[Rspamd-Users] Spamhaus Technology contributions to Rspamd ruleset

Tim Harman tim at muppetz.com
Thu Jul 25 07:48:09 UTC 2019

On 25/07/2019 6:41 pm, Riccardo Alfieri wrote:
> On 25/07/19 01:18, Tim Harman via Users wrote:
>> Actually, what I *think* is happening is to do with rspamd's 
>> monitoring of RBLs to ensure they're still valid/working.
>> from: https://rspamd.com/doc/modules/rbl.html
> Nice find! I didn't know about that.
> If this is the case then you should see the same error also on plain
> Rspamd installation, as DBL actively answer whenever you
> query an IP address:
> $ host
> has address
> Can you confirm that setting monitored_address = false makes the
> errors stop showing in the log?

I'm a newbie. Please prefix everything below with "I think"

The rbl.conf (rbl module) in rspamd only checks IP addresses.
The surbl.conf (surbl module) in rspamd only checks domains.

The reason you don't see the same error in a default rspamd install is 
that the spamhaus dbl is only configured in surbl.conf, not rbl.conf.  
All surbl checks use facebook.com by default as their test:

-!- rspamd/local.d » drill facebook.com.<secret>.dbl.dq.spamhaus.net
;; ->>HEADER<<- opcode: QUERY, rcode: NXDOMAIN, id: 51620

If you look at modules.d/rbl.conf (the default rspamd config) you'll see 
that the only spamhaus RBL checked is Zen.
With your new config, you're querying the spamhaus dbl using the rbl 
module (i.e always checking IP's against it: 
Is that even what you want to be doing?  rbl.conf is *only* going to 
check IP's, not domain names.

If you want to be checking domain names, maybe the spamhaus_dbl / 
dbl.dq.spamhaus.net config should be in the surbl config file, not in 

I don't know the dbl well enough to know if it supports querying IP's 
against it, but it seems like maybe it's the wrong thing to be doing 

Again, I am quite a newbie at all this, so please take anything I say as 
"maybe correct, maybe totally wrong"!!


More information about the Users mailing list