[Rspamd-Users] Spamhaus Technology contributions to Rspamd ruleset
Tim Harman
tim at muppetz.com
Thu Jul 25 07:48:09 UTC 2019
On 25/07/2019 6:41 pm, Riccardo Alfieri wrote:
> On 25/07/19 01:18, Tim Harman via Users wrote:
>
>>
>> Actually, what I *think* is happening is to do with rspamd's
>> monitoring of RBLs to ensure they're still valid/working.
>>
>> from: https://rspamd.com/doc/modules/rbl.html
>>
> Nice find! I didn't know about that.
>
> If this is the case then you should see the same error also on plain
> Rspamd installation, as DBL actively answer 127.0.1.255 whenever you
> query an IP address:
>
> $ host 1.0.0.127.dbl.spamhaus.org
> 1.0.0.127.dbl.spamhaus.org has address 127.0.1.255
>
> Can you confirm that setting monitored_address = false makes the
> errors stop showing in the log?
I'm a newbie. Please prefix everything below with "I think"
The rbl.conf (rbl module) in rspamd only checks IP addresses.
The surbl.conf (surbl module) in rspamd only checks domains.
The reason you don't see the same error in a default rspamd install is
that the spamhaus dbl is only configured in surbl.conf, not rbl.conf.
All surbl checks use facebook.com by default as their test:
-!- rspamd/local.d » drill facebook.com.<secret>.dbl.dq.spamhaus.net
;; ->>HEADER<<- opcode: QUERY, rcode: NXDOMAIN, id: 51620
If you look at modules.d/rbl.conf (the default rspamd config) you'll see
that the only spamhaus RBL checked is Zen.
With your new config, you're querying the spamhaus dbl using the rbl
module (i.e always checking IP's against it:
x.x.x.x.<secret>.dbl.dq.spamhaus.net
Is that even what you want to be doing? rbl.conf is *only* going to
check IP's, not domain names.
If you want to be checking domain names, maybe the spamhaus_dbl /
dbl.dq.spamhaus.net config should be in the surbl config file, not in
rbl.conf?
I don't know the dbl well enough to know if it supports querying IP's
against it, but it seems like maybe it's the wrong thing to be doing
here.
Again, I am quite a newbie at all this, so please take anything I say as
"maybe correct, maybe totally wrong"!!
Tim
More information about the Users
mailing list