On 5/19/2017 8:55 AM, richard lucassen wrote:
> I just added dbl.spamhaus.org:
>
> smtpd_sender_restrictions =
> reject_non_fqdn_sender
> reject_unknown_sender_domain
> reject_rhsbl_sender dbl.spamhaus.org
> [...further checks...]
>
> This works fine. But if mail is sent from an ip which was already in the
> postscreen cache database before activating the DBL check, the DBL check
> is skipped, although this DBL check is made at the next hop AFAIUI.
> Removing the ip from the cache makes the DBL check work again for that
> particular ip.
>
> Is this behaviour correct or did I make a config error somewhere?
>
> R.
>
There may be a problem, but it seems to me your analysis is flawed.
reject_rhsbl_sender operates on the MAIL FROM domain name, not an IP
address.
Postscreen tests and its cache are independent of
smtpd_*_restrictions, and postscreen operates only on the client IP
address.
There is some interaction between IP-based dnsbl lookups,
postscreen, and the DNS cache. Freshly-listed IPs may get a brief
pass until the DNS cache refreshes, and subject to
postscreen_dnsbl_{min,max}_ttl settings. Note this only affects IP
based "dnsbl" lookups, never domain name "rhsbl" lookups.
For further help, please show "postconf -nf" output, and logging
demonstrating the problem.
-- Noel Jones
