Let me try again. I am assuming the link between a line in the dndsbl_reply file and the main.cf file is only a label and it could be anything. Is that a wrong assumption?
I have changed the label to make it more obvious. Right now in the dnsbl_reply file I have this line (except for the key being hidden): <hidden-key>.zen.dq.spamhaus.net h.spamhaus.net In the main.cf file I have this line: postscreen_dnsbl_sites = h.spamhaus.net*1 I am assuming the h.spamhaus.net in main.cf is being rewritten to <hidden-key>.zen.dq.spamhaus.net when postscreen uses the dnsbl. What I am seeing in testing is my gateway is returning a statement such as this one: 554 5.7.1 Service unavailable; Client host [192.203.178.138] blocked using <hidden-key>.zen.dq.spamhaus.net; http://www.spamhaus.org/query/bl?ip=192.203.178.138 And the above line does in fact contain the actual key that I am trying to hide. The version of Postfix I am using (2.10.0) is my first experience with postscreen and I am trying to avoid the exposing of this key. Is it possible that the key is being exposed not from the postscreen_dnsbl_sites line but from a line also in main.cf which says the following? smtpd_client_restrictions = reject_rbl_client <hidden-key>.zen.dq.spamhaus.net # postconf -n alias_database = hash:/etc/aliases alias_maps = hash:/etc/aliases append_dot_mydomain = yes biff = no bounce_size_limit = 1 config_directory = /etc/postfix default_process_limit = 400 header_checks = regexp:/etc/postfix/header_checks inet_interfaces = $myhostname, localhost inet_protocols = ipv4 mailbox_size_limit = 0 masquerade_domains = $mydomain, cnm.edu, nmvc.org, nmvirtualcollege.org max_use = 100 message_size_limit = 26214400 mydestination = $myhostname, $mydomain, localhost.localdomain, cnm.edu, mail.cnm.edu mydomain = cnm.edu mynetworks = 198.133.178.0/23, 198.133.182.0/24, 198.133.181.0/24, 198.133.180.0/24, 172.16.0.0/12, 192.168.0.0/16, 10.0.0.0/8, 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 notify_classes = resource, software postscreen_access_list = permit_mynetworks, cidr:/etc/postfix/postscreen_access.cidr postscreen_dnsbl_action = enforce postscreen_dnsbl_reply_map = texthash:/etc/postfix/dnsbl_reply postscreen_dnsbl_sites = h.spamhaus.net*1 b.barracudacentral.org*1 bl.spamcop.net*1 dnsbl.sorbs.net*1 postscreen_dnsbl_threshold = 2 readme_directory = no recipient_delimiter = + relay_domains = relayhost = smtp_host_lookup = dns, native smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache smtpd_banner = cnm.edu ESMTP smtpd_client_restrictions = reject_unauth_pipelining check_client_access hash:/etc/postfix/whitelist check_client_access cidr:/etc/postfix/cidr-ip check_client_access hash:/etc/postfix/access permit_mynetworks reject_rbl_client <hidden-key>.zen.dq.spamhaus.net.zen.dq.spamhaus.net reject_rbl_client b.barracudacentral.org reject_rbl_client bl.spamcop.net reject_rbl_client dnsbl.sorbs.net smtpd_helo_required = yes smtpd_helo_restrictions = permit_mynetworks check_helo_access hash:/etc/postfix/helo-ip reject_invalid_hostname reject_non_fqdn_helo_hostname smtpd_recipient_restrictions = permit_mynetworks reject_unknown_recipient_domain reject_unlisted_recipient reject_non_fqdn_recipient reject_unknown_recipient_domain smtpd_relay_restrictions = permit_mynetworks reject_unauth_destination smtpd_sender_restrictions = check_sender_access hash:/etc/postfix/whitelist check_sender_access hash:/etc/postfix/greylist check_sender_access hash:/etc/postfix/access permit_mynetworks reject_non_fqdn_sender reject_unknown_sender_domain smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache smtpd_use_tls = yes virtual_alias_maps = hash:/etc/postfix/virtualaliases -- Robert Lopez Unix Systems Administrator Central New Mexico Community College (CNM) 525 Buena Vista SE Albuquerque, New Mexico 87106
