svn commit: r1889669 - /spamassassin/trunk/lib/Mail/SpamAssassin/DnsResolver.pm

[he...@apache.org]

Author: hege
Date: Sat May  8 10:00:28 2021
New Revision: 1889669

URL: http://svn.apache.org/viewvc?rev=1889669&view=rev
Log:
Apply dns_query_restriction to SPF/DKIM queries

Modified:
    spamassassin/trunk/lib/Mail/SpamAssassin/DnsResolver.pm

Modified: spamassassin/trunk/lib/Mail/SpamAssassin/DnsResolver.pm
URL: http://svn.apache.org/viewvc/spamassassin/trunk/lib/Mail/SpamAssassin/DnsResolver.pm?rev=1889669&r1=1889668&r2=1889669&view=diff
==============================================================================
--- spamassassin/trunk/lib/Mail/SpamAssassin/DnsResolver.pm (original)
+++ spamassassin/trunk/lib/Mail/SpamAssassin/DnsResolver.pm Sat May  8 10:00:28 2021
@@ -46,7 +46,8 @@ use Mail::SpamAssassin;
 use Mail::SpamAssassin::Logger;
 use Mail::SpamAssassin::Constants qw(:ip);
 use Mail::SpamAssassin::Util qw(untaint_var decode_dns_question_entry
-                                idn_to_ascii reverse_ip_address);
+                                idn_to_ascii reverse_ip_address
+                                domain_to_search_list);
 
 use Socket;
 use Errno qw(EADDRINUSE EACCES);
@@ -683,6 +684,19 @@ sub bgsend {
   my ($self, $domain, $type, $class, $cb) = @_;
   return if $self->{no_resolver};
 
+  my $dns_query_blockages = $self->{main}->{conf}->{dns_query_blocked};
+  if ($dns_query_blockages) {
+    my $search_list = domain_to_search_list($domain);
+    foreach my $parent_domain ((@$search_list, '*')) {
+      my $blocked = $dns_query_blockages->{$parent_domain};
+      next if !defined $blocked; # not listed
+      last if !$blocked; # allowed
+      # blocked
+      dbg("dns: bgsend, query $type/$domain blocked by dns_query_restriction: $parent_domain");
+      return;
+    }
+  }
+
   $self->{send_timed_out} = 0;
 
   my $pkt = $self->new_dns_packet($domain, $type, $class);