https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6652
Mark Martinec <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution|--- |FIXED Target Milestone|Undefined |3.4.0 --- Comment #2 from Mark Martinec <[email protected]> --- This was made possible by option dns_query_restriction, probably in version 3.4.0. Closing. dns_query_restriction (allow|deny) domain1 domain2 ... Option allows disabling of rules which would result in a DNS query to one of the listed domains. The first argument must be a literal "allow" or "deny", remaining arguments are domains names. Most DNS queries (with some exceptions) are subject to dns_query_restriction. A domain to be queried is successively stripped-off of its leading labels (thus yielding a series of its parent domains), and on each iteration a check is made against an associative array generated by dns_query_restriction options. Search stops at the first match (i.e. the tightest match), and the matching entry with its "allow" or "deny" value then controls whether a DNS query is allowed to be launched. If no match is found an implicit default is to allow a query. The purpose of an explicit "allow" entry is to be able to override a previously configured "deny" on the same domain or to override an entry (possibly yet to be configured in subsequent config directives) on one of its parent domains. Thus an 'allow zen.spamhaus.org' with a 'deny spamhaus.org' would permit DNS queries on a specific DNS BL zone but deny queries to other zones under the same parent domain. Domains are matched case-insensitively, no wildcards are recognized, there should be no leading or trailing dot. Specifying a block on querying a domain name has a similar effect as setting a score of corresponding DNSBL and URIBL rules to zero, and can be a handy alternative to hunting for such rules when a site policy does not allow certain DNS block lists to be queried. Example: dns_query_restriction deny dnswl.org surbl.org dns_query_restriction allow zen.spamhaus.org dns_query_restriction deny spamhaus.org mailspike.net spamcop.net -- You are receiving this mail because: You are the assignee for the bug.
