This refers to e.g
http://www.exim.org/exim-html-4.20/doc/html/spec_37.html#IX2185
or to the corresponding section of spec.txt in the current release.
The documentation says
| You can change the name that is looked up by
| adding additional data to a "dnslists" item, introduced by a slash.
| For example,
|
| deny message = Sender's domain is listed at $dnslist_domain
| dnslists = dsn.rfc-ignorant.org/$sender_address_domain
So far, so good. What was not obvious to me, one way or the other,
until I tried it, was that if one has parsed-out an IP address of
interest, for example by means of a regex, and wants to test it by
means of this mechanism against an IP-based DNSrbl, then one must
explicitly reverse the order of the octets in order to form the string
value to supply to the right of the "/".
The point of this posting was to suggest that the documentation might
make that point more explicit. Hope that's useful.
To be honest, I haven't put this to any good practical use yet, but I
have some ideas based on IP addresses parsed out of things like
X-Authentication warning: ... [11.22.33.44] claimed to be foo.bar
as possible "laundered spam" indicators, when the IP in question
checks out as a DNSrbl'ed open proxy.