> On 02/06/16 17:45, Michael Fox wrote: > > If a DNSBL in postscreen_dnsbl_sites has a weight >= > > postscreen_dnsbl_threshold, then is there any advantage to also > > listing it in smtpd_*_restrictions? For example, is there some failure > > mode that having the DNSBL listed in both places would protect > > against? Michael > > I frequently have remote hosts which pass the pregreet and DNSBL tests, > and then repeatedly access the server with a "PASS OLD" result from > postscreen. Usually they try to send unauthorised relay messages. > > The entry in smtpd_*_restrictions would pick these up as their DNSBL > status changes. > > Allen C
Thanks Allen. Ahhh. So, taking into account what Wietse just said about DNSBL lookups in postscreen and smtpd sharing the same caching resolver, then, if I understand you correctly, adding the same DNSBL to smtpd_*_restrictions would catch the case where postscreen_dnsbl_ttl has expired for a given client, but postscreen_cache_retention_time (default=7d) has not. Is that correct? Michael
