Hi,
On Thu, May 1, 2014 at 5:38 PM, Wietse Venema <wie...@porcupine.org> wrote:
> Alex:
> > I'm using postfix-2.10.3 with fedora20 and have configured postscreen
> with
> > spamhaus, barracuda, and a few other DNSBLs. I'm however occasionally
> > receiving the following timeout message:
> >
> > May 1 17:15:01 mail01 postfix/postscreen[4429]: warning: dnsblog reply
> > timeout 10s for swl.spamhaus.org
>
> This time limit has unfortunately escaped my attention. It is not
> yet configurable.
>
> The warning message means that postscreen gives up waiting for the
> DNS lookup result. This is a safety mechanism.
>
> > I'm also using a half-dozen RBLs, but they don't all always timeout.
>
> I see occasional timeouts on residential and co-located servers.
> By default the resolver *system library* routines wait 5s before
> retrying; this may be configurable in resolv.conf, but the
> postscreen time limit is still hard-coded.
>
These are both corporate 10mbs dedicated links and I don't think latency
and/or bandwidth is a problem.
It actually appears swl.spamhaus.org is the main problem. It doesn't even
resolve when I try to do it manually. This was a recommendation I used from
this list some time ago. Has something changed? This is my current config:
postscreen_dnsbl_sites = mykey.zen.dq.spamhaus.net*3
b.barracudacentral.org*2
bl.spameatingmonkey.net*2
bl.spamcop.net
dnsbl.sorbs.net
psbl.surriel.com
bl.mailspike.net
swl.spamhaus.org*-4
list.dnswl.org=127.[0..255].[0..255].0*-2
list.dnswl.org=127.[0..255].[0..255].1*-3
list.dnswl.org=127.[0..255].[0..255].[2..255]*-4
I'm also curious what resolvers people are using for their mail servers?
bind? Looking at my query graphs, it appears to be about 30 queries/sec on
average for each host, just as a local caching server.
Thanks,
Alex
