On Fri, Apr 27, 2012, at 05:32 PM, Jim Reid wrote:
> On 27 Apr 2012, at 17:20, kar...@mailcan.com wrote:
>
> > Is there any way to prevent Postfix from making those repeated DNS
> > checks, regardless of whether it's externally to Spamhaus' servers, or
> > to a locally cached DNS result?
>
> No. Well you could but it would be futile make-work that adds needless
> complexity and extra (unwanted?) configuration/management overhead.
> And the end result will be no better than what you already have. The
> "cost" of a DNS lookup is frankly not worth worrying about. So
> don't. :-)
>
> Now in principle you could develop some sort of standalone process and
> back-end database which remembers RBL answers for a while. But this
> will almost certainly be SLOWER and less efficient than a DNS lookup.
> You'd need to invent some sort of API or protocol for adding info to
> that database and looking it up. And you'd need some way of cleaning
> out stale entries from that database. This is beginning to smell very
> much like something the DNS already provides for free.
Just as an interesting point from a fairly large site (fastmail.fm) we
do something very like that. We run a standalone daemon, and we keep
a "bad list" of IPs who get dumped immediately without even a DNS lookup.
One of our patches to postfix allows that, dropping the connection while
doing nothing more than a syslog of the IP address.
We found a significant performance improvement in being able to do that
with "known bad" IPs over doing reverse DNS. RBL lookups aren't so bad,
because we have rsync agreements with all the RBLs we use, so we download
the full RBL and the server locally, but reverse DNS chews up processes
for longer.
We also hand over sockets that we want to respond to slowly to a separate
process that does non-blocking epoll IO rather than chewing up a full sized
postfix process just to slowly say goodbye.
...
All this is working very nicely. Honestly the biggest feature we're
missing is the ability to duplicate an outbound queue to two machines and
fail over quietly between them if we need to do maintainence on one. We
keep out outbound queues on drbd at the moment, which smells messy, but
works OK.
Bron ( none of this work is worth the effort unless email is a major part
of your organisation's purpose, otherwise you should probably
concentrate on things that actually make you money )
--
Bron Gondwana
br...@fastmail.fm
