[Rspamd-Users] Spamhaus Technology contributions to Rspamd ruleset

Riccardo Alfieri riccardo.alfieri at spamteq.com
Wed Jul 24 12:12:08 UTC 2019

On 24/07/19 13:44, Jeroen de Meijer wrote:

> Now seeing the samen messages in the log as Philip Paeps reported:
> 2019-07-24 13:02:51 #53210(controller) <c67a6c>; monitored;
> rspamd_monitored_dns_cb: DNS reply returned 'no error' for
> <my-key>.zrd.dq.spamhaus.net while 'no records with this name' was
> expected when querying for '<my-key>.zrd.dq.spamhaus.net'(likely
> DNS spoofing or BL internal issues)

If I'm interpreting this correctly this is generated from rbl.conf, and 
could happen because some bots use "" as HELO, in rbl.conf 
there is "helo = true", and I believe this checks all HELOs in the 
received chain. It could also happen if there are broken MUAs or other 
application that use IPs as HELO strings.

Anyway, I pushed an expansion on DBL and ZRD rules that include the 
error return code ( , that should somehow "fix" it, in the 
sense that you'll probably find some hits on rules 
that because the weight is 0.

If you keep finding that then I believe we need to understand what rule 
triggers them and maybe ask a developer for some advice

Best regards,
Riccardo Alfieri

Spamhaus Technology

More information about the Users mailing list