Overview
You may notice in the Warning logs of your Kerio Connect server DNS failures related to blacklist checking, similar to the below:
[20/Jan/2023 12:02:36] DNS failure while trying to find address 54.129.222.205.bl.spamcop.net in blacklist SpamCop
[20/Jun/2023 00:09:26] DNS failure while trying to find address 198.61.232.104.dnsbl.sorbs.net in blacklist SORBS DNSBL
[20/Jun/2023 00:09:36] DNS failure while trying to find address 198.61.232.104.db.wpbl.info in blacklist wbpl
Solution
While counterintuitive, warning messages like the ones above are generally a good indicator that a mailserver sending to Kerio Connect is NOT blacklisted. Some blacklist providers, like SpamCop or Sorbs leverage reverse DNS searches in their internal databases in order to determine if a host/mailserver is blacklisted or not.
For example: a legitimate mailserver with IP 205.222.129.54 sending emails towards a Kerio Connect server that has the SpamCop blacklist enabled will result in an entry in the warning log stating: DNS failure while trying to find address 54.129.222.205.bl.spamcop.net in blacklist SpamCop
.
On the other hand, a blacklisted email server IP address will, instead, appear in the Security log.
However, there is a chance that there are underlying DNS issues causing these warnings. Please note that Kerio Connect does not have its own DNS server and will instead use the DNS server that is configured in the host OS configuration, so the support for this behavior is limited.
If needed, you can troubleshoot this behavior further by:
- Taking note of the hosts/IP addresses listed in the warning log
- Execute the following command in your server's Terminal (cmd/PowerShell):
nslookup <host_from_warning_log>
- If the result is still a host not found, try to run the same command in a machine that sits outside of the current network
- If the external network shows the same results, it means that the IP address is not on the blacklist, and there is no reason for concern whatsoever, on the contrary, it is a good sign.
- If the external network shows different results, you may need to get in touch with your network administrator (to check any middleware or firewalls that may prevent the DNS queries from going through) or ISP to report the DNS failures.
Summary
This article provides an explanation regarding DNS warnings when blacklists are enabled and clarifies the security aspect of it.
FAQ
-
Why am I getting DNS failures from blacklists?
Generally, it is an indicator that the mailserver sending to Kerio Connect is NOT found in the database of the blacklist provider. -
How can I change the Kerio Connect DNS configuration?
Kerio Connect server does NOT have an internal DNS server, and instead relies on the DNS configuration of the underlying host OS. -
Do I need to be concerned when seeing these kinds of DNS warnings?
No, on the contrary, this is a sign that the sending mailserver is not blacklisted and it is generally not something to be concerned about. Blacklists should continue to function, and you can confirm the blacklist functionality by checking the Security log, where blacklisted mailserver should appear.