> > Mar 29 18:25:28 mail01 postfix/dnsblog[24238]: addr 79.13.92.233 listed
> > by domain zen.spamhaus.org as 127.0.0.10
> > Mar 29 18:25:28 mail01 postfix/dnsblog[24240]: addr 79.13.92.233 listed
> > by domain dnsbl.sorbs.net as 127.0.0.10
...
> > Mar 29 18:26:02 mail01 postfix/dnsblog[24237]: addr 79.13.92.233 listed
> > by domain zen.spamhaus.org as 127.0.0.10
> > Mar 29 18:26:02 mail01 postfix/dnsblog[24237]: addr 79.13.92.233 listed
> > by domain dnsbl.sorbs.net as 127.0.0.10
That is two DNS lookups, each lookup having two results.
> > That looks to me like the dnsblog checks, to zen.spamhaus.org and
> > dnsbl.sorbs.net, are run twice.
Not really. Your local DNS resolver caches DNS replies (whatever
is in /etc/resolv.conf or equivalent).
However the dnsblog client is stateless; it relies on caching in
your local DNS resolver.
> > My understanding was that postscreen, once it catches a bad actor, it
> > caches the result so subsequent attempts get a response from the cache.
>
> IIRC postscreen caches PASS results only.
Correct. Postscreen remembers tests that a client has passed. But
the client must pass all tests before postscreen will log a "PASS".
Wietse
