Spamassasins dns 127.0.0.1

ale.ab · April 16, 2026, 1:49pm

SYSTEM INFORMATION
OS type and version	Rocky linux 9.7
Webmin version	2.630
Virtualmin version	8.1.0
Webserver version	apache 2
Related packages	SUGGESTED

i have a new server. i have a spam problem…
this is my setup - dns

  GNU nano 5.6.1                                                                                    /etc/resolv.conf                                                                                               
# Generated by NetworkManager
search xxxxxxxxxxx.com
nameserver 127.0.0.1
nameserver 1.1.1.1
nameserver 8.8.8.8
# NOTE: the libc resolver may not support more than 3 nameservers.
# The nameservers listed below may not be recognized.
nameserver 9.9.9.9

this is my setup - spamassasins

required_hits 5
report_safe 0
rewrite_header subject [SPAM]

add_header ham Report _REPORT_

dns_server 127.0.0.1

score RCVD_IN_SBL 10.0
score RCVD_IN_SBL_CSS 5.0
score RCVD_IN_PBL 10.0
score SPF_FAIL 5
score SPF_SOFTFAIL 4
score SPF_HELO_SOFTFAIL 2
score SPF_NONE 4
score SPF_HELO_NONE 2
score SPF_PASS 0
score RCVD_IN_MSPIKE_ZBI 2.7
score RCVD_IN_MSPIKE_L5 2.5
score RCVD_IN_MSPIKE_L4 1.7
score RCVD_IN_MSPIKE_L3 0.9
score USER_IN_DEF_DKIM_WL -3.0

score PYZOR_CHECK 2.000
# pyzor
use_pyzor 1
pyzor_path /usr/bin/pyzor
add_header all Pyzor _PYZOR_ 

score DCC_CHECK 3.000
# dcc
use_dcc 1
dcc_home /var/dcc
dcc_path /usr/local/bin/dccproc
dcc_timeout     5min
add_header all  DCC _DCCB_: _DCCR_

but i receive a lot of spam. i check header and found

X-Spam-Report: 
	*  0.0 URIBL_DBL_BLOCKED_OPENDNS ADMINISTRATOR NOTICE: The query to
	*      dbl.spamhaus.org was blocked due to usage of an open resolver.
	*      See https://www.spamhaus.org/returnc/pub/
	*      [URIs: tedswoodwor.shop]
	*  0.0 RCVD_IN_ZEN_BLOCKED_OPENDNS RBL: ADMINISTRATOR NOTICE: The
	*      query to zen.spamhaus.org was blocked due to usage of an open
	*      resolver. See https://www.spamhaus.org/returnc/pub/
	*      [193.36.60.134 listed in zen.spamhaus.org]

how is possible with dns 127.0.0.1 ?
i wrong something but can’t see how…

thank you

Randomz · April 16, 2026, 2:32pm

Unless you have a recursive resolver on 127.0.0.1, then it will use 1.1.1.1 - public resolver.

Just try this, edit /etc/resolv.conf and comment out the bottom 2 nameserver entries, then try to look something up on that server.

You may need to use your ISP name servers.

ale.ab · April 16, 2026, 3:17pm

thank you for reply.

ok, now i have
nano /etc/resolv.conf

Generated by NetworkManager

search webstoreps.com
nameserver 127.0.0.1

i check also on nmtui and have only 127.0.0.1
the /sbin/reboot
but if ping www.google.com works fine. probably with bind???

but if i try
dig +short 2.0.0.127.zen.spamhaus.org
127.255.255.254

i think i have also spam… i check later…
for now thank you

Randomz · April 16, 2026, 10:05pm

127.255.255.254 = Query via public/open resolver/generic unattributable rDNS

Done using my own DNS server:

dig +short 2.0.0.127.zen.spamhaus.org
127.0.0.4
127.0.0.2
127.0.0.10

Randomz · April 16, 2026, 10:17pm

Try doing: nslookup google.com or any domain name it should show what dns server is being used at the top of the response.

ale.ab · April 17, 2026, 4:53am

thank you.
i know about 127.0.0.4 etc…

but i can’t undestand how this (only this) server doesn’t work…

root@s6 ~]# nslookup google.com
Server: 127.0.0.1
Address: 127.0.0.1#53

Non-authoritative answer:
Name: google.com
Address: 172.217.169.238
Name: google.com
Address: 2a00:1450:4002:409::200e

seems use 127.0.0.1

[root@s6 ~]# dig +short 2.0.0.127.zen.spamhaus.org
127.255.255.254

Randomz · April 17, 2026, 5:25am

Do you actually have bind installed and properly configured /etc/named.conf ?

