Stefan Foerster:
> from /var/log/mail.log:
> Dec 31 01:49:47 nemea postfix/postscreen[2994]: PASS OLD 168.100.1.4
>
> # postmap -q 168.100.1.4 btree:/var/lib/postfix/ps_cache
> 1262188493
>
> # date --date "Dec 31 01:49:47" "+%s"
> 1262220587
>
> # echo $(((1262220587-1262188493)/3600))
> 8
>
> If a client that has passed postscreen in the past connects again,
> should the timestamp stored in $postscreen_cache_map be updated?
Currently the time stamp says when the IP address passed the tests.
If the time stamp is updated without passing a test, then I don't
understand what the time stamp means: something passed a test,
maybe weeks or perhaps months ago?
I also don't understand what the problem is with repeating a test
once after 24 hours.
Wietse
> For
> legitimate clients, this would avoid a delay and/or DNS lookups
> every $postscreen_cache_retention_time. OTOH, if a non-legitimate
> client somehow gets to use the IP address of a sender previously added
> to the database, we lose our first line of defense. Small gain, big
> potential risk?
>
>
> Stefan^:wq
>
>
