[pfx] Re: empty from envelope?

Charles Sprickman via Postfix-users Sat, 06 Jun 2026 18:23:08 -0700


> On Jun 6, 2026, at 8:24 AM, Wietse Venema via Postfix-users 
> <[email protected]> wrote:
> 
> Charles Sprickman via Postfix-users:
>> And I think I might have fodder for another question for this list here:
>> 
>>  postscreen (total: 1651)
>>      1539   psc_dnsbl_request: connect to private/dnsblog service:
>>      Connecti...  <<-- ?? google not at all helpful here - I have
>>      no limits in master.cf on dnsblog procs
> 
> The complete message would be helpful.


Sorry - I just noticed it in the pflogsumm output.

In full, it seems to come in bursts. Postscreen logs this info, but I don't see 
dnsblog complaining:

Jun  6 20:37:18 mbox postfix/dnsblog[36232]: addr 52.101.43.104 listed by 
domain hostkarma.junkemailfilter.com as 127.0.1.1
Jun  6 20:37:19 mbox postfix/postscreen[23313]: CONNECT from 
[45.91.108.223]:60470 to [10.10.10.25]:25
Jun  6 20:37:19 mbox postfix/postscreen[23313]: CONNECT from 
[45.91.108.220]:37228 to [10.10.10.25]:25
Jun  6 20:37:19 mbox postfix/postscreen[23313]: CONNECT from 
[45.91.108.224]:51181 to [10.10.10.25]:25
Jun  6 20:37:19 mbox postfix/postscreen[23313]: CONNECT from 
[45.91.108.222]:51519 to [10.10.10.25]:25
Jun  6 20:37:19 mbox postfix/postscreen[23313]: CONNECT from 
[45.91.108.228]:40497 to [10.10.10.25]:25
Jun  6 20:37:19 mbox postfix/postscreen[23313]: warning: psc_dnsbl_request: 
connect to private/dnsblog service: Connection refused
Jun  6 20:37:19 mbox postfix/postscreen[23313]: warning: psc_dnsbl_request: 
connect to private/dnsblog service: Connection refused
Jun  6 20:37:19 mbox postfix/postscreen[23313]: CONNECT from 
[45.91.108.230]:48673 to [10.10.10.25]:25
Jun  6 20:37:19 mbox postfix/postscreen[23313]: warning: psc_dnsbl_request: 
connect to private/dnsblog service: Connection refused
Jun  6 20:37:19 mbox last message repeated 30 times
Jun  6 20:37:19 mbox postfix/postscreen[23313]: CONNECT from 
[45.91.108.226]:44944 to [10.10.10.25]:25
Jun  6 20:37:19 mbox postfix/postscreen[23313]: warning: psc_dnsbl_request: 
connect to private/dnsblog service: Connection refused
Jun  6 20:37:19 mbox last message repeated 30 times
Jun  6 20:37:19 mbox postfix/postscreen[23313]: CONNECT from 
[45.91.108.229]:33971 to [10.10.10.25]:25
Jun  6 20:37:19 mbox postfix/postscreen[23313]: warning: psc_dnsbl_request: 
connect to private/dnsblog service: Connection refused
Jun  6 20:37:19 mbox last message repeated 30 times
Jun  6 20:37:19 mbox postfix/postscreen[23313]: CONNECT from 
[45.91.108.221]:44946 to [10.10.10.25]:25
Jun  6 20:37:19 mbox postfix/postscreen[23313]: warning: psc_dnsbl_request: 
connect to private/dnsblog service: Connection refused
Jun  6 20:37:19 mbox last message repeated 30 times
Jun  6 20:37:19 mbox postfix/postscreen[23313]: CONNECT from 
[45.91.108.225]:37439 to [10.10.10.25]:25
Jun  6 20:37:19 mbox postfix/postscreen[23313]: warning: psc_dnsbl_request: 
connect to private/dnsblog service: Connection refused
Jun  6 20:37:19 mbox last message repeated 30 times
Jun  6 20:37:19 mbox postfix/dnsblog[85170]: addr 45.91.108.223 listed by 
domain truncate.gbudb.net as 127.0.0.2
Jun  6 20:37:19 mbox postfix/dnsblog[33293]: addr 45.91.108.223 listed by 
domain rbl.rbldns.ru as 127.0.0.2
Jun  6 20:37:19 mbox postfix/dnsblog[71321]: addr 45.91.108.220 listed by 
domain truncate.gbudb.net as 127.0.0.2
Jun  6 20:37:19 mbox postfix/postscreen[23313]: PASS OLD [45.91.108.223]:60470

I think postscreen does eventually get answers from dnsblog though...

> 
>>       100   dnsblog reply timeout 10s for dnsbl.ascams.com
> 
> If the timeouts happen with ascams only, stop using it.

100 in a day is not too bad at all for the volume involved here - they're a 
free service, so I assume at times they get DDoS'd, get more queries they can 
handle, etc.

> If the timeouts happen with all reputation services, you
> have an infrastructure problem.

Is there any path to tracking down what dnsblog is doing when postscreen gives 
a "connection refused" when trying to contact it?

Am I just overrunning some limit? My master.cf does not limit the number of 
dnsblog procs that can be spawned. I do see a few RBLs I use can be slow at 
times, is it just what happens if I fire off a ton of requests and there are a 
large number of slow or non-responsive RBLs?

This is what the summarized stats from pflogsumm show. "average connect time" 
seems a bit much, but I'm also not sure just what connection that's referring 
to - the remote MTA? dnsblog?

(from pflogsumm):

postscreen

  122921   connections
    9262   IP addresses
       4   avg. connect time (seconds)
 131:32:43  total connect time



Thanks,

Charles

> 
> Wietse
> _______________________________________________
> Postfix-users mailing list -- [email protected]
> To unsubscribe send an email to [email protected]

_______________________________________________
Postfix-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]

[pfx] Re: empty from envelope?

Reply via email to