On Thu, 16 Jan 2020 at 09:13, Christian Kivalo <ml+postfix-us...@valo.at> wrote:
> > > On 2020-01-16 09:47, Dominic Raferd wrote: > > I recently started using an RBL service where we have a 'private key' > > and this operates very simply by prefixing the key to the RBL address. > > But I just realised that this appears to mean that for any rejections > > the whole address - including the key - is passed back to the > > offending client. Which if true makes a bit of a nonsense of the idea > > of a 'private' key. > > > rbl_reply_maps and default_rbl_reply_maps is probably what you are > looking for > http://www.postfix.org/postconf.5.html#rbl_reply_maps > http://www.postfix.org/postconf.5.html#default_rbl_reply > > and for postscreen there is > http://www.postfix.org/postconf.5.html#postscreen_dnsbl_reply_map > > Is there a way to cut out this private key in the response message? It > > happens both with postscreen and smtpd. Here is a barely-obfuscated > > example: > > > > 550 5.7.1 Service unavailable; client [51.88.120.222] blocked using > > sp8lefi4grtb7jftpslxxztu3y.zen.dx.spamhous.net [1] > > > > Links: > > ------ > > [1] http://sp8lefi4grtb7jftpslxxztu3y.zen.dx.spamhous.net > > Thanks Christian that was very helpful. I have it working now for postscreen and I think (but am waiting for an incoming instance) for smtpd. Weird that they have such different approaches (postscreen_dnsbl_reply_map and rbl_reply_maps). And I could not find a way to use pcre with rbl_reply_maps because it throws a warning if I reference any variables such as $rbl_code - but such variables do seem to work in a hash file.