On May 6, 2012, at 09:39, Sahil Tandon wrote: > Is there anything I should/could do to prevent these type of > occurrences? My understanding is that postscreen(8) temporarily > struggles to contact dnsblog(8) and in the meantime, > postscreen_greet_wait elapses before DNSBL lookup results are available > for this client. > > May 5 10:00:26 mx1 postfix/postscreen[38500]: CONNECT from > [83.59.10.37]:12954 to [69.147.83.52]:25 > May 5 10:00:26 mx1 postfix/postscreen[38500]: warning: psc_dnsbl_request: > connect to private/dnsblog service: Connection refused > May 5 10:00:26 mx1 last message repeated 8 times > ... > May 5 10:00:32 mx1 postfix/postscreen[38500]: NOQUEUE: reject: RCPT > from [83.59.10.37]:12954: 450 4.3.2 Service currently unavailable; > from=<classi...@polysto.com>, to=<x...@freebsd.org>, proto=ESMTP, > helo=<37.red-83-59-10.dynamicip.rima-tde.net> > ... > May 5 10:00:33 mx1 postfix/postscreen[38500]: HANGUP after 1.1 from > [83.59.10.37]:12954 in tests after SMTP handshake > May 5 10:00:33 mx1 postfix/postscreen[38500]: PASS NEW [83.59.10.37]:12954 > > These psc_dnsbl_request warnings appear throughout my logs, and are > interleaved with 'normal' dnsblog(8) logging that shows it is still > working just fine in response to other client CONNECTs. > > I could not find references to this issue in the archives, and I know > others manage much higher-volume sites, so I suspect it just indicates a > severely borked system (FreeBSD 8.3) on my side.
Is it running into limits somewhere? Have you perhaps set 'maxproc' for dnsblog in master.cf to a lower value than what it needs at peak times? We are running it with maxproc at zero for dnsblog, and have a local resolver cache on the server itself to minimize the impact of slowdowns elsewhere. Only been running postscreen for about five weeks though, so our experience with it is still fairly limited. Perhaps these are obvious things you have already thought about. HTH, Jona
