Matt Rude: > On 2/3/2011 11:53 AM, /dev/rob0 wrote: > > On Thu, Feb 03, 2011 at 03:31:07PM +0100, Frank Bonnet wrote: > >> Just few words to say how postscreen is great ! > > > > The only drawback, which is minor from our point of view, but maybe > > major for the DNSBL operators, is that every connection means a hit > > on every DNSBL. Many of those were being blocked without any DNS > > lookups at all, such as the non-FQDN or non-alpha HELO. > > I was wondering about this also. Under the old setup I was seeing fewer > request to the DNSBLs since zen and other checks were stopping the > message first. When setup with prescreen, it's not checking known good > clients on every connect, but checking all DNSBLs for new/bad connects. > I would still expect the number of DNSBL queries to go down, but on my > system I'm seeing an increase. Maybe they will start going down as more > hosts are added to the white lists.
You could try to increase postscreen_dnsbl_ttl from its default 1h; that will reduce the number of DNS lookups for dynamically-whitelisted clients. I've set the default on the low side, so it can catch spamware before (smtpd) greylist deadline expires. Wietse