- On 3/26/2013 1:29 PM, Lima Union wrote:
> No ipv6 here and pdnsd is using 188.8.131.52 as DNS server.Instead of using a caching DNS proxy daemon querying Google's public DNS
servers, I recommend you run a recursing caching resolver on your
Postfix host, such as PowerDNS recursor (I've been using it for years
without any issues). There are a few reasons for this:
1. Spamhaus refuses dnsbls queries from Google DNS servers, and most
public DNS servers, because of volume. Thus you can't query the Zen
list using this proxy setup. Other dnsbl operators may block Google DNS
2. Latency is greatly reduced as your DNS queries are direct instead of
proxied. On a high volume server latency is critical as it limits
3. If you have DNS related problems at some point in the future, you
have complete control and troubleshooting ability. If using Google or
another DNS server via proxy you're at that operator's mercy. And there
is always the possibility that Google may modify results in some way, or
respond inaccurately due to some policy or other reason.
It's best to run your own resolver and do direct queries.
- On 2013-03-27 23:11, Matthew Hall wrote:
> I ran into a bit of an issue trying out fqrdns.pcre as recommendedadd permit_sasl_authenticated before fqrdns.pcre testing
> here in this thread. The header in the file recommended adding it
> smtpd_client_restrictions. However if I place it there, I end up
> rejecting mail even from SASL authenticated client devices, if they
> also match a rule in fqrdns.pcre.
senders that put my email into body content will deliver it to my own
trashcan, so if you like to get reply, dont do it