# HG changeset patch
# User Carl Byington <carl@five-ten-sg.com>
# Date 1482361708 28800
# Node ID be776a246f97380cc50220a52c38a42e22617b9e
# Parent  bd16c9005d7906bece0e9467c05a7911e6e97f6c
when dkim require_signed overrides envelope from whitelisting, we still want to check dns based white/blacklists before content filtering

diff -r bd16c9005d79 -r be776a246f97 src/dnsbl.cpp
--- a/src/dnsbl.cpp	Tue Dec 20 17:25:25 2016 -0800
+++ b/src/dnsbl.cpp	Wed Dec 21 15:08:28 2016 -0800
@@ -1267,7 +1267,7 @@
         my_syslog(&priv, msg);
     }
     free((void*)loto);
-    status st;
+    status st = oksofar;
     if (replyvalue == token_black) {
         smfi_setreply(ctx, (char*)"550", (char*)"5.7.1", (char*)"recipient can not reply due to blacklisting");
         return SMFIS_REJECT;
@@ -1305,7 +1305,8 @@
         }
         else st = white;    // might be <>, envelope from has no @
     }
-    else {
+
+    if (st == oksofar) {
         // check the dns based lists, whitelist first
         DNSWLP acceptlist = NULL;   // list that caused the whitelisting
         if (check_dnswl(priv, con.get_dnswl_list(), acceptlist)) {
@@ -1317,13 +1318,6 @@
             }
         }
         else if (check_dnsbl(priv, con.get_dnsbl_list(), rejectlist)) {
-            st = reject;
-        }
-        else {
-            st = oksofar;
-        }
-    }
-    if (st == reject) {
         // reject the recipient based on some dnsbl
         char adr[sizeof "255.255.255.255   "];
         adr[0] = '\0';
@@ -1333,6 +1327,8 @@
         smfi_setreply(ctx, (char*)"550", (char*)"5.7.1", buf);
         return SMFIS_REJECT;
     }
+    }
+
     if (st == oksofar) {
         // check forged rdns
         if (con.get_requirerdns() && (!priv.client_dns_name || priv.client_dns_forged)) {