Am 25.09.2014 um 17:06 schrieb Deeztek Support: > I can certainly try that, however seeing that I'm implementing > block lists on the postfix level, wouldn't that double the lookups?
first: if postscreen/postfix reject based on RBL score the message don't make it to SA at all and in case of a proper configured postscreen even not to smtpd second: that's the reason for a local resolver: caching third: URI blacklists are hardly the same request > And as an FYI, I'm running my own DNS server but it must not forward to another DNS like your ISP's or Google 8.8.8.8 - it has to do *recursion* so that the summary of your DNS requests and from other users not appear as a lot from the same IP on the SOA forwarding resolvers on a mailserver are general a bad idea * if your ISP fucks up and responds no longer with NXDOMAIN by try to redirect websurfers to one of his pages you mailservices are in real danger * most open resolvers are unstable and if it don't repsond properly from time to time mail otherwise blocked by DNSBL/URIBL slips through the filters * in the worst case you make a lot of more DNS requests to the WAN because you get the TTL from the resolver and if it is short before expire, well, if you ask the SOA you get always the full TTL
signature.asc
Description: OpenPGP digital signature