haraka-plugin-dns-list 1.0.0
Install from the command line:
Learn more about npm packages
$ npm install @haraka/haraka-plugin-dns-list@1.0.0
Install via package.json:
"@haraka/haraka-plugin-dns-list": "1.0.0"
About this version
Looks up the IP address of the remote host in a IP list(s). There are several types of DNS based lists:
Block lists (aka: DNSBL) are designed to be used for blocking mail from any host listed in them. Block lists are the most common DNS list type and lists without a type specifier are considered block lists. The default action for block lists is the reject the connection. This can be changed by setting reject=false
in the zone's settings block.
When the remote IP is found in an allow list, this plugin returns OK for the ehlo, helo, and mail hooks.
IMPORTANT! The order of plugins in config/plugins is important when this feature is used. It should be listed before any plugins that you wish to skip, but after any plugins that accept recipients.
cd /path/to/local/haraka
npm install haraka-plugin-dns-list
echo "dns-list" >> config/plugins
service haraka restart
If the default configuration is insufficient, copy the config file from the distribution into your haraka config dir and modify it:
cp node_modules/haraka-plugin-dns-list/config/dns-list.ini config/dns-list.ini
$EDITOR config/dns-list.ini
dns-lists.ini - INI format with options described below:
Check every DNS zone every N
minutes. When the value is less than 5, checks will only be run at start-up.
The checks confirm that lists are responding correctly. When errors are detected, the zone is disabled and will be checked at the next interval. When a zone resumes working correctly it will be enabled.
An array or comma separated list of zones to query.
- first: consider first DNSBL response conclusive. End processing.
- all: process all DNSBL results
To use this feature you must have installed and configured the 'redis' plugin.
When enabled, this will record several list statistics to redis.
It will track the total number of queries (TOTAL) and the average response time (AVG\_RT) and the return type (e.g. LISTED or ERROR) to a redis hash where the key is 'dns-list-stat:zone' and the hash field is the response type.
It will also track the positive response overlap between the lists in another redis hash where the key is 'dns-list-overlap:zone' and the hash field is the other list names.
Example:
<pre><code>redis 127.0.0.1:6379> hgetall dns-list-stat:zen.spamhaus.org
1) "TOTAL"
2) "23"
3) "ENOTFOUND"
4) "11"
5) "LISTED"
6) "12"
7) "AVG_RT"
8) "45.5"
redis 127.0.0.1:6379> hgetall dns-list-overlap:zen.spamhaus.org
1) "b.barracudacentral.org"
2) "1"
3) "bl.spamcop.net"
4) "1"
5) "TOTAL"
6) "1"
</code></pre>
In the form of host:port
this option allows you to specify a different host on which redis runs.
The exact name of the DNS zone (as specified above in main.zones) may contain settings about that DNS list.
- type=[ block, allow, karma ]
- reject (default: true) Reject connections from IPs on block lists. Setting this to false makes dnsbl informational. reject=false is best used in conjunction with plugins like karma that employ a scoring engine to make choices about message delivery.
- ipv6=true | false