On 4/6/2010 10:34 AM, Ralf Hildebrandt wrote:
The spamhaus DBL can be used to query sender domains and hostnames (no IPs).So generally, one could use: reject_rhsbl_sender dbl.spamhaus.org reject_rhsbl_reverse_client dbl.spamhaus.org but when one subscribes to Spamhaus's DNSBL feed (which we have to), one gets a special domain to query: reject_rhsbl_sender secretkey.dbl.dq.spamhaus.net reject_rhsbl_reverse_client secretkey.dbl.dq.spamhaus.net This works wonderful, except for the fact that Postfixs default_rbl_reply = $rbl_code Service unavailable; $rbl_class [$rbl_what] blocked using $rbl_domain${rbl_reason?; $rbl_reason} gives away the secret key. This is easily fixed in so many ways, e.g.: default_rbl_reply = $rbl_code Service unavailable; $rbl_class [$rbl_what] blocked using dbl.spamhaus.org${rbl_reason?; $rbl_reason}
(Use rbl_reply_maps if you query other rbls.)
Maybe the default should not contain $rbl_domain. I cannot tell if the scheme Spamhaus uses is commonplace.
No, the rbl reply is the only place that postfix logs which rbl caused the rejection, which might not always be clear from $rbl_reason. I think removing the rbl name would cause much confusion. Handling it locally with rbl_reply_maps is the best solution.
-- Noel Jones
