[Rspamd-Users] Spamhaus Technology contributions to Rspamd ruleset
Vsevolod Stakhov
vsevolod at rspamd.com
Thu Jul 25 14:24:49 UTC 2019
On 25/07/2019 08:48, Tim Harman via Users wrote:
> On 25/07/2019 6:41 pm, Riccardo Alfieri wrote:
>> On 25/07/19 01:18, Tim Harman via Users wrote:
>>
>>>
>>> Actually, what I *think* is happening is to do with rspamd's
>>> monitoring of RBLs to ensure they're still valid/working.
>>>
>>> from: https://rspamd.com/doc/modules/rbl.html
>>>
>> Nice find! I didn't know about that.
>>
>> If this is the case then you should see the same error also on plain
>> Rspamd installation, as DBL actively answer 127.0.1.255 whenever you
>> query an IP address:
>>
>> $ host 1.0.0.127.dbl.spamhaus.org
>> 1.0.0.127.dbl.spamhaus.org has address 127.0.1.255
>>
>> Can you confirm that setting monitored_address = false makes the
>> errors stop showing in the log?
>
> I'm a newbie. Please prefix everything below with "I think"
>
> The rbl.conf (rbl module) in rspamd only checks IP addresses.
> The surbl.conf (surbl module) in rspamd only checks domains.
>
> The reason you don't see the same error in a default rspamd install is
> that the spamhaus dbl is only configured in surbl.conf, not rbl.conf.
> All surbl checks use facebook.com by default as their test:
>
> -!- rspamd/local.d » drill facebook.com.<secret>.dbl.dq.spamhaus.net
> ;; ->>HEADER<<- opcode: QUERY, rcode: NXDOMAIN, id: 51620
>
> If you look at modules.d/rbl.conf (the default rspamd config) you'll see
> that the only spamhaus RBL checked is Zen.
> With your new config, you're querying the spamhaus dbl using the rbl
> module (i.e always checking IP's against it:
> x.x.x.x.<secret>.dbl.dq.spamhaus.net
> Is that even what you want to be doing? rbl.conf is *only* going to
> check IP's, not domain names.
>
> If you want to be checking domain names, maybe the spamhaus_dbl /
> dbl.dq.spamhaus.net config should be in the surbl config file, not in
> rbl.conf?
>
> I don't know the dbl well enough to know if it supports querying IP's
> against it, but it seems like maybe it's the wrong thing to be doing here.
>
> Again, I am quite a newbie at all this, so please take anything I say as
> "maybe correct, maybe totally wrong"!!
>
> Tim
The problem could be solved by either setting a correct monitored
address (e.g. `facebook.com`) or by adding `disable_monitoring = true`
to the rbl plugin rule.
More information about the Users
mailing list