What is postscreen_dnsbl_reply_map use for?

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

What is postscreen_dnsbl_reply_map use for?

John anderson
What is the meaning of `postscreen_dnsbl_reply_map` in postscreen (postfix) ?
I've read from documentation:

> if your DNSBL queries have a "secret" in the domain name, you must censor
> this information from the postscreen(8) SMTP replies ([1])

And from manual:

>A mapping from actual DNSBL domain name which includes a secret password,
to the DNSBL domain name that postscreen will reply with when it rejects
mail. When no mapping is found, the actual DNSBL domain will be used. ([2])

I don't understand about *a secret password* means, how a DNS domain name
will include a password?

Could you explain me?


  [1]: http://www.postfix.org/POSTSCREEN_README.html
  [2]: http://www.postfix.org/postconf.5.html



--
Sent from: http://postfix.1071664.n5.nabble.com/Postfix-Users-f2.html
Reply | Threaded
Open this post in threaded view
|

Re: What is postscreen_dnsbl_reply_map use for?

Bill Cole-3
On 23 Sep 2018, at 10:13 (-0400), John anderson wrote:

> What is the meaning of `postscreen_dnsbl_reply_map` in postscreen
> (postfix) ?
> I've read from documentation:
>
>> if your DNSBL queries have a "secret" in the domain name, you must
>> censor
>> this information from the postscreen(8) SMTP replies ([1])
>
> And from manual:
>
>> A mapping from actual DNSBL domain name which includes a secret
>> password,
> to the DNSBL domain name that postscreen will reply with when it
> rejects
> mail. When no mapping is found, the actual DNSBL domain will be used.
> ([2])
>
> I don't understand about *a secret password* means, how a DNS domain
> name
> will include a password?
>
> Could you explain me?

Some non-free DNSBLs give customers a secret DNS label to insert between
the base domain and the query target (i.e. octet-reversed IP or domain
name) as a form of authentication. Obviously this "secret" isn't
well-protected from snooping by actors who can sniff the DNS traffic,
but as a practical matter it is safe enough for most DNSBLs' needs.

--
Bill Cole
[hidden email] or [hidden email]
(AKA @grumpybozo and many *@billmail.scconsult.com addresses)
Available For Hire: https://linkedin.com/in/billcole
Reply | Threaded
Open this post in threaded view
|

Re: What is postscreen_dnsbl_reply_map use for?

John anderson
Dear Bill Cole-3, thank you for the response.
Would you please just clarify  What is postscreen_dnsbl_reply_map use for?

Thank you so much!



--
Sent from: http://postfix.1071664.n5.nabble.com/Postfix-Users-f2.html
Reply | Threaded
Open this post in threaded view
|

Re: What is postscreen_dnsbl_reply_map use for?

allenc
In reply to this post by Bill Cole-3


On 23/09/18 15:46, Bill Cole wrote:

> On 23 Sep 2018, at 10:13 (-0400), John anderson wrote:
>
>> What is the meaning of `postscreen_dnsbl_reply_map` in postscreen (postfix) ?
>> I've read from documentation:
>>
>>> if your DNSBL queries have a "secret" in the domain name, you must censor
>>> this information from the postscreen(8) SMTP replies ([1])
>>
>> And from manual:
>>
>>> A mapping from actual DNSBL domain name which includes a secret password,
>> to the DNSBL domain name that postscreen will reply with when it rejects
>> mail. When no mapping is found, the actual DNSBL domain will be used. ([2])
>>
>> I don't understand about *a secret password* means, how a DNS domain name
>> will include a password?
>>
>> Could you explain me?
>
> Some non-free DNSBLs give customers a secret DNS label to insert between the base domain and the query target (i.e.
> octet-reversed IP or domain name) as a form of authentication. Obviously this "secret" isn't well-protected from
> snooping by actors who can sniff the DNS traffic, but as a practical matter it is safe enough for most DNSBLs' needs.
>
> --
> Bill Cole
> [hidden email] or [hidden email]
> (AKA @grumpybozo and many *@billmail.scconsult.com addresses)
> Available For Hire: https://linkedin.com/in/billcole
>

You can also use it to redirect ALL your DNSBLs to the same reference website (for arguments sake,
http://multirbl.valli.org)

Allen C
Reply | Threaded
Open this post in threaded view
|

Re: What is postscreen_dnsbl_reply_map use for?

Matus UHLAR - fantomas
In reply to this post by John anderson
On 23.09.18 09:06, John anderson wrote:
>Dear Bill Cole-3, thank you for the response.
>Would you please just clarify  What is postscreen_dnsbl_reply_map use for?

he just did it.
Instead of saying:
"rejected: your IP is listed in zen.lhouyh.spamhaus.org"
or e.g.:
"rejected: your IP is listed in list.dnswl.org"
(this may happen when even when you use dnswl with negative score, since
postscreen doesn't care about weights, could be something to implement)

it will say:
"rejected: your IP is listed in multiple dns-based blocklists"

--
Matus UHLAR - fantomas, [hidden email] ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Silvester Stallone: Father of the RISC concept.