hello,
September 29, 2023 4:30 PM, "Wietse Venema via Postfix-users"
wrote:
> postscreen does not duplicate DNS caching. DNS lookup results are
> already cached in a non-Postfix DNS resolver (see /etc/resolv.conf).
OK, this is where I was wrong. I thought postscreen would cache the result of
the DNS queries for at least postscreen_dnsbl_min_ttl. Most dnsbl have a crazy
short TTL, I was hopping to get some cache here without having to install a
tool capable of caching DNS query results with TTL override…
May be I misunderstood this sentence in the documentation: «The minimum amount
of time that postscreen(8) remembers that a client IP address passed a
DNS-based reputation test […]»
In French «passer un test» means both «to take a test» and «to pass a test». As
I understand it now, if a client fails the test (is denied), result is not
cached. Is that correct?
> When postscreen receives multiple connections, then there can be
> multiple dnsblog queries.
>
> Normally, postscreen will combine multiplw dnsblog queries for the
> same IP address into one query for that IP address, when connections
> from that IP address overlap in time during the PREGREET delay,
> but this client pregreets immediately (after 0.07s).
>
> postscreen terminates the PREGREET delay as soon as the client
> pregreets and all dnsblog queries for that IP address have completed.
> That helps to get rid of spambots as quickly as possible.
>
> But that also reduces the opportunities for connections to overlap,
> and thus, for multiplednsblog queries to be combined into one.
Thanks a lot for the detailed timing informations.
patpro
___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
