spamassassin-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "David F. Skoll" <>
Subject Re: TTL and DNSBLs (was Re: Why run your own DNS server?)
Date Thu, 07 Jul 2011 13:09:40 GMT
On Thu, 7 Jul 2011 14:39:48 +0200
Matus UHLAR - fantomas <> wrote:

> On 07.07.11 08:26, David F. Skoll wrote:
> >The point is that by definition, you can't have a per-IP
> >negative-cache TTL.

> We can have per-IP positive cache and per-zone negative cache.

That does not help.

> And in case of repeating the same IP's (which happens especially with 
> remote mailservers) the negative cache helps much.

No, it does not.  I have run experiments on real mail servers.  I'm not
just making this up.  If you like, I can send you my log analysis code
so you can run the same experiments on your own mail servers.

> In fact, I think that DNSBL's operators should provide the same TTL
> for both positive and negative answers, that can be even as big as
> 12-24h for dynamic/policy block lists.

As I mentioned, it's not in their interests to do that (if they sell access
to heavy users.)  Additionally, though I haven't experimented very extensively,
my tests show that cache effectiveness is not very sensitive to TTL.  Real
mail servers tend to be hit by a *lot* of different IP addresses, many of which
don't repeat for hours (if ever).



View raw message