Merge pull request #5357 from DocFraggle/staging

Add postscreen_dnsbl_reply_map to avoid disclosure of DQS key
This commit is contained in:
Patrick Schult 2023-08-03 08:15:16 +02:00 committed by GitHub
commit e176724775
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -435,6 +435,17 @@ if [ ! -z "$DNSBL_CONFIG" ]; then
${SPAMHAUS_DQS_KEY}.zen.dq.spamhaus.net=127.0.0.[10;11]*8
${SPAMHAUS_DQS_KEY}.zen.dq.spamhaus.net=127.0.0.3*4
${SPAMHAUS_DQS_KEY}.zen.dq.spamhaus.net=127.0.0.2*3
postscreen_dnsbl_reply_map = texthash:/opt/postfix/conf/dnsbl_reply
EOF
cat <<EOF > /opt/postfix/conf/dnsbl_reply
# Autogenerated by mailcow, using Spamhaus DQS reply domains
${SPAMHAUS_DQS_KEY}.sbl.dq.spamhaus.net sbl.spamhaus.org
${SPAMHAUS_DQS_KEY}.xbl.dq.spamhaus.net xbl.spamhaus.org
${SPAMHAUS_DQS_KEY}.pbl.dq.spamhaus.net pbl.spamhaus.org
${SPAMHAUS_DQS_KEY}.zen.dq.spamhaus.net zen.spamhaus.org
${SPAMHAUS_DQS_KEY}.dbl.dq.spamhaus.net dbl.spamhaus.org
${SPAMHAUS_DQS_KEY}.zrd.dq.spamhaus.net zrd.spamhaus.org
EOF
)
else