From: Jeremy Harris Date: Sat, 13 Feb 2021 15:16:47 +0000 (+0000) Subject: Docs: more notes on dnslists X-Git-Tag: exim-4.95-RC0~132 X-Git-Url: https://git.exim.org/exim.git/commitdiff_plain/b307aa8435cd2746e12f0741903814b86f0f3ee9 Docs: more notes on dnslists --- diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt index edba1232f..782343fd0 100644 --- a/doc/doc-docbook/spec.xfpt +++ b/doc/doc-docbook/spec.xfpt @@ -32496,6 +32496,13 @@ Section &<>& below describes how you can distinguish between different values. Some DNS lists may return more than one address record; see section &<>& for details of how they are checked. +.new +Values returned by a properly running DBSBL should be in the 127.0.0.0/8 +range. If a DNSBL operator loses control of the domain, lookups on it +may start returning other addresses. Because of this, Exim now ignores +returned values outside the 127/8 region. +.wen + .section "Variables set from DNS lists" "SECID204" .cindex "expansion" "variables, set from DNS list" @@ -32632,6 +32639,14 @@ deny dnslists = relays.ordb.org .endd which is less clear, and harder to maintain. +Negation can also be used with a bitwise-and restriction. +The dnslists condition with only be trus if a result is returned +by the lookup which, anded with the restriction, is all zeroes. +For example: +.code +deny dnslists = zen.spamhaus.org!&0.255.255.0 +.endd +