On Sun, Feb 16, 2025 at 11:14:44AM +1100, Viktor Dukhovni via Postfix-users
wrote:
> > 154.52.2.229 154.52.2.243 154.52.2.248 154.52.2.241 154.52.2.235
> > 154.52.2.233 154.52.2.238 154.52.2.239 154.52.2.149 154.52.2.234
> > 154.52.2.246 154.52.2.237 154.52.2.247 154.52.2.249 154.52.2.244
> > 154.52.2.150 154.52.2.143 154.52.2.145 154.52.2.230 154.52.2.144
>
> I see, so the real problem seems to be that the *ISP* resolver does not
> support TCP. It just sends truncated responses, and provides no means
> of recovery. The Linux stack tries a TCP connection and just times out.
>
> If so, it is appropriate to retract dispersions cast on Rocky, and put
> the blame where it belongs. The ISP is the problem. The OP can for
> example test with a suitable subset of 1.1.1.1, 8.8.8.8 and 9.9.9.10,
> and of course better still run a local validating resolver.
I should have mentioned of course that use of the large public
resolvers (and even many shared ISP resolvers) creates a barrier to use
of various RBLs (e.g. Spamhaus). MTAs really should have a *local*
resolver that makes direct queries to the authoritative upstreams or
perhaps an in-house forwarder that does not forward to a public resolver.
--
Viktor.
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
