On Fri, Dec 13, 2019 at 05:40:33PM +0100, Matus UHLAR - fantomas wrote:
> >I would avoid unduly short postscreen cache times, that can lead to
> >legitimate clients not getting through at all.
>
> I'm not sure if that would help. Apparently, both postscreen and smtpd will
> use the same nameserver for dnsbl lookup, and if it's cached from previous
> postscreen lookup, it will probably give the same result.
The negative TTLs on SpamHaus RBL replies are not very long:
zen.spamhaus.org. 10 IN SOA need.to.know.only. hostmaster.spamhaus.org.
1912132118 3600 600 432000 10
presently just 10 seconds.
--
Viktor.
