From b307aa8435cd2746e12f0741903814b86f0f3ee9 Mon Sep 17 00:00:00 2001 From: Jeremy Harris Date: Sat, 13 Feb 2021 15:16:47 +0000 Subject: [PATCH] Docs: more notes on dnslists --- doc/doc-docbook/spec.xfpt | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt index edba1232f..782343fd0 100644 --- a/doc/doc-docbook/spec.xfpt +++ b/doc/doc-docbook/spec.xfpt @@ -32496,6 +32496,13 @@ Section &<>& below describes how you can distinguish between different values. Some DNS lists may return more than one address record; see section &<>& for details of how they are checked. +.new +Values returned by a properly running DBSBL should be in the 127.0.0.0/8 +range. If a DNSBL operator loses control of the domain, lookups on it +may start returning other addresses. Because of this, Exim now ignores +returned values outside the 127/8 region. +.wen + .section "Variables set from DNS lists" "SECID204" .cindex "expansion" "variables, set from DNS list" @@ -32632,6 +32639,14 @@ deny dnslists = relays.ordb.org .endd which is less clear, and harder to maintain. +Negation can also be used with a bitwise-and restriction. +The dnslists condition with only be trus if a result is returned +by the lookup which, anded with the restriction, is all zeroes. +For example: +.code +deny dnslists = zen.spamhaus.org!&0.255.255.0 +.endd + -- 2.30.2