[Rspamd-Users] Spamhaus Technology contributions to Rspamd ruleset

[Philip Paeps]

On 2019-07-23 14:19:47 (+0530), Riccardo Alfieri wrote:
> You can find all the needed files and install instructions here: 
> https://github.com/spamhaus/rspamd-dqs

Remko configured this on FreeBSD.org this week.  Thank you for letting 
us use this feed!

I'm keeping an eye on the logs and I'm noticing a couple of odd hits on 
SH_EMAIL_DBL.  E.g.:

SH_EMAIL_DBL(21.00){0.1.134.160;1.177.11.96;0.152.0.0;}

If I understand this correctly, this message picked up 3*7=21 points for 
looking up three addresses in the DBL.  But why are what looks like 
email addresses being looked up in the DBL?

Or more egregious:

SH_EMAIL_DBL(63.00){0.0.0.60;0.0.0.0;0.0.0.48;0.0.0.51;0.0.0.24;0.0.0.49;}
SH_EMAIL_DBL(14.00){0.0.0.1;}

In local.d/emails.conf, we have -- exactly from your configuration:

```
   SH_EMAIL_DBL {
     check_replyto = true;
     domain_only = true;
     dnsbl = "[elided].dbl.dq.spamhaus.net"
     returncodes = {
       SH_EMAIL_DBL = [
         "127.0.1.2",
         "127.0.1.4",
         "127.0.1.5",
         "127.0.1.6"
       ];
       SH_EMAIL_DBL_ABUSED = [
         "127.0.1.102",
         "127.0.1.104",
         "127.0.1.105",
         "127.0.1.106"
       ];
     }
   }
```

Not sure how to debug this further ...  How are IP addresses ending up 
in this lookup?

Any insights?

Philip

-- 
Philip Paeps
Senior Reality Engineer
Alternative Enterprises