postfix-users May 2014 archive
Main Archive Page > Month Archives  > postfix-users archives
postfix-users: Re: Understanding postscreen timeouts

Re: Understanding postscreen timeouts

From: Tom Hendrikx <tom_at_nospam>
Date: Fri May 02 2014 - 07:57:08 GMT
To: postfix-users@postfix.org

On 05/02/2014 03:15 AM, Alex wrote:
> Hi,
>
> On Thu, May 1, 2014 at 5:38 PM, Wietse Venema <wietse@porcupine.org
> <mailto:wietse@porcupine.org>> wrote:
>
> Alex:
> > I'm using postfix-2.10.3 with fedora20 and have configured
> postscreen with
> > spamhaus, barracuda, and a few other DNSBLs. I'm however occasionally
> > receiving the following timeout message:
> >
> > May 1 17:15:01 mail01 postfix/postscreen[4429]: warning: dnsblog
> reply
> > timeout 10s for swl.spamhaus.org <http://swl.spamhaus.org>
>
> This time limit has unfortunately escaped my attention. It is not
> yet configurable.
>
> The warning message means that postscreen gives up waiting for the
> DNS lookup result. This is a safety mechanism.
>
> > I'm also using a half-dozen RBLs, but they don't all always timeout.
>
> I see occasional timeouts on residential and co-located servers.
> By default the resolver *system library* routines wait 5s before
> retrying; this may be configurable in resolv.conf, but the
> postscreen time limit is still hard-coded.
>
>
> These are both corporate 10mbs dedicated links and I don't think latency
> and/or bandwidth is a problem.
>
> It actually appears swl.spamhaus.org <http://swl.spamhaus.org> is the
> main problem. It doesn't even resolve when I try to do it manually. This
> was a recommendation I used from this list some time ago. Has something
> changed?

As a feed user of spamhaus, it's easy to see the amount of data that is
actually in the zones. Both DWL and SWL zones are empty, so the
whitelist experiments of spamhaus seem to be either 'on hold' or dead.
Feel free to drop the zones from your setup.

This won't fix dns lookup problems in general though.

Tom