On 17.08.2025 15:04, Wietse Venema via Postfix-users wrote:
postscreen caches SUCCESSFUL tests, with a time-to-live that
is configurable:
postconf | grep '^postscreen[^ ]*_ttl'
If the remote SMTP client did not recently pass the DNSBL test,
then postscreen will fire off a DNS request while the pregreet wait
is in progress.
If postscreen drops a connection immediately, then it will not wait
for other tests (DNS etc.) to complete. You can 't have both
"disconnect immediately" and "wait for ongoing tests to finish".
Wietse
Hi Wietse,
Thanks for the information.
My problem is, that there are some clients connecting at frequent
intervals (about 5 minutes) for days, or weeks on end. They display non
standard behavior, and do not pass the pregreet test, so I drop the
connection on them.
Even if the pregreet test fails, and the connection is dropped, a
dnsblog lookup is performed, which is evident from the log excerpt. I
don't know if the DNSBL results are cached, or if dnsblog contacts the
DNSBL servers for each new client connection. If the pregreet test fails
and the connection is dropped, getting DNSBL results seems kind of
pointless. If the DNSBL results are cached, just a few CPU cycles are
consumed. If the DNSBL servers are contacted each time, it's a waste of
resources (mostly for Spamhaus and colleagues).
We probably don't by far come near the daily Spamhaus limit, but it
would still be interesting to know, if the dnsblog lookups are cached,
or not.
Best regards,
Peter
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
