I did look into that. The problem exists with both spamassassin and the postfix RBL's -- any of them. So I looked into using /etc/resolv.conf but Google Compute Engine won't let you modify it (it reverts back every time their internal DHCP refreshes), and the only name server listed in it does not seem to resolve anything. Here is what my message log looks like if I manually specify dns server in spamassassin's configs:
Jan 31 16:21:15 pcs-plesk-centos7-web-vm named[17304]: error (network unreachable) resolving 'q.ns.spamhaus.org/AAAA/IN': 2001:610:510:188:192:16:188:181#53
Jan 31 16:21:15 pcs-plesk-centos7-web-vm named[17304]: error (network unreachable) resolving 't.ns.spamhaus.org/A/IN': 2001:610:510:188:192:16:188:181#53
Jan 31 16:21:15 pcs-plesk-centos7-web-vm named[17304]: error (network unreachable) resolving 'x.ns.spamhaus.org/A/IN': 2400:cb00:2049:1::a29f:191b#53
Jan 31 16:21:15 pcs-plesk-centos7-web-vm named[17304]: error (network unreachable) resolving 't.ns.spamhaus.org/AAAA/IN': 2400:cb00:2049:1::a29f:191b#53
Jan 31 16:21:15 pcs-plesk-centos7-web-vm named[17304]: error (network unreachable) resolving 'x.ns.spamhaus.org/AAAA/IN': 2400:cb00:2049:1::a29f:191b#53
Jan 31 16:21:15 pcs-plesk-centos7-web-vm named[17304]: error (network unreachable) resolving 'q.ns.spamhaus.org/A/IN': 2400:cb00:2049:1::a29f:191b#53
Jan 31 16:21:15 pcs-plesk-centos7-web-vm named[17304]: error (network unreachable) resolving 'q.ns.spamhaus.org/AAAA/IN': 2400:cb00:2049:1::a29f:191b#53
If I specify OpenDNS's name server in spamassassin's configs directly (using dns_server 208.67.222.222), spamassassin begins working perfectly (using URIBL checks, etc) However, I can't specify a DNS server to postfix in its own settings I don't think. However, it all just reveals the main problem, that this /etc/resolv.conf settings file is not resolving for anything:
# cat /etc/resolv.conf
# Generated by NetworkManager
search c.api-project-1046983702557.internal google.internal
nameserver 169.254.169.254
At this point, I'm looking down these paths to try and find one that'll work:
- Fix bind/named to actually function for resolving, although this may just be a symptom of the internal nameserver IP address not actually resolving too.
- Get a new nameserver listed in /etc/resolv.conf that actually resolves!
- Specify a different DNS server directly in postfix somehow, surviving reboots, probably using NetworkManager if it is even possible.
- Maybe get spamassassin to check the spamhaus lists instead of postfix if I can't get anything else to work.
I have to say, this Google Cloud server is extremely fast, and is incredibly easy to scale, with just the slide of a setting to choose processors, memory, and storage. Plesk runs http2 in it beautifully, getting A+ scores in all the website security screens.
However, there are a few things I don't like, like this /etc/resolv.conf file that can't be directly modified, and the fact they don't allow outgoing email directly from their servers (I'm using SendGrid as the mail relay like their instructions suggest)
This is just a bit beyond my comfort level trying to fix this...