Cisco Cisco Email Security Appliance C160 Guía Del Usuario
Chapter 5 Using Message Filters to Enforce Email Policies
5-322
Cisco IronPort AsyncOS 7.1 for Email Advanced Configuration Guide
OL-22164-02
DNS List Rule
The
dnslist()
rule queries a public DNS List server that uses the DNSBL
method (sometimes called “ip4r lookups”) of querying. The IP address of the
incoming connection is reversed (so an IP of 1.2.3.4 becomes 4.3.2.1) and then
added as a prefix to the server name in the parenthesis (a period to separate the
two is added if the server name does not start with one). A DNS query is made,
and the system is returned with either a DNS failure response (indicating the
connection's IP address was not found in the server's list) or an IP address
(indicating that the address was found). The IP address returned is usually of the
form
incoming connection is reversed (so an IP of 1.2.3.4 becomes 4.3.2.1) and then
added as a prefix to the server name in the parenthesis (a period to separate the
two is added if the server name does not start with one). A DNS query is made,
and the system is returned with either a DNS failure response (indicating the
connection's IP address was not found in the server's list) or an IP address
(indicating that the address was found). The IP address returned is usually of the
form
127.0.0.
x where
x
can be almost any number from 0 to 255 (IP address
ranges are not allowed). Some servers actually return different numbers based on
the reason for the listing, while others return the same result for all matches.
the reason for the listing, while others return the same result for all matches.
Like the
header()
rule,
dnslist()
can be used in either a unary or binary
comparison. By itself, it simply evaluates to
true
if a response is received and
false
if no response is received (for example, if the DNS server is unreachable).
the following filter immediately delivers a message if the sender has been bonded
with the IronPort Bonded Sender information services program:
with the IronPort Bonded Sender information services program:
whitelist_bondedsender:
if (dnslist('query.bondedsender.org')) {
skip_filters();
}
Optionally, you can compare the result to a string using the equality (
==
) or
inequality (
!=
) expressions.
quarantine("Policy");
}