 11 15:16:57 %ASA-6-302015: Built outbound UDP connection 17443293
> for outside:200.160.0.10/53 (200.160.0.10/53) to hsn:x.x.x.x /55074
> (x.x.x.x /55074)
> Nov 11 15:19:01 %ASA-6-302016: Teardown UDP connection 17443293 for
> outside:200.160.0.10/53 to hsn:x.x.x.x /55074 duration 0:02:03 bytes 176
> Nov 11 15:19:01 %ASA-6-302016: Teardown UDP connection 17443293 for
> outside:200.160.0.10/53 to hsn:x.x.x.x /55074 duration 0:02:03 bytes 176
> Nov 11 15:19:01 %ASA-6-302016: Teardown UDP connection 17443293 for
> outside:200.160.0.10/53 to hsn:x.x.x.x /55074 duration 0:02:03 bytes 176
>
> Nov 11 16:05:33 %ASA-6-302015: Built outbound UDP connection 17614488
> for outside:200.160.0.10/53 (200.160.0.10/53) to hsn:x.x.x.x /55074
> (x.x.x.x /55074)
> Nov 11 16:05:33 %ASA-6-302015: Built outbound UDP connection 17614488
> for outside:200.160.0.10/53 (200.160.0.10/53) to hsn:x.x.x.x /55074
> (x.x.x.x /55074)
> Nov 11 16:05:33 %ASA-6-302015: Built outbound UDP connection 17614488
> for outside:200.160.0.10/53 (200.160.0.10/53) to hsn:x.x.x.x /55074
> (x.x.x.x /55074)
> Nov 11 16:07:37 %ASA-6-302016: Teardown UDP connection 17614488 for
> outside:200.160.0.10/53 to hsn:x.x.x.x /55074 duration 0:02:03 bytes
> 2239204366
> Nov 11 16:07:37 %ASA-6-302016: Teardown UDP connection 17614488 for
> outside:200.160.0.10/53 to hsn:x.x.x.x /55074 duration 0:02:03 bytes
> 2239204366
> Nov 11 16:07:37 %ASA-6-302016: Teardown UDP connection 17614488 for
> outside:200.160.0.10/53 to hsn:x.x.x.x /55074 duration 0:02:03 bytes
> 2239204366
>
> As you can see, it downloaded about 1GB at a time :-(
>
> Thanks for help in advance
> --
> ## List details at http://lists.exim.org/mailman/listinfo/exim-users
> ## Exim details at http://www.exim.org/
> ## Please use the Wiki with this list - http://wiki.exim.org/
>

What does the mail volume on this server look like?
Do you use any caching resolver locally?
Does the ASA perform any DNS inspection? (enabled by default)

--
Brent Jones
brent@???

This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-Re: [exim] anti-spam... what's next?[exim] Recipients with no MX record need to drop->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)