On 23 Sep 2018, at 10:13 (-0400), John anderson wrote:
What is the meaning of `postscreen_dnsbl_reply_map` in postscreen
(postfix) ?
I've read from documentation:
if your DNSBL queries have a "secret" in the domain name, you must
censor
this information from the postscreen(8) SMTP replies ([1])
And from manual:
A mapping from actual DNSBL domain name which includes a secret
password,
to the DNSBL domain name that postscreen will reply with when it
rejects
mail. When no mapping is found, the actual DNSBL domain will be used.
([2])
I don't understand about *a secret password* means, how a DNS domain
name
will include a password?
Could you explain me?
Some non-free DNSBLs give customers a secret DNS label to insert between
the base domain and the query target (i.e. octet-reversed IP or domain
name) as a form of authentication. Obviously this "secret" isn't
well-protected from snooping by actors who can sniff the DNS traffic,
but as a practical matter it is safe enough for most DNSBLs' needs.
--
Bill Cole
b...@scconsult.com or billc...@apache.org
(AKA @grumpybozo and many *@billmail.scconsult.com addresses)
Available For Hire: https://linkedin.com/in/billcole
