vstakhov
commented
2 years ago I have updated the documentation to the actual state, thank you!
Open okapia opened 2 years ago
vstakhov
commented
2 years ago I have updated the documentation to the actual state, thank you!
slavkoja
commented
2 years ago Except, that it doesn't work as described, i have two (beside others) domain RBL defined:
spamhaus_zrd {
rbl = "<mykey>.zrd.dq.spamhaus.net";
no_ip = true;
checks = ["helo", "rdns" ]
}
ZRD {
rbl = "<mykey>.zrd.dq.spamhaus.net";
ignore_defaults = true;
no_ip = true;
checks = ["emails", "replyto", "urls", "dkim"]
emails_domainonly = true;
}(return codes excluded) Thus both have set no_ip, but monitoring tells:
2022-01-15 11:19:16 #22854(controller) <hi7upk>; monitored; \
rspamd_monitored_dns_cb: DNS reply returned 'no error' for <mykey>.dbl.dq.spamhaus.net \
while 'no records with this name' was expected when querying for \
'1.0.0.127.<mykey>.dbl.dq.spamhaus.net'(likely DNS spoofing or BL internal issues)As you can see, the IP is checked, not random string, or something extra is needed to setup?
slavkoja
commented
2 years ago Seems, that mentioned check is triggered by the spamhaus_zrd rule, as disabling monitoring for it helps.
vstakhov
commented
2 years ago Yes, exactly. The first rule does not imply random checks according to both the docs and the current implementation. Presumably, I should improve the logic for that as well.
slavkoja
commented
2 years ago IMO, simplest can be opposite check, if RBL has from or received checks (IMO no_ip implies all to false), return false for random, i.e. use 127.0.0.1 for checks...
As here are composite RBLs able to check both IP & domains, using static string for checks can simplify things...
okapia
commented
2 years ago That looks clearer in the updated documentation, thanks!
In the updated example, indentation on closing braces doesn't match indentation on their corresponding opening lines but the intent is clear enough.
In the documentation for the RBL module, it mentions that
monitored_domaincan be set to "INVALID". My attempts to probe what effect this has exactly didn't get very far so I had to search for it in the rspamd sources. The only match in a recursive grep is in an old ChangeLog entry. Probing git sources implies that the last reference was removed when the C version of the module was removed - I guess that was deprecated in favour of a lua module.If I am correct in my conclusion that this feature has been removed, could it perhaps also be removed from the documentation.
Otherwise, it isn't entirely clear to me whether this was doing a RBL query for the literal domain "INVALID" or whether that value has a specific meaning. And what this would mean where queries for an IP are expected. The initial reason, I looked into this is that I was informed that a system I maintain was doing queries for
127.0.0.1which was assumed to be a configuration mistake. I suspect the actual cause was this monitoring but was unsure whether the best course of action was to setdisable_monitoring = trueor to setmonitored_domain. The documentation could provide more clue as to what effect this "monitoring" has. If the query fails, does it just log something or does it disable that block list, either for a set period or until rspamd is restarted? And with what regularity is the monitoring performed?