On 2024-06-22 at 15:19:42 UTC-0400 (Sat, 22 Jun 2024 15:19:42 -0400
(EDT))
Wietse Venema via Postfix-users <wie...@porcupine.org>
is rumored to have said:
[...]
The rbl_reply_maps are searched with the domain specified with
reject_rbl_client.
That includes the optional "=address" portion, added in Postfix
2.8, but that was not added to the much older rbl_reply_maps
documentation.
There is an rbl_reply_maps example (a hash map) at
https://docs.spamhaus.com/datasets/docs/source/40-real-world-usage/MTAs/020-Postfix.html
your_DQS_key.zen.dq.spamhaus.net=127.0.0.[2..11]
554 $rbl_class $rbl_what blocked using ZEN - see ... for details
Are you certain that the range syntax works?
I was looking at my config & logs and found that apparently it is not
working for me, with postfix 3.9.
Config Details, with my DQS key replaced by KEY
# postconf rbl_reply_maps
rbl_reply_maps = texthash:/opt/local/etc/postfix/dnsbl_reply
# cat /opt/local/etc/postfix/dnsbl_reply
KEY.zen.dq.spamhaus.net=127.0.0.[2..11] 554 $rbl_class $rbl_what
blocked using secret.nefarious.cabalistic.blacklist
KEY.zen.dq.spamhaus.net=127.0.1.[2..99] 554 $rbl_class $rbl_what
blocked using DBL - see $rbl_txt for details
KEY.zen.dq.spamhaus.net=127.0.2.[2..24] 554 $rbl_class $rbl_what
blocked using ZRD - domain too young
KEY.zen.dq.spamhaus.net 554 $rbl_class $rbl_what blocked using ZEN -
see https://www.spamhaus.org/query/ip/$client_address for details
KEY.zen.dq.spamhaus.net 554 $rbl_class $rbl_what blocked using DBL -
see $rbl_txt for details
KEY.zen.dq.spamhaus.net 554 $rbl_class $rbl_what blocked using ZRD -
domain too young
Session transcript:
# telnet localhost 25
Trying ::1...
telnet: connect to address ::1: Connection refused
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 toaster.scconsult.com ESMTP Postfix
XCLIENT Name=unknown ADDR=123.180.173.212 proto=esmtp
220 toaster.scconsult.com ESMTP Postfix
ehlo nefarioius.xyz
250-toaster.scconsult.com
250-PIPELINING
250-SIZE 40960000
250-ETRN
250-STARTTLS
250-ENHANCEDSTATUSCODES
250-8BITMIME
250-DSN
250-SMTPUTF8
250 CHUNKING
MAIL from:<postmas...@nefarioius.xyz>
250 2.0.0 Ok
mail from:<postmas...@yahoo.com>
250 2.1.0 Ok
rcpt to:<b...@scconsult.com>
554 5.7.1 Service unavailable; Client host [123.180.173.212] blocked
using KEY.zen.dq.spamhaus.net; Listed by PBL, see
https://check.spamhaus.org/query/ip/123.180.173.212 / Listed by SBL, see
https://check.spamhaus.org/sbl/query/SBL626249
And from the debug log:
Jun 22 13:51:11 shiny postfix/smtpd[97861]: maps_find: rbl_reply_maps:
vKEY.zen.dq.spamhaus.net=127.0.0.2: not found
Jun 22 13:51:11 shiny postfix/smtpd[97861]: mac_parse: $rbl_code
Service unavailable; $rbl_class [$rbl_what] blocked using
$rbl_domain${rbl_reason?; $rbl_reason}
After I added this line to the dnsbl_reply file:
KEY.zen.dq.spamhaus.net=127.0.0.2 554 $rbl_class $rbl_what blocked
using sooper.secret.nefarious.cabalistic.blacklist
I ran an identical session which ended with this different reply:
mail from:<postmas...@yahoo.com>
250 2.1.0 Ok
rcpt to:<b...@scconsult.com>
554 5.7.1 Client host 123.180.173.212 blocked using
sooper.secret.nefarious.cabalistic.blacklist
...
your_DQS_key.zen.dq.spamhaus.net
554 $rbl_class $rbl_what blocked using ZEN - see ... for details
...
This behavior is different from postscreen; that program searches
the reply table with the service domain
(your_DQS_key.zen.dq.spamhaus.net),
i.e. without the optional "=address" or "*weight".
It would be helpful if the search for both followed a search path akin
to how access maps are queried, from most specific to least, so that the
2 reply maps could have the same form or even the same content.
--
Bill Cole
b...@scconsult.com or billc...@apache.org
(AKA @grumpybozo@toad.social and many *@billmail.scconsult.com
addresses)
Not Currently Available For Hire
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
