Re: postscreen_dnsbl_sites vs. reject_rbl_client

From: Victor Duchovni <Victor.Duchovni_at_nospam>
Date: Tue Jun 07 2011 - 15:45:17 GMT
To: postfix-users@postfix.org

On Tue, Jun 07, 2011 at 07:03:34AM -0400, Wietse Venema wrote:

> Note the following difference.
>
> postscreen caches that the client IS NOT listed in DNSBL.
> It doesn't cache clients that are listed.
>
> DNS servers cache that the client IS listed in DNSBL.
> They don't cache non-existent DNSBL records.

This depends on the negative TTL of the RBL zone. Generally, RBL
zones have comparable positive and negative TTLs.

For example Zen seems to have a 3 minute negative TTL:

$ dig +noall +ans +auth -t a 127.2.0.192.zen.spamhaus.org
zen.spamhaus.org. 150 IN SOA need.to.know.only. hostmaster.spamhaus.org. 1106071530 3600 600 432000 150

And a 15 minute positive TTL:

    $ dig +noall +ans -t a 126.145.66.190.zen.spamhaus.org
    126.145.66.190.zen.spamhaus.org. 900 IN A 127.0.0.4
    126.145.66.190.zen.spamhaus.org. 900 IN A 127.0.0.11

-- Viktor.

This message: [ Message body ]
Next message: Victor Duchovni: "Re: Forwarding via virtual_mailbox_maps or virtual_maps not working"
Previous message: /dev/rob0: "Re: postfix + .forward and forcing the From address"
In reply to: Wietse Venema: "Re: postscreen_dnsbl_sites vs. reject_rbl_client"
Next in thread: Rich Wales: "Re: postscreen_dnsbl_sites vs. reject_rbl_client"
Reply: Rich Wales: "Re: postscreen_dnsbl_sites vs. reject_rbl_client"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ]