- May 7, 2013On Mon, May 6, 2013 at 3:10 PM, Wietse Venema <wietse@...> wrote:
> Robert Lopez:What is not clear to me in that description is the reason for my
>> Let me try again. I am assuming the link between a line in the
>> dndsbl_reply file and the main.cf file is only a label and it could be
>> Is that a wrong assumption?
> Please describe what is not clear about the following text:
> postscreen_dnsbl_reply_map (default: empty)
> A mapping from actual DNSBL domain name which includes a secret pass-
> word, to the DNSBL domain name that postscreen will reply with when it
> rejects mail. When no mapping is found, the actual DNSBL domain will
> be used.
> For maximal stability it is best to use a file that is read into memory
> such as pcre:, regexp: or texthash: (texthash: is similar to hash:,
> except a) there is no need to run postmap(1) before the file can be
> used, and b) texthash: does not detect changes after the file is read).
> postscreen_dnsbl_reply_map = texthash:/etc/postfix/dnsbl_reply
> secret.zen.spamhaus.org zen.spamhaus.org
> This feature is available in Postfix 2.8.
> Once you set up your postscreen_dnsbl_reply_map, you can query it
> to ensure that it works as expected. Using the above example,
> the command
> postmap -q secret.zen.spamhaus.org texthash:/etc/postfix/dnsbl_reply
> should produce "zen.spamhaus.org" as output.
> Thanks for helping to improve Postfix.
"Does it matter what the short name returned is; that is could I use
zen.spamhaus.org just to keep it shorter?"
I tried to make that question more clear the second time I posted by
" I am assuming the link between a line in the
dndsbl_reply file and the main.cf file is only a label and it could be
Is that a wrong assumption?
I have changed the label to make it more obvious."
To me when I read the text you provided I am left with the question
"If the real query address, with the key, is being replaced by some
other name, does it matter what that name is and can it be shortened
Of course, the reason for my post in the first place was my concern that
the name with the key was returned in a reply to a test email I sent
from a Yahoo test account which just happened to have been delivered
from a Yahoo server which was listed by zen.spam.net.
Also, I did have a bit of a mix-up in that in your example text you do
use zen.spamhaus.org and in my original set-up instructions from the
vendor from whom CNM purchases the Spamhaus service, the address
I am to query is <key>..zen.dq.spamhaus.net. This is not to say there is
any problem in your text. It was simply my dyslexia seeing what I expect
to see and not noticing the net v org that /dev/rob has pointed out.
Your making clear two other points (using postmap -q and looking for the
log lines to distinguish between postscreen and smtpd) were helpful
I can see the returned information which did disclose the key came from
May 3 17:54:01 mg08 postfix/postscreen: NOQUEUE: reject: RCPT
from [188.8.131.52]:45242: 550 5.7.1 Service unavailable; client
[184.108.40.206] blocked using <key>.zen.dq.spamhaus.org;
from=<rlopezcnm@...>, to=<rlopez@...>, proto=SMTP,
Finally, /dev/rob was exactly correct in the two labels used differed
(.net v .org)
causing the lookup to fail and "When no mapping is found, the actual
DNSBL domain will be used."
I believe the answer to my question is the text of the label does not matter
(but it must be meaningful enough to communicate) but it must be
exactly the same in the dnsbl_reply file and the main.cf file.
Life as a dyslexic person is often embarrassing.
Unix Systems Administrator
Central New Mexico Community College (CNM)
525 Buena Vista SE
Albuquerque, New Mexico 87106
- << Previous post in topic Next post in topic >>