.env.example

# /etc/spamhaus-dqs-milter.env
# Sample environment file for spamhaus-dqs-milter
# Recommended permissions:
#   chown root:spamhausmilter /etc/spamhaus-dqs-milter.env
#   chmod 0640 /etc/spamhaus-dqs-milter.env

# --- Required ---
# Your Spamhaus DQS key (inserted into the DQS query name)
SPAMHAUS_DQS_API_KEY=REPLACE_ME_WITH_YOUR_DQS_KEY

# --- Listener (pymilter socket spec) ---
# Default: inet:11332@localhost
SPAMHAUS_DQS_LISTEN=inet:11332@localhost

# --- Logging ---
# DEBUG, INFO, WARNING, ERROR
SPAMHAUS_DQS_LOG_LEVEL=INFO

# --- DNS resolver settings ---
# Comma-separated IPs of resolvers to use. Defaults assume a local resolver (e.g. unbound).
SPAMHAUS_DQS_NAMESERVERS=127.0.0.1,::1

# --- Timeouts (seconds) ---
# Overall milter stage timeout
SPAMHAUS_DQS_MILTER_TIMEOUT=2
# DNS total lifetime (must be < MILTER_TIMEOUT with headroom)
SPAMHAUS_DQS_DNS_LIFETIME=1.8
# Per-try timeout (dnspython)
SPAMHAUS_DQS_DNS_PER_TRY=0.7

# --- Cache ---
# Maximum cached entries
SPAMHAUS_DQS_CACHE_MAX=20000
# TTL (seconds) for positive hits
SPAMHAUS_DQS_CACHE_TTL_LISTED=600
# TTL (seconds) for negative results
SPAMHAUS_DQS_CACHE_TTL_UNLISTED=300

# --- ZEN (IP reputation) check at CONNECT ---
SPAMHAUS_DQS_ZEN_ENABLE=1
# Comma-separated ZEN return codes (127.0.0.X) to reject on
SPAMHAUS_DQS_ZEN_REJECT_CODES=2,3,4,9,10,11

# --- Whitelisting ---
# Exact IP matches (comma-separated)
#SPAMHAUS_DQS_IP_WHITELIST=192.0.2.10,2001:db8::1

# Exact domain matches (comma-separated) for HELO and MAIL FROM domains
#SPAMHAUS_DQS_DOMAIN_WHITELIST=example.com,example.net

# Domain suffix matches (comma-separated) — matches example.com and *.example.com
#SPAMHAUS_DQS_DOMAIN_SUFFIX_WHITELIST=example.edu,example.org

# If 1 and the connecting IP is whitelisted, skip all checks for that connection
SPAMHAUS_DQS_WHITELIST_SKIP_ALL=0