--- src/smtpd/smtpd_check.c.orig	Sat Jul  8 05:32:43 2006
+++ src/smtpd/smtpd_check.c	Fri Sep  1 23:56:26 2006
@@ -329,6 +329,8 @@
 
 static ARGV *local_rewrite_clients;
 
+#define NO_DEF_ACL	0
+
  /*
   * Pre-parsed expansion filter.
   */
@@ -3009,19 +3011,14 @@
 	template = 0;				/* pretend not found */
     }
 
-    /*
-     * XXX Impedance mis-match.
-     * 
-     * Validate the response, that is, the response must begin with a
-     * three-digit status code, and the first digit must be 4 or 5. If the
-     * response is bad, log a warning and send a generic response instead.
-     */
     if ((STR(why)[0] != '4' && STR(why)[0] != '5')
 	|| !ISDIGIT(STR(why)[1]) || !ISDIGIT(STR(why)[2])
 	|| STR(why)[3] != ' ') {
-	msg_warn("rbl response code configuration error: %s", STR(why));
-	result = smtpd_check_reject(state, MAIL_ERROR_POLICY,
-				    450, "4.7.1", "Service unavailable");
+	msg_info("RBL lookup: %s <%s> is listed on %s",
+		  reply_class, what, rbl_domain);
+	result = check_table_result(state, rbl_domain /* dummy */,
+				    STR(why), template /* dummy */,
+				    what, reply_class, NO_DEF_ACL);
     } else {
 	code = atoi(STR(why));
 	dsn_split(&dp, "4.7.1", STR(why) + 4);
@@ -3453,8 +3450,6 @@
 	 * Spoof the is_map_command() routine, so that we do not have to make
 	 * special cases for the implicit short-hand access map notation.
 	 */
-#define NO_DEF_ACL	0
-
 	if (strchr(name, ':') != 0) {
 	    if (def_acl == NO_DEF_ACL) {
 		msg_warn("specify one of (%s, %s, %s, %s, %s) before %s restriction \"%s\"",
@@ -3551,18 +3546,22 @@
 		   || strcasecmp(name, REJECT_RBL) == 0) {
 	    if (cpp[1] == 0)
 		msg_warn("restriction %s requires domain name argument", name);
-	    else
+	    else {
 		status = reject_rbl_addr(state, *(cpp += 1), state->addr,
 					 SMTPD_NAME_CLIENT);
+		forbid_whitelist(state, name, status, state->namaddr);
+	    }
 	} else if (strcasecmp(name, REJECT_RHSBL_CLIENT) == 0) {
 	    if (cpp[1] == 0)
 		msg_warn("restriction %s requires domain name argument",
 			 name);
 	    else {
 		cpp += 1;
-		if (strcasecmp(state->name, "unknown") != 0)
+		if (strcasecmp(state->name, "unknown") != 0) {
 		    status = reject_rbl_domain(state, *cpp, state->name,
 					       SMTPD_NAME_CLIENT);
+		    forbid_whitelist(state, name, status, state->namaddr);
+		}
 	    }
 	} else if (is_map_command(state, name, CHECK_CCERT_ACL, &cpp)) {
 	    status = check_ccert_access(state, *cpp, def_acl);
@@ -3635,9 +3634,11 @@
 			 name);
 	    else {
 		cpp += 1;
-		if (state->helo_name)
+		if (state->helo_name) {
 		    status = reject_rbl_domain(state, *cpp, state->helo_name,
 					       SMTPD_NAME_HELO);
+		    forbid_whitelist(state, name, status, state->helo_name);
+		}
 	    }
 	}
 
@@ -3705,9 +3706,11 @@
 		msg_warn("restriction %s requires domain name argument", name);
 	    else {
 		cpp += 1;
-		if (state->sender && *state->sender)
+		if (state->sender && *state->sender) {
 		    status = reject_rbl_domain(state, *cpp, state->sender,
 					       SMTPD_NAME_SENDER);
+		    forbid_whitelist(state, name, status, state->sender);
+		}
 	    }
 	} else if (strcasecmp(name, REJECT_UNLISTED_SENDER) == 0) {
 	    if (state->sender && *state->sender)
@@ -3776,9 +3779,11 @@
 		msg_warn("restriction %s requires domain name argument", name);
 	    else {
 		cpp += 1;
-		if (state->recipient)
+		if (state->recipient) {
 		    status = reject_rbl_domain(state, *cpp, state->recipient,
 					       SMTPD_NAME_RECIPIENT);
+		    forbid_whitelist(state, name, status, state->recipient);
+		}
 	    }
 	} else if (strcasecmp(name, CHECK_RCPT_MAPS) == 0
 		   || strcasecmp(name, REJECT_UNLISTED_RCPT) == 0) {