Add postscreen_dnsbl_reply_map to avoid disclosure of DQS key with Spamhaus setup

2023-08-01 16:12:44 +02:00 · 2023-08-01 16:12:44 +02:00 · 9f39af46aa
commit 9f39af46aa
parent 57d849a51b
1 changed files with 11 additions and 0 deletions
--- a/data/Dockerfiles/postfix/postfix.sh
+++ b/data/Dockerfiles/postfix/postfix.sh
@ -405,6 +405,17 @@ if [ -n "$SPAMHAUS_DQS_KEY" ]; then
  ${SPAMHAUS_DQS_KEY}.zen.dq.spamhaus.net=127.0.0.2*3
  ${SPAMHAUS_DQS_KEY}.dbl.dq.spamhaus.net=127.0.0.3*4
  ${SPAMHAUS_DQS_KEY}.zrd.dq.spamhaus.net=127.0.0.2*3
+postscreen_dnsbl_reply_map = texthash:/opt/postfix/conf/dnsbl_reply
+EOF
+
+  cat <<EOF > /opt/postfix/conf/dnsbl_reply
+# Autogenerated by mailcow, using Spamhaus DQS lists
+${SPAMHAUS_DQS_KEY}.sbl.dq.spamhaus.net     sbl.spamhaus.org
+${SPAMHAUS_DQS_KEY}.xbl.dq.spamhaus.net     xbl.spamhaus.org
+${SPAMHAUS_DQS_KEY}.pbl.dq.spamhaus.net     pbl.spamhaus.org
+${SPAMHAUS_DQS_KEY}.zen.dq.spamhaus.net     zen.spamhaus.org
+${SPAMHAUS_DQS_KEY}.dbl.dq.spamhaus.net     dbl.spamhaus.org
+${SPAMHAUS_DQS_KEY}.zrd.dq.spamhaus.net     zrd.spamhaus.org
 EOF

 else