Matt Rude:
> On 2/3/2011 11:53 AM, /dev/rob0 wrote:
> > On Thu, Feb 03, 2011 at 03:31:07PM +0100, Frank Bonnet wrote:
> >> Just few words to say how postscreen is great !
> >
> > The only drawback, which is minor from our point of view, but maybe
> > major for the DNSBL operators, is that every connection means a hit
> > on every DNSBL. Many of those were being blocked without any DNS
> > lookups at all, such as the non-FQDN or non-alpha HELO.
>
> I was wondering about this also. Under the old setup I was seeing fewer
> request to the DNSBLs since zen and other checks were stopping the
> message first. When setup with prescreen, it's not checking known good
> clients on every connect, but checking all DNSBLs for new/bad connects.
> I would still expect the number of DNSBL queries to go down, but on my
> system I'm seeing an increase. Maybe they will start going down as more
> hosts are added to the white lists.
You could try to increase postscreen_dnsbl_ttl from its default 1h;
that will reduce the number of DNS lookups for dynamically-whitelisted
clients.
I've set the default on the low side, so it can catch spamware
before (smtpd) greylist deadline expires.
Wietse
