On 23/09/18 15:46, Bill Cole wrote:
> On 23 Sep 2018, at 10:13 (-0400), John anderson wrote:
>
>> What is the meaning of `postscreen_dnsbl_reply_map` in postscreen (postfix) ?
>> I've read from documentation:
>>
>>> if your DNSBL queries have a "secret" in the domain name, you must censor
>>> this information from the postscreen(8) SMTP replies ([1])
>>
>> And from manual:
>>
>>> A mapping from actual DNSBL domain name which includes a secret password,
>> to the DNSBL domain name that postscreen will reply with when it rejects
>> mail. When no mapping is found, the actual DNSBL domain will be used. ([2])
>>
>> I don't understand about *a secret password* means, how a DNS domain name
>> will include a password?
>>
>> Could you explain me?
>
> Some non-free DNSBLs give customers a secret DNS label to insert between the
> base domain and the query target (i.e.
> octet-reversed IP or domain name) as a form of authentication. Obviously this
> "secret" isn't well-protected from
> snooping by actors who can sniff the DNS traffic, but as a practical matter
> it is safe enough for most DNSBLs' needs.
>
> --
> Bill Cole
> b...@scconsult.com or billc...@apache.org
> (AKA @grumpybozo and many *@billmail.scconsult.com addresses)
> Available For Hire: https://linkedin.com/in/billcole
>
You can also use it to redirect ALL your DNSBLs to the same reference website
(for arguments sake,
http://multirbl.valli.org)
Allen C
