On Tue, 5 Mar 2019 at 16:43, Mayhem <mayhe...@gmail.com> wrote: > > The reason why I even suggested this is that I don't see a lot different IP > addresses. I figured the Postfix system wouldn't need to cache that many > "bad" IP addresses. You guys obviously see differently. > > My mail logs rotate at 12AM every night, this is just one IP address in 8.5 > hours : > > $ more /var/log/maillog | grep -c 'CONNECT from \[103\.129\.47\.19\]' > 1004 > > That's just *one* IP address attempting to deliver spam 1000+ times. Isn't > it a waste of the DNSBL resources telling me 1000 times in 8 hours that this > IP address is up to no good? > > That's why it would be nice to blacklist the offending IP address for 24-48 > hours and keep resources free for legitimate connections.
DNSBL lookups are cheap resource-wise, IMO it's not worth worrying about for this volume level. Do you have reason to think your system is suffering heavy load as a result, or are you concerned that some of the DNSBLs might block you for reaching commercial-use levels of lookups? Fail2ban is (as you know) a way to tackle it.
