[Rspamd-Users] RBL module, default_received and default_from
Riccardo Alfieri
riccardo.alfieri at spamteq.com
Mon Feb 24 14:20:48 UTC 2020
Hi,
the default configuration in rbl.conf is the following:
---
rbl {
default_from = true;
default_received = false;
...
spamhaus {
symbol = "SPAMHAUS"; # Augmented by prefixes
rbl = "zen.spamhaus.org";
ipv6 = true;
received = true;
from = true;
...
---
As far as I understood, this means that by default, all the IPs in the
received chain are tested.
I then added in my local.d/rbl.conf the following config:
---
rbls {
spamhaus {
from = false;
}
spamhaus_from {
from = true;
received = false;
returncodes {
SPAMHAUS_ZEN = [ "127.0.0.2", "127.0.0.3", "127.0.0.4",
"127.0.0.5", "127.0.0.6", "127.0.0.7", "127.0.0.9", "127.0.0.10",
"127.0.0.11" ];
}
...
---
I was hoping that, by doing that, the "spamhaus_from" section would
*only* check the connecting IP, while the "spamhaus" one would check the
received chain *except* the connecting IP. Unfortunately this is not
happening. In cases of direct-to-mx bots, I see both rules appearing in
the logs:
2020-02-24 14:XX:XX #11691(normal) ... (default: T (reject):
[23.49/15.00]
[SPAMHAUS_ZEN(7.00){185.42.105.XX:from;},RECEIVED_SPAMHAUS_XBL(3.00){185.42.105.XX:received;}
I think it would be more correct if only the SPAMHAUS_ZEN would have
been triggered in this case, as there is no received chain to inspect.
Am I doing something wrong or is this expected behaviour?
Thanks
--
Best regards,
Riccardo Alfieri
Spamhaus Technology
https://www.spamhaustech.com/
More information about the Users
mailing list