Timo Geusch: > Based on zen.spamhaus.org's documentation 127.255.255.25[245] are > actually error codes and not indicators of allow/denylisting - in this > case, their error is that I was querying via a public resolver, see link > here: https://www.spamhaus.org/faq/section/DNSBL%20Usage#200
So don't do that. > The fix/workaround in my case is relatively easy as I mostly need to > update the configuration for my local DNS server. That said, I'm not > sure if postscreen should treat this kind of error as a denylisted server? postscreen has no provider-specific parsing of DNSBL status codes. Instead, postscreen assumes that all replies are true positives. To select specific responses, see the fine postscreen_dnsbl_sites documentation. Wietse