https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7417
--- Comment #15 from Benny Pedersen <[email protected]> --- is man page at fail ? # # dns_query_restriction (allow|deny) domain1 domain2 ... # Option allows disabling of rules which would result in a DNS query to # one of the listed domains. The first argument must be a literal # "allow" or "deny", remaining arguments are domains names. # # Most DNS queries (with some exceptions) are subject to # dns_query_restriction. A domain to be queried is successively # stripped-off of its leading labels (thus yielding a series of its # parent domains), and on each iteration a check is made against an # associative array generated by dns_query_restriction options. Search # stops at the first match (i.e. the tightest match), and the matching # entry with its "allow" or "deny" value then controls whether a DNS # query is allowed to be launched. # # If no match is found an implicit default is to allow a query. The # purpose of an explicit "allow" entry is to be able to override a # previously configured "deny" on the same domain or to override an # entry (possibly yet to be configured in subsequent config directives) # on one of its parent domains. Thus an 'allow zen.spamhaus.org' with a # 'deny spamhaus.org' would permit DNS queries on a specific DNS BL zone # but deny queries to other zones under the same parent domain. # # Domains are matched case-insensitively, no wildcards are recognized, # there should be no leading or trailing dot. # # Specifying a block on querying a domain name has a similar effect as # setting a score of corresponding DNSBL and URIBL rules to zero, and # can be a handy alternative to hunting for such rules when a site # policy does not allow certain DNS block lists to be queried. # # Example: dns_query_restriction deny dnswl.org surbl.org # dns_query_restriction allow zen.spamhaus.org dns_query_restriction # deny spamhaus.org mailspike.net spamcop.net -- You are receiving this mail because: You are the assignee for the bug.
