This is driving me nuts… Linux Debian + postfix…
/etc/postfix/main.cf has the following lines:
smtpd_recipient_restrictions =
check_recipient_access hash:/etc/postfix/access,
reject_invalid_hostname,
reject_non_fqdn_recipient,
reject_non_fqdn_sender,
reject_unauth_destination,
reject_unauth_pipelining,
reject_unknown_recipient_domain,
reject_rbl_client cbl.abuseat.org,
reject_rbl_client sbl-xbl.spamhaus.org,
check_policy_service unix:private/policyd-spf,
check_policy_service inet:127.0.0.1:10023,
permit_auth_destination,
reject
These days postfix is rejecting incoming messages from one single IP:
info@domain.ext
SMTP error from remote mail server after RCPT TO:<info@domain.ext>:
host mail.server.ext [123.123.123.123]: 554 5.7.1 Service unavailable; Client host [234.234.234.234] blocked using cbl.abuseat.org; Blocked - see http://cbl.abuseat.org/lookup.cgi?ip=234.234.234.234
Well… http://cbl.abuseat.org/lookup.cgi?ip=234.234.234.234 reports no blacklisting of 234.234.234.234 (obviously the IP 234.234.234.234 is not the real one).
Dozen emails have been blocked so far for the same reason, but each time I manually query the RBL, the IP is reported as clean.
Is postfix caching queries to RBLs?
What am I missing?
Thanks in advance for your time.
Best Answer
From the top layer perspective, Postfix relies on libc resolver to do DNS lookup (including RBL), so the the behaviour would depends on the library. For example, postfix will alwasy do lookup via NS server defined in
/etc/resolv.conf.
If the NS server has caching mechanism, then postfix will get the cache result too. This is also happen if your provider has "DNS hijacking" (the diverted DNS packet into their NS server). In this event, you will also hit their cache (if they enable it).
To check what's the output of DNS lookup, you can use
dig
command. For example check if IP address 216.154.195.36 was listed in cbl.abuseat.org.If the return is NXDOMAIN, the IP address wasn't listed.
From the bottom layer perspective, each
smtpd
process has cached its own DNSBL lookup results. Those results are not shared with other Postfix processes. Eachsmtpd
process will be reused untilmax_use
ormax_idle
reached. Whensmtpd
process dies, the RBL cache will lost too. When newsmtpd
process was create bymaster
daemon, it will pickup new configuration onmain.cf
(includingmax_idle
andmax_use
. So actually no need to restart postfix.