On 7/20/2021 12:56 PM, post...@ptld.com wrote:
-----
reject_rhsbl_client rbl_domain=d.d.d.d
reject_rhsbl_helo rbl_domain=d.d.d.d
How does postfix submit the query to the rbl_domain?
If the PTR for the client IP is mx.example.com does postfix query
mx.example.com.rbl_domain or example.com.rbl_domain? Or both or other?
Same for HELO hostname?
hostnames are submitted as host.example.com.rbl.example.com, as per
customary RBL operation.
-----
When using both:
reject_rhsbl_client rbl_domain=d.d.d.d
reject_rhsbl_helo rbl_domain=d.d.d.d
If the PTR and HELO are the same hostname like mx.example.com and
the same rbl_domain is used does postfix query twice? Or does it use
one query and match the result against both restriction conditions?
Postfix will perform each query. If the query ends up being the
exact same, it will be in your cache.
-----
reject_rhsbl_reverse_client rbl_domain=d.d.d.d
Does this mean when a client has a hostname different than what the
DNS PTR record shows it queries the hostname that didn't resolve
back to the IP?
Postfix queries the PTR hostname returned. For this query, it
doesn't matter if the client PTR and A record match FCrDNS.
If you are using smtpd_client_restrictions =
reject_unknown_client_hostname then reject_rhsbl_reverse_client
would never get used?
Only if the client is labeled "unknown". Known clients will still be
queried.
-----
In the manual maps_rbl_reject_code references:
reject_rbl_client, reject_rhsbl_client, reject_rhsbl_reverse_client,
reject_rhsbl_sender and reject_rhsbl_recipient restrictions.
reject_rhsbl_helo is not listed. Does rbl reject code setting not
effect the helo reject or is it just omitted from the manual?
RHS refers to the right hand side - the host.domain part - of an
email address. Since HELO is already a hostname and not an email
address, rhs of helo is nonsense.
-----
-- Noel Jones
