On 2023-11-05 17:51, Wietse Venema via Postfix-users wrote:
Jesper Dybdal via Postfix-users:
To avoid using a public name server for DNSBL lookups, I would like the
DNSBL checks to be done using only the name server running on localhost.
But I would like the rest of the system to have for instance Google as a
secondary name server.
I do not use postscreen.
If I place a resolv.conf containing only localhost in the postfix chroot
jail, while /etc/resolv.conf contains multiple name servers, will that
work?? I.e., is resolv.conf read by postfix (smtpd, I assume) only after
it is chrooted?
(I assume so, but would like confirmation.)
If that is the case, all I need is to somehow make Debian not copy
/etc/resolv.conf into the chroot jail.
Have you considered running a local DNS resolver? Then all you need
is "nameserver: 127.0.0.1". That also gives you a bit more privacy
than sending all queries to the same provider.
Wietse
I do run a local resolver. I am just (and quite possibly unnecessarily)
worried that during the (few) moments where the local resolver for some
reason is stopped, some DNSBL may react badly to a request that comes
from the secondary, public, resolver - by responding in a way that
causes the mail to be rejected.
--
Jesper Dybdal
https://www.dybdal.dk
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
