Would it be an option to configure a policy for your DNS server to **not** send queries from postfix host(s) through the add&tracker filter?
Cheers tobi On 4/22/21 12:20 PM, Simon Wilson wrote: > Is there a way to make Postfix/postscreen use a specific DNS server? > > Reason for the question: > My network has an internal (non-ISP forwarding) DNS server for both > internal and external resolution, and that is default nameserver > across the network including for the mail server. That DNS server > includes a broad set of applied RPZ restrictions (which remove the > vast majority of ads and trackers - a very popular addition). The RPZ > zone has though on very rare occasions resulted in Postfix getting > SERVFAIL and rejecting domains (reject_unknown_sender_domain), which > could be classed as false positives - not for critical emails, but > occasionally for retail mail-outs etc. > > I provide a fully "clean and complete" DNS for spamassassin DNSBL > lookups by running a recursive caching nameserver on-localhost (SA has > an defined option to specify a DNS server). As noted above the mail > server as a whole does not use this - it uses the network-wide local > nameserver, ensuring that it can resolve local As CNAMEs etc as needed. > > Note: I realise one option is that I could probably add local domain > resolution to the localhost nameserver and use it as the default for > the mail server... but my first question is whether postfix has or > could have ability to have a specific nameserver (as Spamassassin > does), or if this would be a Bad Idea (TM) for reasons unknown to me. > > Simon. >
