The spamhaus DBL can be used to query sender domains and hostnames (no IPs).
So generally, one could use: reject_rhsbl_sender dbl.spamhaus.org reject_rhsbl_reverse_client dbl.spamhaus.org but when one subscribes to Spamhaus's DNSBL feed (which we have to), one gets a special domain to query: reject_rhsbl_sender secretkey.dbl.dq.spamhaus.net reject_rhsbl_reverse_client secretkey.dbl.dq.spamhaus.net This works wonderful, except for the fact that Postfixs default_rbl_reply = $rbl_code Service unavailable; $rbl_class [$rbl_what] blocked using $rbl_domain${rbl_reason?; $rbl_reason} gives away the secret key. This is easily fixed in so many ways, e.g.: default_rbl_reply = $rbl_code Service unavailable; $rbl_class [$rbl_what] blocked using dbl.spamhaus.org${rbl_reason?; $rbl_reason} Maybe the default should not contain $rbl_domain. I cannot tell if the scheme Spamhaus uses is commonplace. -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de