Dns verify domain Dispatcher option

Various groups maintain information about spam sources or open relay sites and some sites like to check incoming IP connections against the  lists maintained by such groups. The  Dispatcher    option specifies the host name or  IP address of source against which to check incoming connections.

Note that an alternative to use of the  Dispatcher   option is use of a   routine callout from a mapping table such as. The  Dispatcher   option is simple to set -- but use of    callouts (which come in several flavors) from a mapping table allows for more precise control of checks.

Note that PORT_ACCESS mapping table  probes  (which may optionally be configured to perform their own DNS verification checks using a   routine callout) are made before any   Dispatcher service option  lookups are consulted. If a  probe rejects a connection,  then the    Dispatcher service option  lookup does not need to be (and is not)  performed. And as of MS 6.0, an explicit match in the    mapping table that accepts a connection will cause any    lookups to be omitted for that connection; thus the    mapping table can be used to "white list" source  IP addresses (such as internal IP addresses) which should not receive  the DNS verification lookup.

In legacy configuration, up to five   options are permitted for each service. In Unified Configuration, the  Dispatcher    option takes a host-list of up to five hosts. (Note that SMTP is typically the only service for which such checks make sense.) For example, in Unified Configuration: msconfig&#x3e; set dispatcher.service:SMTP.dns_verify_domain "rbl.maps.vis.com dul.maps.vis.com" Or analogously in legacy configuration: &#x5b;SERVICE=SMTP&#x5d; PORT=25 DNS_VERIFY_DOMAIN=rbl.maps.vix.com DNS_VERIFY_DOMAIN=dul.maps.vix.com If this option is enabled on a well-known port (25, 110, or 143), then a standard message such as the one below will be sent before the  connection is closed: 500 5.7.1 access_control: host 192.168.51.32 found on DNS list and rejected If you wish the MTA to log such rejections, you may set the 24th bit (starting at bit 0) of the Dispatcher debugging    option, in  Unified Configuration: msconfig&#x3e; set dispatcher.debug 16777216 or in legacy configuration , to cause  logging of the rejections to the   file; see  Dispatcher debugging and log files. Such  entries will take the  form: access_control: host a.b.c.d found on DNS list and rejected

See also:
 * PORT_ACCESS mapping table
 * dns_verify callouts
 * Service group
 * debug Option
 * Dispatcher debugging and log files
 * Dispatcher options