On Sun, Dec 11, 2022 at 10:07:35AM -0500, Alex wrote:
> I'm still struggling with this, and now wondering if it's even a problem.
> Are dnsblog entries like this supposed to be mapped, or just the rejection
> that the client sees?
>
>
> Dec 10 20:09:39 mail03 postfix/dnsblog[54775]: addr 5.170.224.57 listed by
> domain mykey.zen.dq.spamhaus.net as 127.0.0.11
> Dec 10 20:09:39 mail03 postfix/dnsblog[54775]: addr 5.170.224.57 listed by
> domain mykey.zen.dq.spamhaus.net as 127.0.0.3
> Dec 10 20:09:39 mail03 postfix/dnsblog[54775]: addr 5.170.224.57 listed by
> domain mykey.zen.dq.spamhaus.net as 127.0.0.4
The logs are not censored. Only the remote client sees censored
*replies*. The presence of the word word "reply" in the relevant
parameter names is not an accident:
postscreen_dnsbl_reply_map
rbl_reply_maps
The documentation attempts to suggest the same:
https://www.postfix.org/postconf.5.html#postscreen_dnsbl_reply_map
A mapping from an actual DNSBL domain name which includes a secret
password, to the DNSBL domain name that postscreen will reply with
when it rejects mail. When no mapping is found, the actual DNSBL
domain will be use
--
Viktor.
