1# DNSBL lookup23The check.dnsbl module implements checking of source IP and hostnames against a set4of DNS-based Blackhole lists (DNSBLs).56Its configuration consists of module configuration directives and a set7of blocks specifying lists to use and kind of lookups to perform on them.89```10check.dnsbl {11 debug no12 check_early no1314 quarantine_threshold 115 reject_threshold 11617 # Lists configuration example.18 dnsbl.example.org {19 client_ipv4 yes20 client_ipv6 no21 ehlo no22 mailfrom no23 score 124 }25 hsrbl.example.org {26 client_ipv4 no27 client_ipv6 no28 ehlo yes29 mailfrom yes30 score 131 }32}33```3435## Arguments3637Arguments specify the list of IP-based BLs to use.3839The following configurations are equivalent.4041```42check {43 dnsbl dnsbl.example.org dnsbl2.example.org44}45```4647```48check {49 dnsbl {50 dnsbl.example.org dnsbl2.example.org {51 client_ipv4 yes52 client_ipv6 no53 ehlo no54 mailfrom no55 score 156 }57 }58}59```6061## Configuration directives6263### debug _boolean_64Default: global directive value6566Enable verbose logging.6768---6970### check_early _boolean_71Default: `no`7273Check BLs before mail delivery starts and silently reject blacklisted clients.7475For this to work correctly, check should not be used in source/destination76pipeline block.7778In particular, this means:7980- No logging is done for rejected messages.81- No action is taken if `quarantine_threshold` is hit, only `reject_threshold`82 applies.83- `defer_sender_reject` from SMTP configuration takes no effect.84- MAIL FROM is not checked, even if specified.8586If you often get hit by spam attacks, it is recommended to enable this87setting to save server resources.8889---9091### quarantine_threshold _integer_92Default: `1`9394DNSBL score needed (equals-or-higher) to quarantine the message.9596---9798### reject_threshold _integer_99Default: `9999`100101DNSBL score needed (equals-or-higher) to reject the message.102103## List configuration104105```106dnsbl.example.org dnsbl.example.com {107 client_ipv4 yes108 client_ipv6 no109 ehlo no110 mailfrom no111 responses 127.0.0.1/24112 score 1113}114```115116Directive name and arguments specify the actual DNS zone to query when checking117the list. Using multiple arguments is equivalent to specifying the same118configuration separately for each list.119120### client_ipv4 _boolean_121Default: `yes`122123Whether to check address of the IPv4 clients against the list.124125---126127### client_ipv6 _boolean_128Default: `yes`129130Whether to check address of the IPv6 clients against the list.131132---133134### ehlo _boolean_135Default: `no`136137Whether to check hostname specified n the HELO/EHLO command138against the list.139140This works correctly only with domain-based DNSBLs.141142---143144### mailfrom _boolean_145Default: `no`146147Whether to check domain part of the MAIL FROM address against the list.148149This works correctly only with domain-based DNSBLs.150151---152153### responses _cidr_ | _ip..._154Default: `127.0.0.1/24`155156IP networks (in CIDR notation) or addresses to permit in list lookup results.157Addresses not matching any entry in this directives will be ignored.158159---160161### score _integer_162Default: `1`163164Score value to add for the message if it is listed.165166If sum of list scores is equals or higher than `quarantine_threshold`, the167message will be quarantined.168169If sum of list scores is equals or higher than `rejected_threshold`, the message170will be rejected.171172It is possible to specify a negative value to make list act like a whitelist173and override results of other blocklists.