Hi,
my working setup
- FreeBSD 11 p6
- iocage / zfs / jails
- jail1 - mysql 8
- jail2 - nginx
- jail3 - mail with postfix and dovecot
- jail4 - dns cache unbound with separate forwards for spamhaus and uribl.com
so far so good.
I installed rspamd from the source. It takes around 90min to compile and it use around 170 packages. Seems to use the half world. I had problems to configure rspamd, one library 'libfreetype' in /usr/share/lib had the wrong rights. There 're a lot of messages in /var/log/rspamd for errors in my dns. So I installed a unbound in a jail.
so far so good.
---
1) rspamd
Is rspamd the best solution for spam, dkim and virus support?
Should I use GD and / or Hyperscan support?
2) unbound
I'm a bit lost with unbound. I found another public DNS server for uribl.com, so I configured a forward-ip rule for uribl.com and it works. But that should not the recommend solution.
What is the right solution for spamhaus and uribl.com?
http://uribl.com/refused.shtml
my unbound config
regards
Steffen
my working setup
- FreeBSD 11 p6
- iocage / zfs / jails
- jail1 - mysql 8
- jail2 - nginx
- jail3 - mail with postfix and dovecot
- jail4 - dns cache unbound with separate forwards for spamhaus and uribl.com
so far so good.
I installed rspamd from the source. It takes around 90min to compile and it use around 170 packages. Seems to use the half world. I had problems to configure rspamd, one library 'libfreetype' in /usr/share/lib had the wrong rights. There 're a lot of messages in /var/log/rspamd for errors in my dns. So I installed a unbound in a jail.
so far so good.
---
1) rspamd
Is rspamd the best solution for spam, dkim and virus support?
Should I use GD and / or Hyperscan support?
2) unbound
I'm a bit lost with unbound. I found another public DNS server for uribl.com, so I configured a forward-ip rule for uribl.com and it works. But that should not the recommend solution.
What is the right solution for spamhaus and uribl.com?
http://uribl.com/refused.shtml
my unbound config
regards
Steffen
Code:
more conf.d/unbound.conf
server:
logfile: "/var/unbound/unbound.log"
verbosity: 1
port: 53 # port to answer queries from
do-ip4: yes # Enable IPv4, "yes" or "no".
do-ip6: no # Enable IPv6, "yes" or "no".
do-udp: yes # Enable UDP, "yes" or "no".
do-tcp: yes
hide-identity: yes
hide-version: yes
rrset-roundrobin: yes
minimal-responses: no
use-caps-for-id: yes
cache-min-ttl: 60
prefetch: yes
prefetch-key: yes
num-threads: 1 # 1 is enough for not heavy loaded server
val-permissive-mode: yes
# client ips that are allowed to query to this server.
access-control: 10.1.1.0/24 allow
access-control: 127.0.0.0/24 allow
# Enforce privacy of these addresses.
private-address: 10.1.1.0/24
root-hints: "/var/unbound/root.hints"
# You need these to turn on DNSSEC validation
# auto-trust-anchor-file: "/var/unbound/root.key"
# it's set in the main unbound.cnf
module-config: "validator iterator"
# You need this as no for dnscrypt-proxy to work
do-not-query-localhost: no
# Yoyo.org anti-ad server listing with script in dns/root/ad_servers.sh
# include: "/var/unbound/ad_servers"
forward-zone:
name: "spamhaus.org"
forward-addr: some IP Address
forward-zone:
name: multi.uribl.com
forward-addr: some IP Address