On Sat, Aug 03, 2024 at 04:23:33PM +0000, Arnie T via Postfix-users wrote:
> postscreen_dnsbl_reply_map =
> texthash:/etc/postfix/postscreen_dnsbl_reply_map
> ---->>> rbl_reply_maps =
> ${stress?lmdb:/etc/postfix/smtpd_dnsbl_reply_maps}
> default_rbl_reply = $rbl_code Service unavailable; REJECT: (
> $rbl_class [$rbl_what] ) listed at $rbl_domain${rbl_reason?; $rbl_reason}
Why empty unless under stress???
> cat /etc/postfix/postscreen_dnsbl_reply_map
Only used by postscreen(8).!
> Running tests from Spamhaus I get a
>
> 2024-08-02T07:30:14.710397-04:00 arizona postfix/ps-int/smtpd[52267]:
> NOQUEUE: reject: RCPT from unlisted.blt.spamhaus.net[199.168.89.101]: 554
> 5.7.1 Service unavailable; REJECT: ( Helo command [zrd-dqs.blt.spamhaus.net]
> ) listed at xxxxxxxxxxx.zrd.dq.spamhaus.net; zrd-dqs.blt.spamhaus.net first
> seen around 01-Aug-2024 15:00 UTC; from=<t...@unlisted.blt.spamhaus.net>
> to=<a...@example.com> proto=ESMTP helo=<zrd-dqs.blt.spamhaus.net>
This was not blocked by postscreen(8) and so was handled by smtpd(8),
whose RBL reply map is empty!
> Where you see
>
> xxxxxxxxxxx.zrd.dq.spamhaus.net
>
> being leaked in the 554 reply.
As expected.
> It looks like it's using the "default_rbl_reply" instead of the match from
> "postscreen_dnsbl_reply_map".
That parameter is not applicable for connections passed to smtpd(8).
> I think maybe that's the actual problem -- using the wrong match?
> Or is my texthash: file used incorrectly?
You need to use the same table for both smtpd(8) and postscreen(8).
That is:
rbl_reply_maps = ... some table ...
postscreen_dnsbl_reply_map = ... same table ...
And of course that table needs to match all the applicable keys.
--
Viktor.
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
