[Rspamd-Users] RECEIVED_SPAMHAUS_FAIL(0.00) when own Spamhaustech.com account is specified

Christian Balzer chibi at gol.com
Mon Apr 8 09:20:40 UTC 2019 

On Mon, 8 Apr 2019 10:19:22 +0200 Sophie Loewenthal wrote:

> > On 8 Apr 2019, at 09:46, Tim Harman via Users <users at lists.rspamd.com> wrote:
> > 
> > <snip snip>
> >   
> >>>   Hi Tim,
> >>>   Thanks for confirming what I had suspected. I recall I disabled the
> >>>   public lookups but this has since been over written.
> >>>   I shall try to find out how I can disable free Spamhaus lookups.
> >>>   I use an internal DNS and do not query against public DNS servers.
> >>>   Does anyone on the list know off-hand in which local.d/...conf file one
> >>>   should config this ?
> >>>   Thanks .  
> >> I'm in a similar situation and no incantation of local or override I came
> >> up with did the job.
> >> Same for some other configurations like surbl.conf, but things
> >> are working just fine and as expected with yet others.
> >> So any example that just changes the rbl settings for these would be
> >> appreciated.
> >> Regards,
> >> Christian  
> > 
> > Doesn't just editing /etc/rspamd/local.d/rbl.conf do it for you?
> > 
> > For example, I just put this in mine:
> > 
> > rbls {
> >  spamhaus {
> >    rbl = "cheese.org"
> >  }
> > }
> > 
> > And now:
> > 
> > root at mail:/etc/rspamd/local.d# rspamadm configdump rbl
> > *** Section rbl ***
> > default_exclude_users = true;
> > default_received = false;
> > default_unknown = true;
> > default_from = true;
> > rbls {
> > 
> > <snip snip snip a lot of other RBLS I have>
> > 
> >    spamhaus {
> >        returncodes {
> >            RBL_SPAMHAUS_SBL = "127.0.0.2";
> >            RBL_SPAMHAUS_XBL [
> >                "127.0.0.4",
> >                "127.0.0.5",
> >                "127.0.0.6",
> >                "127.0.0.7",
> >            ]
> >            RBL_SPAMHAUS_CSS = "127.0.0.3";
> >            RBL_SPAMHAUS_DROP = "127.0.0.9";
> >            RBL_SPAMHAUS_PBL [
> >                "127.0.0.10",
> >                "127.0.0.11",
> >            ]
> >        }
> >        rbl = "cheese.org";  <---------------- It's applied just fine!
> >        ipv6 = true;
> >        symbol = "RBL_SPAMHAUS";
> >    }
> > 
> > Maybe you're also forgetting to change this, found lower in the rbls:
> > 
> >    spamhaus_received {
> >        ignore_whitelists = true;
> >        returncodes {
> >            RECEIVED_SPAMHAUS_CSS = "127.0.0.3";
> >            RECEIVED_SPAMHAUS_XBL [
> >                "127.0.0.4",
> >                "127.0.0.5",
> >                "127.0.0.6",
> >                "127.0.0.7",
> >            ]
> >            RECEIVED_SPAMHAUS_DROP = "127.0.0.9";
> >            RECEIVED_SPAMHAUS_SBL = "127.0.0.2";
> >            RECEIVED_SPAMHAUS_PBL [
> >                "127.0.0.10",
> >                "127.0.0.11",
> >            ]
> >        }
> >        symbol = "RECEIVED_SPAMHAUS";
> >        from = false;
> >        rbl = "zen.spamhaus.org";
> >        received = true;
> >        ipv6 = true;
> >    }
> > 
> > 
> > You'd override that with:
> > 
> > 
> > rbls {
> >  spamhaus {
> >    rbl = "cheese.org"
> >  }
> >  spamhaus_received {
> >    rbl = "cheese.org"
> >  }
> > }
> > 
> > in your /etc/rspamd/local.d/rbl.conf
> > 
> > Obviously replace cheese.org with the actual fancy-pants custom zen lookup domain you've been given, oh ye who can afford one (can you tell I'm jealous?)
> > 
> > That _should_ work?
> > 
> > Tim  
> 
> Hi Tim,
> 
> 
> I already have this in the rbl.conf
> 
> **Yours**
> 
> rbls {
>  spamhaus {
>    rbl = "cheese.org"
>  }
> }
> 
> **Mine**
> 
> spamhaus {
>        rbl = "xxxxxxx.zen.dq.spamhaus.net";
>    }
>    spamhaus_xbl {
>        rbl = "xxxxxxx.zen.dq.spamhaus.net";
>    }
> }
> 
> 
> And my gives "rspamadm configdump rbl" gives:
> 
>         symbol = "RECEIVED_SPAMHAUS";
>         from = false;
>         rbl = "zen.spamhaus.org";
>         received = true;
>         ipv6 = true;
>  
> <snip>
>    spamhaus_xbl {
>         rbl = "xxxxxx.zen.dq.spamhaus.net";
>     }
> <snip>
>     spamhaus {
>         returncodes {
>             RBL_SPAMHAUS_SBL = "127.0.0.2";
>             RBL_SPAMHAUS_XBL [
>                 "127.0.0.4",
>                 "127.0.0.5",
>                 "127.0.0.6",
>                 "127.0.0.7",
>             ]
>             RBL_SPAMHAUS_CSS = "127.0.0.3";
>             RBL_SPAMHAUS_DROP = "127.0.0.9";
>             RBL_SPAMHAUS_PBL [
>                 "127.0.0.10",
>                 "127.0.0.11",
>             ]
>         }
>         rbl = "xxxxxx.zen.dq.spamhaus.net";
>         ipv6 = true;
>         symbol = "RBL_SPAMHAUS";
>     }
> 
> 
> 
> It didn’t change.  This could be a bit moot in my case (but not in Christian’s case) because my Postfix milters reject on spamhaus RBLs. If spam made it as far as rspamd, then it’s not in Spamhaus.  
> Does a negative hit on SPamhaus has any weight on rspamd classification/rule combination?  
> 

You will want this working as only SBL and XBL hits from the incoming IP
are blockworthy with low FP.
But you can will score if along the received lines listed addresses show
up, blocked email domains, etc.

Regards,

Christian

> Regards, Fancy Pant’s owner.
> -- 
> Users mailing list
> Users at lists.rspamd.com
> https://lists.rspamd.com/mailman/listinfo/users


-- 
Christian Balzer        Network/Systems Engineer                
chibi at gol.com   	Rakuten Communications

More information about the Users mailing list