dnsbl plugin

This plugin looks up the connecting IP address in an IP blocklist. Mails found to be in the blocklist are rejected.

Configuration

This plugins uses the following files:

dnsbl.zones - Contains a list of zones to query, one per line.

dnsbl.ini - INI format with options described below:

  • zones
    A comma or semi-colon list of zones to query. It will be merged with any lists in dnsbl.zones.
  • periodic_checks
    If enabled, this will check all the zones every n minutes. The minimum value that will be accepted here is 5. Any value less than 5 will cause the checks to be run at start-up only.
    The checks confirm that the list is responding and that it is not listing the world. If any errors are detected, then the zone is disabled and will be re-checked on the next test. If a zone subsequently starts working correctly then it will be re-enabled.
  • enable_stats
    To use this feature you must have installed the 'redis' module and have a redis server running.
    When enabled, this will record several list statistics to redis.
    It will track the total number of queries (TOTAL) and the average response time (AVG_RT) and the return type (e.g. LISTED or ERROR) to a redis hash where the key is 'dns-list-stat:zone' and the hash field is the response type.
    It will also track the positive response overlap between the lists in another redis hash where the key is 'dns-list-overlap:zone' and the hash field is the other list names.
    Example:
    redis 127.0.0.1:6379> hgetall dns-list-stat:zen.spamhaus.org
      1) "TOTAL"
      2) "23"
      3) "ENOTFOUND"
      4) "11"
      5) "LISTED"
      6) "12"
      7) "AVG_RT"
      8) "45.5"
      redis 127.0.0.1:6379> hgetall dns-list-overlap:zen.spamhaus.org
      1) "b.barracudacentral.org"
      2) "1"
      3) "bl.spamcop.net"
      4) "1"
      5) "TOTAL"
      6) "1"
      
  • stats_redis_host
    In the form of host:port this option allows you to specify a different host on which redis runs.
  • reject (default: true)
    Reject connections from IPs that are blacklisted. Setting this to false makes dnsbl informational. reject=false is best used in conjunction with plugins like karma that employ a scoring engine to make choices about message delivery.
  • search: (default: first)
    first: consider first DNSBL response conclusive. End processing. all: process all DNSBL results