On Mon, May 6, 2013 at 3:10 PM, Wietse Venema <wie...@porcupine.org> wrote: > Robert Lopez: >> Let me try again. I am assuming the link between a line in the >> dndsbl_reply file and the main.cf file is only a label and it could be >> anything. >> Is that a wrong assumption? > > Please describe what is not clear about the following text: > > postscreen_dnsbl_reply_map (default: empty) > A mapping from actual DNSBL domain name which includes a secret pass- > word, to the DNSBL domain name that postscreen will reply with when it > rejects mail. When no mapping is found, the actual DNSBL domain will > be used. > > For maximal stability it is best to use a file that is read into memory > such as pcre:, regexp: or texthash: (texthash: is similar to hash:, > except a) there is no need to run postmap(1) before the file can be > used, and b) texthash: does not detect changes after the file is read). > > Example: > > /etc/postfix/main.cf: > postscreen_dnsbl_reply_map = texthash:/etc/postfix/dnsbl_reply > > /etc/postfix/dnsbl_reply: > secret.zen.spamhaus.org zen.spamhaus.org > > This feature is available in Postfix 2.8. > > Once you set up your postscreen_dnsbl_reply_map, you can query it > to ensure that it works as expected. Using the above example, > the command > > postmap -q secret.zen.spamhaus.org texthash:/etc/postfix/dnsbl_reply > > should produce "zen.spamhaus.org" as output. > > Thanks for helping to improve Postfix. > > Wietse
What is not clear to me in that description is the reason for my original question "Does it matter what the short name returned is; that is could I use zen.spamhaus.org just to keep it shorter?" I tried to make that question more clear the second time I posted by " I am assuming the link between a line in the dndsbl_reply file and the main.cf file is only a label and it could be anything. Is that a wrong assumption? I have changed the label to make it more obvious." To me when I read the text you provided I am left with the question "If the real query address, with the key, is being replaced by some other name, does it matter what that name is and can it be shortened up?" Of course, the reason for my post in the first place was my concern that the name with the key was returned in a reply to a test email I sent from a Yahoo test account which just happened to have been delivered from a Yahoo server which was listed by zen.spam.net. Also, I did have a bit of a mix-up in that in your example text you do use zen.spamhaus.org and in my original set-up instructions from the vendor from whom CNM purchases the Spamhaus service, the address I am to query is <key>..zen.dq.spamhaus.net. This is not to say there is any problem in your text. It was simply my dyslexia seeing what I expect to see and not noticing the net v org that /dev/rob has pointed out. Your making clear two other points (using postmap -q and looking for the log lines to distinguish between postscreen and smtpd) were helpful to me. I can see the returned information which did disclose the key came from postscreen: May 3 17:54:01 mg08 postfix/postscreen[10279]: NOQUEUE: reject: RCPT from [98.136.218.178]:45242: 550 5.7.1 Service unavailable; client [98.136.218.178] blocked using <key>.zen.dq.spamhaus.org; from=<rlopez...@yahoo.com>, to=<rlo...@mg08.cnm.edu>, proto=SMTP, helo=<nm5-vm3.bullet.mail.gq1.yahoo.com> Finally, /dev/rob was exactly correct in the two labels used differed (.net v .org) causing the lookup to fail and "When no mapping is found, the actual DNSBL domain will be used." I believe the answer to my question is the text of the label does not matter (but it must be meaningful enough to communicate) but it must be exactly the same in the dnsbl_reply file and the main.cf file. Life as a dyslexic person is often embarrassing. Thank you. -- Robert Lopez Unix Systems Administrator Central New Mexico Community College (CNM) 525 Buena Vista SE Albuquerque, New Mexico 87106
