This plugin looks up the connecting IP address in an IP blocklist. Mails found to be in the blocklist are rejected.
This plugins uses the following files:
dnsbl.zones - Contains a list of zones to query, one per line.
dnsbl.ini - INI format with options described below:
A comma or semi-colon list of zones to query. It will be merged with any lists in dnsbl.zones.
If enabled, this will check all the zones every n minutes. The minimum value that will be accepted here is 5. Any value less than 5 will cause the checks to be run at start-up only.
The checks confirm that the list is responding and that it is not listing the world. If any errors are detected, then the zone is disabled and will be re-checked on the next test. If a zone subsequently starts working correctly then it will be re-enabled.
To use this feature you must have installed the 'redis' module and have a redis server running.
When enabled, this will record several list statistics to redis.
It will track the total number of queries (TOTAL) and the average response time (AVG_RT) and the return type (e.g. LISTED or ERROR) to a redis hash where the key is 'dns-list-stat:zone' and the hash field is the response type.
It will also track the positive response overlap between the lists in another redis hash where the key is 'dns-list-overlap:zone' and the hash field is the other list names.
Example:redis 127.0.0.1:6379> hgetall dns-list-stat:zen.spamhaus.org 1) "TOTAL" 2) "23" 3) "ENOTFOUND" 4) "11" 5) "LISTED" 6) "12" 7) "AVG_RT" 8) "45.5" redis 127.0.0.1:6379> hgetall dns-list-overlap:zen.spamhaus.org 1) "b.barracudacentral.org" 2) "1" 3) "bl.spamcop.net" 4) "1" 5) "TOTAL" 6) "1"
In the form of
host:portthis option allows you to specify a different host on which redis runs.
- reject (default: true)
Reject connections from IPs that are blacklisted. Setting this to false makes dnsbl informational. reject=false is best used in conjunction with plugins like karma that employ a scoring engine to make choices about message delivery.
- search: (default: first)
first: consider first DNSBL response conclusive. End processing. all: process all DNSBL results