It might be forwarding all queries to public servers like this:

options {
    listen-on port 53 { 127.0.0.1; };
    allow-query     { localhost; };
    recursion yes;
    forwarders {
        1.1.1.1;
        8.8.8.8;
    };
};

Substitute your ISP DNS servers instead.

ale.ab · April 17, 2026, 5:51am

thank you.
i check named.conf but i don’t have forwarders…

//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//

options {
	listen-on port 53 {
		any;
		};
	listen-on-v6 port 53 {
		any;
		};
	directory 	"/var/named";
	dump-file 	"/var/named/data/cache_dump.db";
	statistics-file "/var/named/data/named_stats.txt";
	memstatistics-file "/var/named/data/named_mem_stats.txt";
	secroots-file	"/var/named/data/named.secroots";
	recursing-file	"/var/named/data/named.recursing";

	/* 
	 - If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
	 - If you are building a RECURSIVE (caching) DNS server, you need to enable 
	   recursion. 
	 - If your recursive DNS server has a public IP address, you MUST enable access 
	   control to limit queries to your legitimate users. Failing to do so will
	   cause your server to become part of large scale DNS amplification 
	   attacks. Implementing BCP38 within your network would greatly
	   reduce such attack surface 
	*/
	recursion yes;

	dnssec-validation yes;

	managed-keys-directory "/var/named/dynamic";
	geoip-directory "/usr/share/GeoIP";

	pid-file "/run/named/named.pid";
	session-keyfile "/run/named/session.key";

	/* https://fedoraproject.org/wiki/Changes/CryptoPolicy */
	include "/etc/crypto-policies/back-ends/bind.config";
};

logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};

zone "." IN {
	type hint;
	file "named.ca";
};

include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";

stefan1959 · April 17, 2026, 7:42am

Just remove nameserver 127.0.0.1, I run rocky 9.7 and I don’t have that entry.
I do use external NS, maybe its added when you use virtualmin server to handle dns.

shoulders · April 17, 2026, 8:58am

127.0.0.1 allows the use of the stub resolver and a local cache, I think.

Remove 1.1.1.1 and 8.8.8.8. then you will either use local cache or 9.9.9.9

ale.ab · April 17, 2026, 9:59am

thank you.
no i’m add 127.0.0.1 on name server.
because from centos 7 I did it like this…

now i remove dns server with nmtui and reboot

[root@s6 ~]# cat /etc/resolv.conf 
# Generated by NetworkManager
search xxxxxxxxxxxxxxx.com

so seems i don’t have dns server…
but i can ping www.google.com or other.
so server works

root@s6 ~]# nslookup www.google.it
Server:         127.0.0.1
Address:        127.0.0.1#53

Non-authoritative answer:
Name:   www.google.it
Address: 142.251.140.99
Name:   www.google.it
Address: 2a00:1450:4002:400::2003

use always 127.0.0.1

anti spam always not works

[root@s6 ~]# dig +short 2.0.0.127.zen.spamhaus.org
127.255.255.254

what else can I do?
thank you

Randomz · April 17, 2026, 2:28pm

Is this from an image supplied by a VPS service?

They may have preconfigured DNS unless you setup Bind with recursion - unless the provider blocks port 53 TCP/UDP.

ale.ab · April 20, 2026, 11:04am

thank you for reply.
no is VM installed (by me) on hypervisor…
so i have installed rocky linux from iso.
and provider don’t block port 53 (i can telnet 8.8.8.8 53)

for now i’m able to solve with
on nmtui change dns with dns4eu
86.54.11.100 / 86.54.11.200
and remove from spamassasin/local.cf
#dns_server 127.0.0.1

now if i try
dig +short 2.0.0.127.zen.spamhaus.org
i receive
127.0.0.10
127.0.0.4
127.0.0.2
so it’s correct. and when open header of a email i see sbl etc…
now seems works …

thank you