Guy wrote:
Hi guys,
I had a problem earlier today when our local DNS server's forwarding
servers were slow to respond.
I had a number of emails from various sources rejected as blocked by
zen.spamhaus.org. The IPs I checked weren't on the list according to
the spamhaus website.
No, this is false. Postfix will log a warning and pass the
mail when an RBL query times out.
The only ill effect is a pause of the mail processing while
postfix waits for the DNS response. It's possible some
impatient senders will disconnect during this pause, but that
seems rare, and they should retry later.
I did notice that doing a "dig @localdns.server zen.spamhaus.org"
didn't always return an answer. After changing the forwarding servers
in bind the problem seems to have cleared up.
Is this the expected behaviour from Postfix if an rbl cannot be
reached? Is it possible to have Postfix pass the mail rather than
reject if the server cannot find the rbl?
Postfix does not reject mail due to an RBL failure. Either
you misread the evidence or your DNS server falsified the
response.
For further analysis, you'll need to show unaltered log
entries of the unexpected rejects.
Or would that be a bad idea
even if it can be done?
RBL queries timeout often enough that it would be insane to
reject mail because of a timeout.
(I suppose some very strict folks might 450 defer mail after
an RBL timeout, but even that seems extreme. Anyway, postfix
can't do this either without a custom policy service.)
-- Noel Jones
