add support for spamhaus dqs

setup/mail-postfix.sh

@@ -265,6 +265,11 @@ CONF_SMTPD_RECIPIENT_RESTRICTIONS=$(cat <<-END
         warn_if_reject reject_rbl_client $ZEN_QUERY=127.255.255.[1..255],        
 END
 )
+
+	# Cleanup dnsbl reply mapping, potentially set when DQS was enabled previously
+	management/editconf.py /etc/postfix/main.cf -e rbl_reply_maps=
+	
+	rm -rf /etc/postfix/dnsbl-reply-map
 else
         # Use Data Query Service for blocklist query URLs
         DBL_QUERY=$SPAMHAUS_DQS_KEY.dbl.dq.spamhaus.net
@@ -282,6 +287,18 @@ CONF_SMTPD_RECIPIENT_RESTRICTIONS=$(cat <<-END
         reject_rbl_client                $ZEN_QUERY=127.0.0.[2..255],
 END
 )
+
+	# Setup dnsbl reply mapping, to avoid leaking your DQS key in reject messages
+	cat > /etc/postfix/dnsbl-reply-map <<- EOF;
+	$ZEN_QUERY=127.0.0.[2.255]      \$rbl_code Service unavailable; \$rbl_class [\$rbl_what] blocked using zen.spamhaus.org\${rbl_reason?; \$rbl_reason}
+	$DBL_QUERY=127.0.1.[2..99]      \$rbl_code Service unavailable; \$rbl_class [\$rbl_what] blocked using dbl.spamhaus.org\${rbl_reason?; \$rbl_reason}
+	$ZRD_QUERY=127.0.2.[2..24]      \$rbl_code Service unavailable; \$rbl_class [\$rbl_what] blocked using zrd.spamhaus.org\${rbl_reason?; \$rbl_reason}
+EOF
+
+	postmap hash:/etc/postfix/dnsbl-reply-map
+
+	management/editconf.py /etc/postfix/main.cf \
+		rbl_reply_maps=hash:/etc/postfix/dnsbl-reply-map
 fi
 
 # Define configuration for smtpd_sender_restrictions