Hi, I hoped someone could help me clear up some confusion. I understand postscreen_dnsbl_reply_map is for postscreen_dnsbl_sites, but I have dnsblog entries revealing my spamhaus key from entries in the postscreen_dnsbl_sites section, not smtp_recipient_restrictions.
postscreen_dnsbl_sites = mykey.zen.dq.spamhaus.net=127.0.0.[10;11]*8 ... postscreen_dnsbl_reply_map = texthash:/etc/postfix/postscreen_dnsbl_reply_map postscreen_blacklist_action = drop postscreen_dnsbl_action = enforce rbl_reply_maps = hash:/etc/postfix/dnsbl_reply_map /etc/postfix/postscreen_dnsbl_reply_map: mykey.zen.dq.spamhaus.net DNS Blocklist (spamhaus) I've also tried including variations, including these: mykey.zen.dq.spamhaus.net=127.0.0.[10;11]*8 DNS Blocklist (spamhaus8) mykey.zen.dq.spamhaus.net=127.0.0.[10;11] DNS Blocklist (spamhaus8) Entries in my logs appear like: Dec 10 20:09:39 mail03 postfix/dnsblog[54775]: addr 5.170.224.57 listed by domain mykey.zen.dq.spamhaus.net as 127.0.0.11 Dec 10 20:09:39 mail03 postfix/dnsblog[54775]: addr 5.170.224.57 listed by domain mykey.zen.dq.spamhaus.net as 127.0.0.3 Dec 10 20:09:39 mail03 postfix/dnsblog[54775]: addr 5.170.224.57 listed by domain mykey.zen.dq.spamhaus.net as 127.0.0.4 I've even commented out all the spamhaus entries in smtpd_recipient_restrictions to be sure it wasn't coming from there. There are also postscreen entries which appear to be mapping the key properly: Dec 10 20:12:42 mail03 postfix/postscreen[52702]: NOQUEUE: reject: RCPT from [89.155.61.127]:40377: 550 5.7.1 Service unavailable; client [89.155.61.127] blocked using D NS Blocklist (spamhaus); from=<hina.s...@example.com>, to=< hina.s...@example.com>, proto=ESMTP, helo=<a89-155-61-127.cpe.netcabo.pt> It seems like for every postscreen entry that is mapped, there is also at least one dnsblog entry that is not properly mapped. I'm assuming it's okay to use DNSBLs in both postscreen and recipient restrictions because recipient restrictions is able to check other things not available to postscreen at that time, correct?