[Rspamd-Users] Spamhaus Technology contributions to Rspamd ruleset

Vsevolod Stakhov vsevolod at rspamd.com
Thu Jul 25 14:24:49 UTC 2019

On 25/07/2019 08:48, Tim Harman via Users wrote:
> On 25/07/2019 6:41 pm, Riccardo Alfieri wrote:
>> On 25/07/19 01:18, Tim Harman via Users wrote:
>>> Actually, what I *think* is happening is to do with rspamd's
>>> monitoring of RBLs to ensure they're still valid/working.
>>> from: https://rspamd.com/doc/modules/rbl.html
>> Nice find! I didn't know about that.
>> If this is the case then you should see the same error also on plain
>> Rspamd installation, as DBL actively answer whenever you
>> query an IP address:
>> $ host
>> has address
>> Can you confirm that setting monitored_address = false makes the
>> errors stop showing in the log?
> I'm a newbie. Please prefix everything below with "I think"
> The rbl.conf (rbl module) in rspamd only checks IP addresses.
> The surbl.conf (surbl module) in rspamd only checks domains.
> The reason you don't see the same error in a default rspamd install is
> that the spamhaus dbl is only configured in surbl.conf, not rbl.conf. 
> All surbl checks use facebook.com by default as their test:
> -!- rspamd/local.d » drill facebook.com.<secret>.dbl.dq.spamhaus.net
> ;; ->>HEADER<<- opcode: QUERY, rcode: NXDOMAIN, id: 51620
> If you look at modules.d/rbl.conf (the default rspamd config) you'll see
> that the only spamhaus RBL checked is Zen.
> With your new config, you're querying the spamhaus dbl using the rbl
> module (i.e always checking IP's against it:
> x.x.x.x.<secret>.dbl.dq.spamhaus.net
> Is that even what you want to be doing?  rbl.conf is *only* going to
> check IP's, not domain names.
> If you want to be checking domain names, maybe the spamhaus_dbl /
> dbl.dq.spamhaus.net config should be in the surbl config file, not in
> rbl.conf?
> I don't know the dbl well enough to know if it supports querying IP's
> against it, but it seems like maybe it's the wrong thing to be doing here.
> Again, I am quite a newbie at all this, so please take anything I say as
> "maybe correct, maybe totally wrong"!!
> Tim

The problem could be solved by either setting a correct monitored
address (e.g. `facebook.com`) or by adding `disable_monitoring = true`
to the rbl plugin rule.

More information about the Users mailing list