implement only monitoring dns blocklists, without using them for incoming deliveries

so you can still know when someone has put you on their blocklist (which may
affect delivery), without using them.

also query dnsbls for our ips more often when we do more outgoing connections
for delivery: once every 100 messages, but at least 5 mins and at most 3 hours
since the previous check.

mox-/config.go

@@ -24,6 +24,7 @@ import (
 	"os/user"
 	"path/filepath"
 	"regexp"
+	"slices"
 	"sort"
 	"strconv"
 	"strings"
@@ -242,6 +243,13 @@ func (c *Config) Routes(accountName string, domain dns.Domain) (accountRoutes, d
 	return
 }
 
+func (c *Config) MonitorDNSBLs() (zones []dns.Domain) {
+	c.withDynamicLock(func() {
+		zones = c.Dynamic.MonitorDNSBLZones
+	})
+	return
+}
+
 func (c *Config) allowACMEHosts(log mlog.Log, checkACMEHosts bool) {
 	for _, l := range c.Static.Listeners {
 		if l.TLS == nil || l.TLS.ACME == "" {
@@ -1609,6 +1617,19 @@ func prepareDynamicConfig(ctx context.Context, log mlog.Log, dynamicPath string,
 		}
 	}
 
+	for _, s := range c.MonitorDNSBLs {
+		d, err := dns.ParseDomain(s)
+		if err != nil {
+			addErrorf("invalid monitor dnsbl zone %s: %v", s, err)
+			continue
+		}
+		if slices.Contains(c.MonitorDNSBLZones, d) {
+			addErrorf("duplicate zone %s in monitor dnsbl zones", d)
+			continue
+		}
+		c.MonitorDNSBLZones = append(c.MonitorDNSBLZones, d)
+	}
+
 	return
 }