The spamhaus DBL can be used to query sender domains and hostnames (no
IPs).
So generally, one could use:
reject_rhsbl_sender dbl.spamhaus.org
reject_rhsbl_reverse_client dbl.spamhaus.org
but when one subscribes to Spamhaus's DNSBL feed (which we have to),
one gets a special domain to query:
reject_rhsbl_sender secretkey.dbl.dq.spamhaus.net
reject_rhsbl_reverse_client secretkey.dbl.dq.spamhaus.net
This works wonderful, except for the fact that Postfixs
default_rbl_reply = $rbl_code Service unavailable; $rbl_class [$rbl_what]
blocked using $rbl_domain${rbl_reason?; $rbl_reason}
gives away the secret key. This is easily fixed in so many ways, e.g.:
default_rbl_reply = $rbl_code Service unavailable; $rbl_class [$rbl_what]
blocked using dbl.spamhaus.org${rbl_reason?; $rbl_reason}
Maybe the default should not contain $rbl_domain. I cannot tell if the
scheme Spamhaus uses is commonplace.
--
Ralf Hildebrandt
Geschäftsbereich IT | Abteilung Netzwerk
Charité - Universitätsmedizin Berlin
Campus Benjamin Franklin
Hindenburgdamm 30 | D-12203 Berlin
Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962
[email protected] | http://www.charite.de
