[Rspamd-Users] RBL module, default_received and default_from

Vsevolod Stakhov vsevolod at rspamd.com
Mon Feb 24 15:18:46 UTC 2020


On 24/02/2020 14:20, Riccardo Alfieri wrote:
> Hi,
> 
> the default configuration in rbl.conf is the following:
> 
> ---
> rbl {
>   default_from = true;
>   default_received = false;
> ...
>     spamhaus {
>       symbol = "SPAMHAUS"; # Augmented by prefixes
>       rbl = "zen.spamhaus.org";
>       ipv6 = true;
>       received = true;
>       from = true;
> ...
> ---
> 
> As far as I understood, this means that by default, all the IPs in the
> received chain are tested.
> 
> I then added in my local.d/rbl.conf the following config:
> 
> ---
> rbls {
>     spamhaus {
>         from = false;
>     }
>     spamhaus_from {
>         from = true;
>         received = false;
>         returncodes {
>           SPAMHAUS_ZEN = [ "127.0.0.2", "127.0.0.3", "127.0.0.4",
> "127.0.0.5", "127.0.0.6", "127.0.0.7", "127.0.0.9", "127.0.0.10",
> "127.0.0.11" ];
>         }
> ...
> ---
> 
> I was hoping that, by doing that, the "spamhaus_from" section would
> *only* check the connecting IP, while the "spamhaus" one would check the
> received chain *except* the connecting IP. Unfortunately this is not
> happening. In cases of direct-to-mx bots, I see both rules appearing in
> the logs:
> 
> 2020-02-24 14:XX:XX #11691(normal) ... (default: T (reject):
> [23.49/15.00]
> [SPAMHAUS_ZEN(7.00){185.42.105.XX:from;},RECEIVED_SPAMHAUS_XBL(3.00){185.42.105.XX:received;}
> 
> 
> I think it would be more correct if only the SPAMHAUS_ZEN would have
> been triggered in this case, as there is no received chain to inspect.
> 
> Am I doing something wrong or is this expected behaviour?
> 

Received chain includes an implicit 'first received' that is formed from
the connection data (if not added by MTA like the vast majority of MTAs do).



More information about the Users mailing list