Ralf Hildebrandt a écrit :
> The spamhaus DBL can be used to query sender domains and hostnames (no
> IPs).
>
> So generally, one could use:
> reject_rhsbl_sender dbl.spamhaus.org
> reject_rhsbl_reverse_client dbl.spamhaus.org
>
> but when one subscribes to Spamhaus's DNSBL feed (which we have to),
> one gets a special domain to query:
>
> reject_rhsbl_sender secretkey.dbl.dq.spamhaus.net
> reject_rhsbl_reverse_client secretkey.dbl.dq.spamhaus.net
>
This is a (spamhaus) design flaw. it means you can't share you
configuration without exposing your "secret" key. bI'm not going to say
that it is stupid to rely on secret keys. This has already been worked on :)
> This works wonderful, except for the fact that Postfixs
>
> default_rbl_reply = $rbl_code Service unavailable; $rbl_class [$rbl_what]
> blocked using $rbl_domain${rbl_reason?; $rbl_reason}
>
if you need it, use rbl_reply_maps. otherwise, leave it to spamhaus to
fix the problem.
> gives away the secret key. This is easily fixed in so many ways, e.g.:
>
> default_rbl_reply = $rbl_code Service unavailable; $rbl_class [$rbl_what]
> blocked using dbl.spamhaus.org${rbl_reason?; $rbl_reason}
>
> Maybe the default should not contain $rbl_domain. I cannot tell if the
> scheme Spamhaus uses is commonplace.
>
