[Rspamd-Users] RSPAMD_URIBL question
Arno Welzel
privat at arnowelzel.de
Tue Jun 23 19:25:45 UTC 2020
Lauri Anteploon via Users:
>
> On 2020-06-12 19:47, Arno Welzel wrote:
>> Lauri Anteploon via Users:
>>
>>> One of the e-mails got RSPAMD_URIBL(4.50){planfix.ru:dkim;}
>> Which translates to:
>>
>> The sender of the e-mail was found in in the blacklist "planfix.ru".
> You are saying RSpamD checked the e-mail againsta a blacklist on planfix.ru?
Or against a meta list which also includes result from planfix.ru.
> This makes everything even more confusing.
> I have configured such blacklist. I was under the impression that the
> "planfix.ru" in that TAG or message is the subject of the score. I. e.
> the domain name that got extracted from e-mail contents or headers.
Maybe this service makes it more clear - there you can enter a hostname
or IP adress and check, if it is listed somewhere as a known spam source:
<http://multirbl.valli.org/lookup/>
For example, one of my servers:
<http://multirbl.valli.org/lookup/5.252.227.81.html>
> Are you sure about in saying that my Rrspamd is using a blacklist hosted
> on planfix.ru? This would be somewhat worrying, because I don't have
> anything mentioning "planfix.ru" in the Rspamd configuration files.
See above.
>
>>> I read the documentation https://rspamd.com/doc/modules/rbl.html and I
>>> am sorry to say, but I don't understand what does it mean.
>> "The RBL module provides support for checking various messages elements,
>> such as senders IP addresses, URLs, Emails, Received headers chains,
>> SMTP data (such as HELO domain) and so on, against the set of Runtime
>> Black Lists (RBL) usually provided by means of dedicated DNS zones."
>>
>> What exaclty don't you understand?
> For instance what does the ":dkim" in the TAG string mean.
> As in what sort of check was performed.
Ah - ok. I don't know exactly either. But I assume this means, DKIM was
checked as well. If there is no DKIM signature in the header but the
sender domain hast a DKIM key this might also be considered als spam.
JFTR: I'm also just a user of rspamd.
More information about the Users
mailing list