On 2021-05-29 at 10:22:23 UTC-0400 (Sat, 29 May 2021 10:22:23 -0400)
Timo Geusch <free...@unixconsult.co.uk>
is rumored to have said:
The fix/workaround in my case is relatively easy as I mostly need to
update the configuration for my local DNS server. That said, I'm not
sure if postscreen should treat this kind of error as a denylisted
server?
If you *TELL* postscreen to treat different DNSBL reply values
differently, then it will. For example:
postscreen_dnsbl_sites = zen.spamhaus.org=127.0.0.2*2
zen.spamhaus.org=127.0.0.3*2 zen.spamhaus.org=127.0.0.4*2
zen.spamhaus.org=127.0.0.10*2 zen.spamhaus.org=127.0.0.11*2
psbl.surriel.com=127.0.0.2*1 ix.dnsbl.manitu.net=127.0.0.2*1
postscreen_dnsbl_threshold = 2
That has existed for as long as postscreen has existed. The syntax is
similar for reject_rbl_client (without the '*weight' component) which
goes backs to v2.1. DNSBLs have a long history of dying in "list the
world" events after their domains are abandoned to DNS-wildcarding
domain vultures, so not using the available facilities to specify
expected reply values is well-known to be risky configuration.
--
Bill Cole
b...@scconsult.com or billc...@apache.org
(AKA @grumpybozo and many *@billmail.scconsult.com addresses)
Not Currently Available For Hire
