[pfx] Is there caching of DNSBL and DNSWL results for postscreen?

Sun, 17 Aug 2025 05:59:50 -0700 

Hi folks,
I have successfully setup and put into operation a Postfix server for a small company. I have set up postscreen to block ill behaved clients, and have so far not encountered any problems or adverse effects. 

The parameters applicable to postscreen are listed last in the message


The allow and deny lists work as they should, and immediately allows, or 
denies connections.



I have set the parameters to drop connections, if the clients do not 
pass the greet action test. Even if the connection is immediately 
dropped after not passing the greet action test, a DNSBL lookup seems to 
be performed anyway (see log excerpt). If clients with non standard 
behavior are dropped immediately, it seems a bit like an after thought 
to look them up. Is this behavior intentional, or is it a left over? I 
guess it really does not do any harm, as the results are fetched from 
the cache (or from the DNSBL sites, if the IP address is not in the cache).


Best regards,

Peter

Log excerpt
=========


2025-08-17T12:21:24.263355+02:00 smtpsrv postfix/postscreen[190539]: 
CONNECT from [141.98.11.11]:62877 to [192.168.0.113]:25
2025-08-17T12:21:24.264442+02:00 smtpsrv postfix/dnsblog[190544]: addr 
141.98.11.11 listed by domain bl.spamcop.net as 127.0.0.2
2025-08-17T12:21:24.264504+02:00 smtpsrv postfix/dnsblog[190541]: addr 
141.98.11.11 listed by domain bl.spameatingmonkey.net as

127.0.0.2

2025-08-17T12:21:24.264743+02:00 smtpsrv postfix/dnsblog[190543]: addr 
141.98.11.11 listed by domain zen.spamhaus.org as 127.0.0.3
2025-08-17T12:21:24.264798+02:00 smtpsrv postfix/dnsblog[190543]: addr 
141.98.11.11 listed by domain zen.spamhaus.org as 127.0.0.4
2025-08-17T12:21:24.264847+02:00 smtpsrv postfix/dnsblog[190543]: addr 
141.98.11.11 listed by domain zen.spamhaus.org as 127.0.0.11
2025-08-17T12:21:24.264887+02:00 smtpsrv postfix/dnsblog[190543]: addr 
141.98.11.11 listed by domain zen.spamhaus.org as 127.0.0.9
2025-08-17T12:21:24.264917+02:00 smtpsrv postfix/dnsblog[190543]: addr 
141.98.11.11 listed by domain zen.spamhaus.org as 127.0.0.2
2025-08-17T12:21:24.287019+02:00 smtpsrv postfix/postscreen[190539]: 
PREGREET 13 after 0.02 from [141.98.11.11]:62877: EHLO drOTMO\r\n
2025-08-17T12:21:24.287106+02:00 smtpsrv postfix/postscreen[190539]: 
DISCONNECT [141.98.11.11]:62877
2025-08-17T12:21:24.355356+02:00 smtpsrv postfix/postscreen[190539]: 
CONNECT from [141.98.11.11]:61987 to [192.168.0.113]:25
2025-08-17T12:21:24.356280+02:00 smtpsrv postfix/dnsblog[190547]: addr 
141.98.11.11 listed by domain bl.spameatingmonkey.net as

127.0.0.2

2025-08-17T12:21:24.356496+02:00 smtpsrv postfix/dnsblog[190541]: addr 
141.98.11.11 listed by domain zen.spamhaus.org as 127.0.0.4
2025-08-17T12:21:24.356549+02:00 smtpsrv postfix/dnsblog[190541]: addr 
141.98.11.11 listed by domain zen.spamhaus.org as 127.0.0.11
2025-08-17T12:21:24.356594+02:00 smtpsrv postfix/dnsblog[190541]: addr 
141.98.11.11 listed by domain zen.spamhaus.org as 127.0.0.9
2025-08-17T12:21:24.356629+02:00 smtpsrv postfix/dnsblog[190541]: addr 
141.98.11.11 listed by domain zen.spamhaus.org as 127.0.0.2
2025-08-17T12:21:24.356662+02:00 smtpsrv postfix/dnsblog[190544]: addr 
141.98.11.11 listed by domain bl.spamcop.net as 127.0.0.2
2025-08-17T12:21:24.356696+02:00 smtpsrv postfix/dnsblog[190541]: addr 
141.98.11.11 listed by domain zen.spamhaus.org as 127.0.0.3
2025-08-17T12:21:24.386407+02:00 smtpsrv postfix/postscreen[190539]: 
PREGREET 15 after 0.03 from [141.98.11.11]:61987: EHLO t5GD26cH\r\n
2025-08-17T12:21:24.386520+02:00 smtpsrv postfix/postscreen[190539]: 
DISCONNECT [141.98.11.11]:61987



Postscreen parameters
===================

postscreen_greet_action = drop
postscreen_bare_newline_enable = yes
postscreen_bare_newline_action = drop
postscreen_non_smtp_command_enable = yes
# Using default
#postscreen_non_smtp_command_action = drop
postscreen_pipelining_enable = yes
postscreen_pipelining_action = drop
postscreen_dnsbl_threshold = 3
postscreen_dnsbl_whitelist_threshold = -2
postscreen_dnsbl_action = drop
postscreen_denylist_action = drop
postscreen_client_connection_count_limit = 5


_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org






















					Reply via email to