Apparently there are paid dnsbl providers out there that put an

authentication key in one of the domain labels. While I don't recommend
this construct; echoing said key back to anyone listed is an even worse
idea.

For these known blacklists strip the key label from the domain when
printing.

Behaviour pointed out by and initial diff from Renaud Allard
(renaud <at> allard <dot> it)

OK jasper@

mail/opensmtpd-filters/dnsbl/Makefile

@@ -1,8 +1,8 @@
-# $OpenBSD: Makefile,v 1.3 2020/01/26 11:14:32 jasper Exp $
+# $OpenBSD: Makefile,v 1.4 2021/10/27 13:57:08 martijn Exp $
 
 COMMENT=	dnsbl integration to the OpenSMTPD daemon
 
-V=		0.2
+V=		0.3
 FILTER_NAME =	dnsbl
 DISTNAME =	filter-dnsbl-${V}
 

mail/opensmtpd-filters/dnsbl/distinfo

@@ -1,2 +1,2 @@
-SHA256 (filter-dnsbl-0.2.tar.gz) = W0tu2lunOLVD7QOWQMI4Agix7X/3ybDBeZrgsAc6X40=
-SIZE (filter-dnsbl-0.2.tar.gz) = 3184
+SHA256 (filter-dnsbl-0.3.tar.gz) = qYM8nO3GfVVoA4WcXiJ3j11IhJfvCSzEseJQCiAYUl4=
+SIZE (filter-dnsbl-0.3.tar.gz) = 3413