hello, September 29, 2023 4:30 PM, "Wietse Venema via Postfix-users" <postfix-users@postfix.org> wrote:
> postscreen does not duplicate DNS caching. DNS lookup results are > already cached in a non-Postfix DNS resolver (see /etc/resolv.conf). OK, this is where I was wrong. I thought postscreen would cache the result of the DNS queries for at least postscreen_dnsbl_min_ttl. Most dnsbl have a crazy short TTL, I was hopping to get some cache here without having to install a tool capable of caching DNS query results with TTL override… May be I misunderstood this sentence in the documentation: «The minimum amount of time that postscreen(8) remembers that a client IP address passed a DNS-based reputation test […]» In French «passer un test» means both «to take a test» and «to pass a test». As I understand it now, if a client fails the test (is denied), result is not cached. Is that correct? > When postscreen receives multiple connections, then there can be > multiple dnsblog queries. > > Normally, postscreen will combine multiplw dnsblog queries for the > same IP address into one query for that IP address, when connections > from that IP address overlap in time during the PREGREET delay, > but this client pregreets immediately (after 0.07s). > > postscreen terminates the PREGREET delay as soon as the client > pregreets and all dnsblog queries for that IP address have completed. > That helps to get rid of spambots as quickly as possible. > > But that also reduces the opportunities for connections to overlap, > and thus, for multiplednsblog queries to be combined into one. Thanks a lot for the detailed timing informations. patpro _______________________________________________ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
