On 4/27/2012 2:12 PM, /dev/rob0 wrote: > Postfix is going to do a reverse DNS lookup of any connecting client, > followed by a forward lookup of the PTR name received.
These are done in the postfix/smtpd client. > This is fine > for most sites. Small sites can save some of this using postscreen, > which merely does a few cheap and fast checks without the PTR/A(AAA)? > lookups. postscreen does no DNS lookups other than user-defined dnsbl/dnswl. > > It sounds like Bron's patch is to do a client local blacklist lookup > beforehand. > > Fastmail.fm might be too big to benefit from postscreen, That's unclear. cidr tables should scale very well to a couple hundred thousand entries. For millions of entries maybe memcache would help. Testing would be required to see what's feasible. It's imperative that postscreen table lookups be extremely fast, since that's the postscreen choke point. Postfix becomes unusable when the access table and/or cache lookup delay gets high enough to throttle incoming mail. > but you are > probably not. :) Your best answer, as discussed upthread, is to use > postscreen. Indeed. -- Noel Jones
