On Tuesday, March 10, 2015 1:42 PM, Wietse Venema <wie...@porcupine.org> wrote:
>> I'm not sure how one (type of) dns query is a performance concern,>> and >> another is not, see below. > You see no performance difference between querying a small number > of well-operated DNS servers that are chosen by the local sysadmin, > versus random DNS servers all over the Internet that are determined > by the sender's IP address? this isn't exactly what i wrote :-) Obviously querying PTR records may take some time. However, smtpd also needs the PTR record to perform some DNS tests, so sooner or later you need the query. OK, postscreen blocks many of the zombie hosts for sure, so you don't need to perform PTR queries for that many times, however (based on my experience) lots of hosts with names like ppp|dsl|cable|....-xx-xx-xx-xx.some.provider.com pass postscreen ending up at smtpd. Anyway I started to use an RBL targeting dynamic IP blocks, and it makes postscreen dropping many such zombies, though no RBL is accurate, so I believe there's still some room for optimization. If there's some deeper guide or you could provide some hints on how postfix does dns resolution, I'd appreciate it, and perhaps I could make it for myself. > With postscreen, zombies don't get to occupy smtpd processes, by > using DNSBLs and pregreet tests. unfortunately not all of them, that's why I'd improve postscreen to have a better hit ratio. Albert
