I was under the impression that Postscreen kept a cache of the IP addresses that failed Pregreet / DNSBL tests.Then it would use those cached results to drop clients immediately based on that previously cached results / expire time.
What is throwing me off is this : postscreen_dnsbl_max_ttl : The maximum amount of time that postscreen(8) will use the result from a successful DNS-based reputation test before a client IP address is required to pass that test again. -------------- If the IP address and the result is cached, why not use those results to drop the connection until the TTL has expired? -- Sent from: http://postfix.1071664.n5.nabble.com/Postfix-Users-f2.html
