Gerben Wierda:
> My standard DNS forwards to cloud9 (9.9.9.9) because cloud9 blocks bad
> actors. But that means that DNSBL from spamhaus doesn?t work as the query to
> comes from a public DNS server.
>
> I am using:
> # Drop any SMTP client that talks before its turn (spam botnets in a hurry)
> postscreen_greet_action = drop
> # Drop any SMTP client that is in the DNSBL
> postscreen_dnsbl_sites = zen.spamhaus.org*2
> postscreen_dnsbl_action = drop
>
> I have a secondary resolver that doesn?t forward to cloud9. Can I
> use that local DNS instead of the standard one in postfix, preferably
> for postscreen DNSBL only?
Postfix does not choose its DNS resolvers. Instead, Postfix uses
the libresolv system library. Historically, that library has no API
to specify resolver IP address(es), and it is unlikely that Postfix
will implement its own libresolv functionality.
On the wishlist is to have a Postfix resolver *plugin* API, like
Postfix has the XSASL API for different SASL backends (Cyrus,
Dovecot). Then, Postfix could call into alternative resolver
libraries.
Meanwhile could you dnsmasq et al. to manage how queries are routed?
Wietse
