Stan Hoeppner:
> Wietse Venema put forth on 8/25/2010 4:27 PM:
> > Noel Jones:
> >> As I see it, there are two complementary paths we can take
> >> with DNS whitelists, each with a slightly different purpose.
> >> While these are both useful, neither depends on the other, so
> >> postfix can implement either or both.
> >
> > I'll read the entire proposal later.
> >
> > Would this notation work:
> >
> > dnswl1.example.com=127.0.0.2*weight1, dnswl2.example.com=127.0.0.1*weight2
> > dnsbl3.example.com=127.0.0.3*weight3, dnsbl4.example.com=127.0.0.1*weight4
>
> IMO this really depends on the "role" you expect postscreen to play. If
The 127.x.x.x filters are OPTIONAL, as are the weight factors.
Sites that don't need them don't specify them.
This is a basic Postfix principle. If you don't need some feature
then you don't need to know how to configure it.
> > Currently, postscreen does not look up the client hostname, that
> > is something that can be added later when there is time.
>
> Won't all of these dns lookups slow postscreen down?
Hostname DNS lookup is no worse than DNSBL or DNSWL lookup, or
talking with an SMTP client for pregreet or greylist tests.
Postscreen does these things in parallel: one postscreen process
handles many clients, instead of wasting one smtpd process per
spambot. It's a scalability feature.
> If postscreen is doing dnsxl lookups merely to decide if a connection
> gets past postscreen, and then we do the same dnsbl lookup in smtpd to
In that case Postscreen's DNSWL lookup would work as a DNS cache
prefetch, so it would still improve Postfix over-all performance.
Wietse
