Tomoyuki Murakami:
Checking application/pgp-signature: FAILURE
-- Start of PGP signed section.
>
> I've been work(play?)ing with postscreen for several month, and
> I thought I'd like to get reverse name of client IP in the
> postscreen logs too.
> I guess that the postscreen must process all tests as quickly as
> possible, so, time consuming functions like DNS resolv,
> etc. should be asynchronous, parallel, and have appropriate
> giving-ups ;-)
>
> Attached codes do resolve reverse name of clients and attached it
> to the log lines. In doing this, I did not added new service for
> asynchronous resolve, instead, give dnsblog service a second job.
> -- Yes, this is highly experimental.
> other modifications are to use these reverse names in the logs
> and make REJECT logs as seamless as smtpd's (plus, a little bit
> my favor).
>
> patch is diff to postfix-2.8-20101206.
> any comments would be appreciated.
Caution:
- This code will access free memory (or worse, clobber memory that
is allocated for a different session) when the reverse lookup result
arrives AFTER postscreen has already closed the client connection.
Let me know when you have figured out:
- Why postscreen should look up the client hostname at all.
- How long postscreen should wait for client hostname lookup to
complete before or after whitelist/blacklist/before-220/after-220
checks.
- The impact of client hostname lookup on the number of dnsblog
processes, for the normal case and for the worst case.
- The impact of client hostname lookup on postscreen latency for
legitimate clients, for the normal case and for the worst case.
- The impact of client hostname lookup on postscreen latency for
zombie clients, for the normal case and for the worst case.
Wietse
