On 2025-08-17 at 10:39:36 UTC-0400 (Sun, 17 Aug 2025 16:39:36 +0200)
Peter Milesson via Postfix-users <mi...@atmos.eu>
is rumored to have said:
[...]
My problem is, that there are some clients connecting at frequent
intervals (about 5 minutes) for days, or weeks on end. They display
non standard behavior, and do not pass the pregreet test, so I drop
the connection on them.
Even if the pregreet test fails, and the connection is dropped, a
dnsblog lookup is performed, which is evident from the log excerpt. I
don't know if the DNSBL results are cached, or if dnsblog contacts the
DNSBL servers for each new client connection.
DNS results are always cached. Postfix uses the system resolver, which
knows how to make DNS queries and how to use the TTL values that come
with every DNS answer. If you are using a local recursive caching
resolver (e.g. Unbound, BIND, PDNS-Resolver) it keeps records for as
long as the DNSBLs say they are valid.
If the pregreet test fails and the connection is dropped, getting
DNSBL results seems kind of pointless. If the DNSBL results are
cached, just a few CPU cycles are consumed. If the DNSBL servers are
contacted each time, it's a waste of resources (mostly for Spamhaus
and colleagues).
Right. This is why local recursive caching resolvers (NOT forwarders
like dnsmasq) have been a well-known best practice for mail systems for
decades. DNS cache hits in the same machine are trivial and they are not
much more expensive across a LAN, but they can be problematic if you are
a 50ms RTT to your resolver even if it's not the DNSBL authorities.
We probably don't by far come near the daily Spamhaus limit, but it
would still be interesting to know, if the dnsblog lookups are cached,
or not.
DNS is cached by DNS resolvers. How near that caching is to your Postfix
instance is a question about your system configuration.
--
Bill Cole
b...@scconsult.com or billc...@apache.org
(AKA @grumpybozo@toad.social and many *@billmail.scconsult.com
addresses)
Not Currently Available For Hire
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
