moving DNSBL to MTA

Glenn Steen glenn.steen at
Wed Nov 26 14:26:59 GMT 2014

This all sounds more like a BL/Sendmail question... the only
inefficiency concerning mailScanner and DNSBLs is that the lookups
(with more than one BL defined) is serial, while most MTAs tend to do
these things in parallell.
I suppose you already employ a caching nameserver (local to your
MailScanner host(s))? Failing to have that could put a bit of pressure
on your link and/or your upstream DNS servers... All depending on
actual mail volume, of course.

It's not completely impossible that at the time Sendmail queries the
DNSBL, the BL simply does not contain the affected IP, but when the
message eventually is processed by MailScanner ... it does.
Do you have any hard numbers on the frequency of the "error"? What
volumes are we talking about?

-- Glenn

On 25 November 2014 at 22:14, Michael Masse <mrm at> wrote:
> I currently have both sendmail and MailScanner set up to use the Spamhaus
> and BRBL blocklists.   I am trying to get away from MailScanner doing DNSBL
> lookups to get better performance.    The problem I'm having is that
> sendmail seems to skip quite a few incoming emails for some reason.   It
> does catch a lot so I'm fairly certain it's configured in sendmail properly.
> I'm noticing that a lot of email gets past the MTA DNSBL stage and then gets
> caught at the MailScanner stage.   Has anyone ever seen this?  What could
> cause it?   They are both pointed to the exact same blocklists.   I've
> triple checked that.   I can't get rid of it within MailScanner till I know
> why the MTA seems to be skipping some emails.
> --
> MailScanner mailing list
> mailscanner at
> Before posting, read
> Support MailScanner development - buy the book off the website!

-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se

More information about the MailScanner mailing list