On 8/3/2011 12:49 AM, Jeetu wrote: > On 02/08/11 8:02 PM, Wietse Venema wrote: >> If in doubt, read the fine documentation. As documented, postsceen >> currently does not have any controls to format the DNSBL reply >> (other than aliasing the DNSBL domain name). > > Fine Wietse, i found a workaround for this > i added the foll. > $cat /etc/postfix/dnsbl_reply > # Secret DNSBL name Name in postscreen(8) replies > spamhaus.myoffice.com zen.spamhaus.org; > http://www.spamhaus.org/query/bl?ip=${client_addr} > > But in logs I'm getting > Aug 3 11:13:16 inbound-in-1 postfix/postscreen[30561]: NOQUEUE: > reject: RCPT from [x.x.x.x]:3279: 550 5.7.1 Service unavailable; > client [x.x.x.x] blocked using zen.spamhaus.org; > http://www.spamhaus.org/query/bl?ip=${client_addr}; > from=<junkyj6...@xxxx.com>, to=<ttngu...@xxx.net>, proto=ESMTP, > helo=<xxx.com> > > now the ${client_addr} is not getting substituted for original > client address.
Correct. http://www.postfix.org/postconf.5.html#postscreen_dnsbl_reply_map does not support macro expansion. > is there any other way to display client address by postscreen? You can use http://www.postfix.org/postconf.5.html#postscreen_reject_footer to send additional data to the client. However, the footer isn't logged. I use this: postscreen_reject_footer = $smtpd_reject_footer smtpd_reject_footer = Contact postmas...@example.org for assistance. Include this data: servertime=($localtime) client=([$client_address]:$client_port) server=($server_name) > > Also i wanted to know if add postscreen_dnsbl_sites then do i need > to reject_rbl_client in smtpd_recipient_restrictions ? > Your choice. The caching behavior of dnsbl is a little different in smtpd vs. postscreen -- in particular, postscreen will auto-whitelist sites that pass dnsbl tests for $postscreen_dnsbl_ttl. http://www.postfix.org/postconf.5.html#postscreen_dnsbl_ttl -- Noel Jones
