You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@spamassassin.apache.org by bu...@bugzilla.spamassassin.org on 2014/12/18 03:03:26 UTC
[Bug 6652] Enable/disable DNS lookups by domain
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6652
Mark Martinec <Ma...@ijs.si> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution|--- |FIXED
Target Milestone|Undefined |3.4.0
--- Comment #2 from Mark Martinec <Ma...@ijs.si> ---
This was made possible by option dns_query_restriction,
probably in version 3.4.0. Closing.
dns_query_restriction (allow|deny) domain1 domain2 ...
Option allows disabling of rules which would result in a DNS query
to one of the listed domains. The first argument must be a literal
"allow" or "deny", remaining arguments are domains names.
Most DNS queries (with some exceptions) are subject to
dns_query_restriction. A domain to be queried is successively
stripped-off of its leading labels (thus yielding a series of its
parent domains), and on each iteration a check is made against an
associative array generated by dns_query_restriction options.
Search stops at the first match (i.e. the tightest match), and the
matching entry with its "allow" or "deny" value then controls
whether a DNS query is allowed to be launched.
If no match is found an implicit default is to allow a query. The
purpose of an explicit "allow" entry is to be able to override a
previously configured "deny" on the same domain or to override an
entry (possibly yet to be configured in subsequent config
directives) on one of its parent domains. Thus an 'allow
zen.spamhaus.org' with a 'deny spamhaus.org' would permit DNS
queries on a specific DNS BL zone but deny queries to other zones
under the same parent domain.
Domains are matched case-insensitively, no wildcards are
recognized, there should be no leading or trailing dot.
Specifying a block on querying a domain name has a similar effect
as setting a score of corresponding DNSBL and URIBL rules to zero,
and can be a handy alternative to hunting for such rules when a
site policy does not allow certain DNS block lists to be queried.
Example:
dns_query_restriction deny dnswl.org surbl.org
dns_query_restriction allow zen.spamhaus.org
dns_query_restriction deny spamhaus.org mailspike.net spamcop.net
--
You are receiving this mail because:
You are the assignee for the bug.