On Mon, 18 Nov 2019, Matus UHLAR - fantomas wrote:
On 18.11.19 08:42, Bernardo Reino wrote:
I currently use postscreen with postscreen_dbl_sites pointing to my
instance of spamhaus.net. With postscreen_dnsbl_reply_map I hide the secret
key from the server responses.
Now, I also have/had "reject_rbl_client zen.spamhaus.org" a part of my
smtpd_recipient_restrictions. I want to change that to use my secret key,
but I can't seem to find a way to map the server name to something else (to
hide the key).
I've read about default_rbl_reply, and I believe that what I need is
rbl_reply_maps but -- at least as of now -- I can't seem to be able to make
sense of it :-?
How can I configure postfix to do like postscreen_dnsbl_reply_map but for
smtpd?
What's the point of using spamhaus in smtpd_recipient_restrictions
when you have already done so in postscreen?
My plan is/was to use only one blacklist (zen, IP-based) during postscreen
but then have the option of using other blacklists (dbl, zrd) at smtpd
time.
Even if at some point I will only leave the postscreen filter active, I
wanted to nevertheless know how I would use it during smtpd.
I have now done it with:
rbl_reply_maps = texthash:/etc/postfix/dnsbl_reply_smtpd
where that file has lines like:
$KEY.zrd.dq.spamhaus.net=127.0.2.[2..24] $rbl_code Service unavailable;
$rbl_class [$rbl_what] blocked
where $KEY is my key, and the LHS of that line is exactly as it looks in
reject_rhsbl_reverse_client (to give an example).
Seems to work (meaning: postfix hasn't complained, and I continue to
receive mail :), but given the little traffic I have I wanted an "offline
verification" that this is the right way to do this.
Hence my question.
Thanks.
