[Rspamd-Users] RBLs for domain registrations in past 24 hours
Sophie Loewenthal
sophie at klunky.co.uk
Tue Apr 28 17:19:54 UTC 2020
> On 28 Apr 2020, at 19:11, Sophie Loewenthal <sophie at klunky.co.uk> wrote:
>
>
>> On 28 Apr 2020, at 18:55, Riccardo Alfieri <riccardo.alfieri at spamteq.com> wrote:
>>
>> On 28/04/20 18:46, Sophie Loewenthal wrote:
>>
>>> Hi Nihad,
>>>
>>> Ahh this was it. Thank-you.
>>> ZRD (Zero Reputation Domains) and AuthBL.
>>> How can this be configured into rspamd, or it is already in there?
>>>
>>> I already have this in /etc/rspamd/local.d/surbl.conf,
>>> "DBL" {
>>> suffix = "xxxREDATEDxxx.dbl.dq.spamhaus.net";
>>> noip = true;
>>> }
>>
>> Hi,
>>
>> ZRD is already included in the ruleset if you download the rules from our github repo: https://github.com/spamhaus/rspamd-dqs
>>
>> Specifically, in rbl.conf, section "spamhaus_zrd".
>>
>> You can tweak the return codes for more granularity if you want; more info at: https://docs.spamhaustech.com/10-data-type-documentation/datasets/030-datasets.html#zrd
>>
>> --
>> Best regards,
>> Riccardo Alfieri
>>
>> Spamhaus Technology
>> https://www.spamhaustech.com/
>
>
>
> Thanks. I misread the earlier reference to the git page.
>
> I've added the rbl.conf rbl_group.conf to my configuration.
>
> Restarting popped up this message in the logs:
>
> 2020-04-28 17:08:06 #6927(controller) <mhqofi>; monitored; rspamd_monitored_dns_cb: DNS reply returned 'no error' for REDACTED.zrd.dq.spamhaus.net while 'no records with this name' was expected when querying for '1.0.0.127.REDACTED.zrd.dq.spamhaus.net'(likely DNS spoofing or BL internal issues)
>
> Shall I worry about this message? What does it mean by "no error" and "likely DNS spoofing or BL internal issues"?
>
>
P.S I was pleased see that the message hit the RBL. Thanks for writing this Riccardo.
Symbol: ZRD_FRESH_DOMAIN (8.00)[sahjsj3dsgnsajsg.club:url, sahjsj3dsgdshf.website:dkim]
More information about the Users
mailing list