Hi, I hoped someone could help me clear up some confusion. I
understand postscreen_dnsbl_reply_map is for postscreen_dnsbl_sites, but I
have dnsblog entries revealing my spamhaus key from entries in the
postscreen_dnsbl_sites section, not smtp_recipient_restrictions.
postscreen_dnsbl_sites =
mykey.zen.dq.spamhaus.net=127.0.0.[10;11]*8
...
postscreen_dnsbl_reply_map =
texthash:/etc/postfix/postscreen_dnsbl_reply_map
postscreen_blacklist_action = drop
postscreen_dnsbl_action = enforce
rbl_reply_maps = hash:/etc/postfix/dnsbl_reply_map
/etc/postfix/postscreen_dnsbl_reply_map:
mykey.zen.dq.spamhaus.net DNS Blocklist (spamhaus)
I've also tried including variations, including these:
mykey.zen.dq.spamhaus.net=127.0.0.[10;11]*8 DNS Blocklist (spamhaus8)
mykey.zen.dq.spamhaus.net=127.0.0.[10;11] DNS Blocklist (spamhaus8)
Entries in my logs appear like:
Dec 10 20:09:39 mail03 postfix/dnsblog[54775]: addr 5.170.224.57 listed by
domain mykey.zen.dq.spamhaus.net as 127.0.0.11
Dec 10 20:09:39 mail03 postfix/dnsblog[54775]: addr 5.170.224.57 listed by
domain mykey.zen.dq.spamhaus.net as 127.0.0.3
Dec 10 20:09:39 mail03 postfix/dnsblog[54775]: addr 5.170.224.57 listed by
domain mykey.zen.dq.spamhaus.net as 127.0.0.4
I've even commented out all the spamhaus entries in
smtpd_recipient_restrictions to be sure it wasn't coming from there. There
are also postscreen entries which appear to be mapping the key properly:
Dec 10 20:12:42 mail03 postfix/postscreen[52702]: NOQUEUE: reject: RCPT
from [89.155.61.127]:40377: 550 5.7.1 Service unavailable; client
[89.155.61.127] blocked using D
NS Blocklist (spamhaus); from=<hina.s...@example.com>, to=<
hina.s...@example.com>, proto=ESMTP, helo=<a89-155-61-127.cpe.netcabo.pt>
It seems like for every postscreen entry that is mapped, there is also at
least one dnsblog entry that is not properly mapped.
I'm assuming it's okay to use DNSBLs in both postscreen and recipient
restrictions because recipient restrictions is able to check other things
not available to postscreen at that time, correct?
