Michael Fox:
> Clarification: I seem to recall someone asking whether they should leave
> RBLs in the smtpd_*_restrictions now that they've added them to postscreen.
> And I seem to recall that the answer was something like "why not, it doesn't
> hurt". But it seems to me that if would hurt because: a) it adds a
> redundant lookup (unless the postscreen cache is shared with postfix) and,
> b) unless they all have the same weight in postscreen, then postfix would
> reject on any one RBL, which would make the weighting in postscreen moot.
> Hence, my question.
smtpd and postscreen use the same caching resolver, so the "extra"
queries don't travel far over the network. So the anser is "it
should not hurt".
That said, postscreen versions before 3.1 ignore the DNS reply TTL
(or its equivalent for NXDOMAIN replies) and use postscreen_dnsbl_ttl=1h
by default. That was fine when I wrote postscreen 5 years ago, but
it may be longer than the TTLs that some DNS reputations use these
days.
Wietse
