[Rspamd-Users] Spamhaus Technology contributions to Rspamd ruleset

Riccardo Alfieri riccardo.alfieri at spamteq.com
Thu Aug 1 14:20:18 UTC 2019

On 01/08/19 13:39, Philip Paeps wrote:

> On 2019-07-23 14:19:47 (+0530), Riccardo Alfieri wrote:
>> You can find all the needed files and install instructions here: 
>> https://github.com/spamhaus/rspamd-dqs
> Remko configured this on FreeBSD.org this week.  Thank you for letting 
> us use this feed!
We're honored :)
> I'm keeping an eye on the logs and I'm noticing a couple of odd hits 
> on SH_EMAIL_DBL.  E.g.:
> SH_EMAIL_DBL(21.00){;;;}
> If I understand this correctly, this message picked up 3*7=21 points 
> for looking up three addresses in the DBL.  But why are what looks 
> like email addresses being looked up in the DBL?
> Or more egregious:
> SH_EMAIL_DBL(63.00){;;;;;;} 
> SH_EMAIL_DBL(14.00){;}
That should -never- happen as the option "domain_only = true;" should 
mean that the check is only done on the domain. Besides, asking DBL or 
ZRD for an IP address will return and that is a return code 
not defined in the emails.conf section, meaning that it had not been 
used in scoring (I think?)

Probably (just guessing here), the line


means that the rule was tested with those IP address, but since there 
where no results, it weights "0.00" on the global score. But then I 
don't understand why SH_EMAIL_DBL has been scored so high with IP 

I think that, while we wait for clarifications on what effectively 
"domain_only" does, I'll add also error return codes in emails.conf like 
I already did in rbl.conf

Best regards,
Riccardo Alfieri

Spamhaus Technology

More information about the Users mailing list