> Perhaps. This would be a reason to use the actual reply TTL,
> and to use postscreen_dnsbl_ttl as an upper bound.
Just so I'm sure I understand, then, is the following correct?
postscreen_dnsbl_ttl is the minimum period of time during which
the result of a DNS lookup will be treated as valid. If the
TTL given by a DNSBL site is less than postscreen_dnsbl_ttl, the
postscreen code will use postscreen_dnsbl_ttl instead of the
DNS TTL; but if the DNS TTL is greater than postscreen_dnsbl_ttl,
the postscreen code will use the DNS TTL value.
Are there any considerations which would make it inadvisable to use a
very low postscreen_dnsbl_ttl value? What is the minimum value you
would recommend using, regardless of any concerns about rapidly changing
DNSBL info? If I were to use postscreen_dnsbl_ttl = 1s (in order to
track very short TTL's from Spamhaus or other DNSBLs), would that break
other things in the postscreen logic?
Rich Wales
ri...@richw.org
