[Rspamd-Users] Spamhaus Technology contributions to Rspamd ruleset

Philip Paeps philip at trouble.is
Thu Aug 1 14:36:50 UTC 2019

On 2019-08-01 19:50:18 (+0530), Riccardo Alfieri wrote:
> On 01/08/19 13:39, Philip Paeps wrote:
>> I'm keeping an eye on the logs and I'm noticing a couple of odd hits 
>> on SH_EMAIL_DBL.  E.g.:
>> SH_EMAIL_DBL(21.00){;;;}
>> If I understand this correctly, this message picked up 3*7=21 points 
>> for looking up three addresses in the DBL.  But why are what looks 
>> like email addresses being looked up in the DBL?
>> Or more egregious:
>> SH_EMAIL_DBL(63.00){;;;;;;}
>> SH_EMAIL_DBL(14.00){;}
> That should -never- happen as the option "domain_only = true;" should 
> mean that the check is only done on the domain. Besides, asking DBL or 
> ZRD for an IP address will return and that is a return 
> code not defined in the emails.conf section, meaning that it had not 
> been used in scoring (I think?)
> Probably (just guessing here), the line
> SH_EMAIL_ZRD(0.00){;;;}
> means that the rule was tested with those IP address, but since there 
> where no results, it weights "0.00" on the global score. But then I 
> don't understand why SH_EMAIL_DBL has been scored so high with IP 
> addresses...
> I think that, while we wait for clarifications on what effectively 
> "domain_only" does, I'll add also error return codes in emails.conf 
> like I already did in rbl.conf

That sounds like a good idea.

While SH_EMAIL_ZRD returning 0.0 is not a huge problem, SH_EMAIL_DBL 
returning extremely high scores for IP addresses (that shouldn't be 
listed) is unfortunately causing a fair amount of email to be rejected.

I'm also not sure where the IP addresses come from in those results.  
Though since the messages were rejected, I can't go look at the headers. 


Philip Paeps
Senior Reality Engineer
Alternative Enterprises

More information about the Users mailing list