I recently started using an RBL service where we have a 'private key' and this operates very simply by prefixing the key to the RBL address. But I just realised that this appears to mean that for any rejections the whole address - including the key - is passed back to the offending client. Which if true makes a bit of a nonsense of the idea of a 'private' key.
Is there a way to cut out this private key in the response message? It happens both with postscreen and smtpd. Here is a barely-obfuscated example: 550 5.7.1 Service unavailable; client [51.88.120.222] blocked using sp8lefi4grtb7jftpslxxztu3y.zen.dx.spamhous.net
