Wietse:
> > Correct. Postscreen remembers tests that a client has passed. But
> > the client must pass all tests before postscreen will log a "PASS".
Brad Chandler:
> If a spamming IP is at first not listed on an RBL and gets a postscreen
> PASS, but is later added to an RBL, will postscreen block it? Or does
> the postscreen cache allow it through?
The postscreen_dnsbl_sites "pass" status, like other postscreen tests,
has an expiration time.
It depends on Postfix version:
Postfix < 3.1:
postscreen_dnsbl_ttl, ignores DNS TTLs
Postfix 3.1:
postscreen_dnsbl_min_ttl, overrides smaller DNS TTLs
postscreen_dnsbl_max_ttl, overrides larger DNS TTLs
Getting the TTL for NXDOMAIN is a little tricky with the traditional
resolver(3) library routines.
Wietse
