Mailing List Archive: localhost lookups ?

localhost lookups ?

Feb 23, 2024, 3:43 PM

Post #1 of 4 (76 views)

Hello,

I am running SA 4.0.0 on a low volume mail server.

When SA begins evaluating a message to determine whether or not it's
spam, I see the following DNS queries on my caching resolver:

23-Feb-2024 18:33:02.364 queries: info: (localhost.ca): query:
localhost.ca IN AAAA +E(0) (127.0.0.1)

23-Feb-2024 18:33:02.365 queries: info: (localhost.ca): query:
localhost.ca IN A +E(0) (127.0.0.1)

23-Feb-2024 18:33:02.422 queries: info: (localhost.ca): query:
localhost.ca IN A +E(0) (127.0.0.1)

23-Feb-2024 18:33:02.422 queries: info: (localhost.ca): query:
localhost.ca IN AAAA +E(0) (127.0.0.1)

23-Feb-2024 18:33:02.422 queries: info: (localhost): query: localhost IN
AAAA +E(0) (127.0.0.1)

23-Feb-2024 18:33:02.423 queries: info: (localhost): query: localhost IN
A +E(0) (127.0.0.1)

... so an initial lookup for A and AAAA records about: localhost.ca, a
second attempt at resolving this and then a switch to querying for the A
and AAAA records of: localhost.

The reason the query for: localhost.ca happens twice is because the
domain: localhost.ca is non-resolvable ... there are no DNS records
about it (A/AAA, etc.).

What's interesting is that this is happening on a mail server that has
a: .ca TLD. It _looks_ like SA is appending this TLD to: localhost,
queries for it and it fails and then it queries correctly for:
localhost, which succeeds.

I'd like this spurious lookup for: localhost.ca to stop ... has anyone
seen something similar - either: localhost.ca or: localhost.tld for a
mail server with another TLD (ie: mail.com -> localhost.com) ?

If others have seen this, is it result of a configuration parameter ?

Thanks,

- J

Re: localhost lookups ? [ In reply to ]

mnalis-sa-list at voyager

Feb 23, 2024, 9:26 PM

Post #2 of 4 (75 views)

Permalink

On Fri, Feb 23, 2024 at 06:43:53PM -0500, J Doe wrote:
> 23-Feb-2024 18:33:02.422 queries: info: (localhost.ca): query:
> localhost.ca IN AAAA +E(0) (127.0.0.1)
>
> 23-Feb-2024 18:33:02.422 queries: info: (localhost): query: localhost IN
> AAAA +E(0) (127.0.0.1)

> What's interesting is that this is happening on a mail server that has
> a: .ca TLD. It _looks_ like SA is appending this TLD to: localhost,
> queries for it and it fails and then it queries correctly for:
> localhost, which succeeds.

And what does "ping localhost" (running with the same user as SA) say?
I'd guess it might have the same behaviour, in which case it is not
SA-related...

> I'd like this spurious lookup for: localhost.ca to stop ... has anyone
> seen something similar - either: localhost.ca or: localhost.tld for a
> mail server with another TLD (ie: mail.com -> localhost.com) ?
>
> If others have seen this, is it result of a configuration parameter ?

I've seen it in the past with misconfigured /etc/hosts (missing
localhost entry) so search (or domain) from /etc/resolv.conf was
being used as it would be for any unqualied host name...

(it also might be a permission problem on those files, or
chroot / SElinux / Apparmor, or /etc/nsswitch.conf etc)

--
Opinions above are GNU-copylefted.

Re: localhost lookups ? [ In reply to ]

general at nativemethods

Feb 24, 2024, 4:12 PM

Post #3 of 4 (72 views)

Permalink

On 2024-02-24 00:26, Matija Nalis wrote:
> On Fri, Feb 23, 2024 at 06:43:53PM -0500, J Doe wrote:
>> 23-Feb-2024 18:33:02.422 queries: info: (localhost.ca): query:
>> localhost.ca IN AAAA +E(0) (127.0.0.1)
>>
>> 23-Feb-2024 18:33:02.422 queries: info: (localhost): query: localhost IN
>> AAAA +E(0) (127.0.0.1)
>
>> What's interesting is that this is happening on a mail server that has
>> a: .ca TLD. It _looks_ like SA is appending this TLD to: localhost,
>> queries for it and it fails and then it queries correctly for:
>> localhost, which succeeds.
>
> And what does "ping localhost" (running with the same user as SA) say?
> I'd guess it might have the same behaviour, in which case it is not
> SA-related...
>
>> I'd like this spurious lookup for: localhost.ca to stop ... has anyone
>> seen something similar - either: localhost.ca or: localhost.tld for a
>> mail server with another TLD (ie: mail.com -> localhost.com) ?
>>
>> If others have seen this, is it result of a configuration parameter ?
>
> I've seen it in the past with misconfigured /etc/hosts (missing
> localhost entry) so search (or domain) from /etc/resolv.conf was
> being used as it would be for any unqualied host name...
>
> (it also might be a permission problem on those files, or
> chroot / SElinux / Apparmor, or /etc/nsswitch.conf etc)

Hi Matija,

Thank you for your quick reply. You were absolutely right - this was an
issue with my: /etc/resolv.conf and _not_ SA.

Everything looks like it's working correctly and the: localhost.ca
lookup is no longer happening.

- J

Re: localhost lookups ? [ In reply to ]

ruga at protonmail

Feb 25, 2024, 12:47 AM

Post #4 of 4 (72 views)

Permalink

I see this in live mail, sent by RFC clueless administrators, causing business mail to be either rejected or quarantined.

On production systems, the good mail server should self-discipline and fail hard, compelling the system administrator to take action.

-------- Original Message --------
On Feb 25, 2024, 01:12, J Doe wrote:

> On 2024-02-24 00:26, Matija Nalis wrote: > On Fri, Feb 23, 2024 at 06:43:53PM -0500, J Doe wrote: >> 23-Feb-2024 18:33:02.422 queries: info: (localhost.ca): query: >> localhost.ca IN AAAA +E(0) (127.0.0.1) >> >> 23-Feb-2024 18:33:02.422 queries: info: (localhost): query: localhost IN >> AAAA +E(0) (127.0.0.1) > >> What's interesting is that this is happening on a mail server that has >> a: .ca TLD. It _looks_ like SA is appending this TLD to: localhost, >> queries for it and it fails and then it queries correctly for: >> localhost, which succeeds. > > And what does "ping localhost" (running with the same user as SA) say? > I'd guess it might have the same behaviour, in which case it is not > SA-related... > >> I'd like this spurious lookup for: localhost.ca to stop ... has anyone >> seen something similar - either: localhost.ca or: localhost.tld for a >> mail server with another TLD (ie: mail.com -> localhost.com) ? >> >> If others have seen this, is it result of a configuration parameter ? > > I've seen it in the past with misconfigured /etc/hosts (missing > localhost entry) so search (or domain) from /etc/resolv.conf was > being used as it would be for any unqualied host name... > > (it also might be a permission problem on those files, or > chroot / SElinux / Apparmor, or /etc/nsswitch.conf etc) Hi Matija, Thank you for your quick reply. You were absolutely right - this was an issue with my: /etc/resolv.conf and _not_ SA. Everything looks like it's working correctly and the: localhost.ca lookup is no longer happening. - J