On 2022-08-09 at 12:50:22 UTC-0400 (Tue, 9 Aug 2022 12:50:22 -0400) Dino Edwards <dino.edwa...@mydirectmail.net> is rumored to have said:
>> Let's do some concreate tests. > >> 1) What is the output from: > >> dig +short 2.0.0.127.zen.spamhaus.org > > Output is nothing Your DNS resolver is broken. That's a test name which should always return either multiple results like this: $ dig +short 2.0.0.127.zen.spamhaus.org 127.0.0.4 127.0.0.2 127.0.0.10 Or a single result like this: $ dig @9.9.9.9 +short 2.0.0.127.zen.spamhaus.org 127.255.255.254 Getting no result at all is a bit mysterious. Try just 'dig 2.0.0.127.zen.spamhaus.org' to get possibly useful details, including what exactly 'dig' asked, what nameserver it asked, and what if any response it got. >> 2) What is the output from: > >> dig +short 1.0.0.127.zen.spamhaus.org > > Output is nothing Expected and correct [...] >> 4) How do you know that postscreen does DNS lookups? Hint: look for > > dnsblog processes. By default these process terminate after being > >idle for 100s. > > There are dnsblog entries, sadly they only seem to be timeouts but only one > or two a day looks like: > > Aug 8 03:08:11 smtp postfix/postscreen[2984]: warning: dnsblog reply > timeout 10s for dnsbl.sorbs.net > Aug 9 10:21:49 smtp postfix/postscreen[2984]: warning: dnsblog reply > timeout 10s for dnsbl.sorbs.net There SHOULD be entries made by the dnsblog process itself, with 'postfix/dnsblog' in the sender field after the date. It is very odd that you have entries about dnsblog by postscreen proper, but nothing from dnsblog itself. It's probably time to follow these instructions for how to report a Postfix problem on this list: https://www.postfix.org/DEBUG_README.html#mail -- Bill Cole b...@scconsult.com or billc...@apache.org (AKA @grumpybozo and many *@billmail.scconsult.com addresses) Not Currently Available For Hire
