[Rspamd-Users] Spamhaus Technology contributions to Rspamd ruleset
Riccardo Alfieri
riccardo.alfieri at spamteq.com
Wed Jul 24 12:12:08 UTC 2019
On 24/07/19 13:44, Jeroen de Meijer wrote:
>
> Now seeing the samen messages in the log as Philip Paeps reported:
>
> 2019-07-24 13:02:51 #53210(controller) <c67a6c>; monitored;
> rspamd_monitored_dns_cb: DNS reply returned 'no error' for
> <my-key>.zrd.dq.spamhaus.net while 'no records with this name' was
> expected when querying for '1.0.0.127.<my-key>.zrd.dq.spamhaus.net'(likely
> DNS spoofing or BL internal issues)
If I'm interpreting this correctly this is generated from rbl.conf, and
could happen because some bots use "127.0.0.1" as HELO, in rbl.conf
there is "helo = true", and I believe this checks all HELOs in the
received chain. It could also happen if there are broken MUAs or other
application that use IPs as HELO strings.
Anyway, I pushed an expansion on DBL and ZRD rules that include the
error return code (127.0.1.255) , that should somehow "fix" it, in the
sense that you'll probably find some hits on rules
RBL_DBL_DONT_QUERY_IPS and RBL_ZRD_DONT_QUERY_IPS. Don't worry about
that because the weight is 0.
If you keep finding that then I believe we need to understand what rule
triggers them and maybe ask a developer for some advice
--
Best regards,
Riccardo Alfieri
Spamhaus Technology
https://www.spamhaustech.com/
More information about the Users
mailing list