Docs: more notes on dnslists

author Jeremy Harris <jgh146exb@wizmail.org>

Sat, 13 Feb 2021 15:16:47 +0000 (15:16 +0000)

committer Jeremy Harris <jgh146exb@wizmail.org>

Sat, 13 Feb 2021 15:16:47 +0000 (15:16 +0000)
author Jeremy Harris <jgh146exb@wizmail.org>
Sat, 13 Feb 2021 15:16:47 +0000 (15:16 +0000)
committer Jeremy Harris <jgh146exb@wizmail.org>
Sat, 13 Feb 2021 15:16:47 +0000 (15:16 +0000)
diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt

index edba1232fabed75ad7b64834d58eb747178f29fc..782343fd08862737e205a95bf38b3aa42753abc3 100644 (file)
--- a/doc/doc-docbook/spec.xfpt
+++ b/doc/doc-docbook/spec.xfpt
@@ -32496,6 +32496,13 @@ Section &<<SECTaddmatcon>>& below describes how you can distinguish between
  different values. Some DNS lists may return more than one address record;
  see section &<<SECThanmuldnsrec>>& for details of how they are checked.
  
+.new
+Values returned by a properly running DBSBL should be in the 127.0.0.0/8
+range. If a DNSBL operator loses control of the domain, lookups on it
+may start returning other addresses.  Because of this, Exim now ignores
+returned values outside the 127/8 region.
+.wen
+
  
  .section "Variables set from DNS lists" "SECID204"
  .cindex "expansion" "variables, set from DNS list"
@@ -32632,6 +32639,14 @@ deny  dnslists = relays.ordb.org
  .endd
  which is less clear, and harder to maintain.
  
+Negation can also be used with a bitwise-and restriction.
+The dnslists condition with only be trus if a result is returned
+by the lookup which, anded with the restriction, is all zeroes.
+For example:
+.code
+deny dnslists = zen.spamhaus.org!&0.255.255.0
+.endd
+
author	Jeremy Harris <jgh146exb@wizmail.org>
	Sat, 13 Feb 2021 15:16:47 +0000 (15:16 +0000)
committer	Jeremy Harris <jgh146exb@wizmail.org>
	Sat, 13 Feb 2021 15:16:47 +0000 (15:16 +0000)