spamhaus / rspamd-dqs

Spamhaus code for RSPAMD Plugin. See https://docs.spamhaustech.com/40-real-world-usage/Rspamd/000-intro.html for instructions
Apache License 2.0
64 stars 12 forks source link

Query timeout #22

Closed shap4ever closed 1 year ago

shap4ever commented 1 year ago

Hi,

Rspamd v3.6 , I just used your script, The error code is always as below:

SPAMHAUS_ZRD_FAIL (0) [pbl-dqs.blt.spamhaus.net:query timed out]
SPAMHAUS_DBL_FULLURLS_FAIL (0) [xx.xx.com:query timed out,docs.spamhaus.com:query timed out,pbl-dqs.blt.spamhaus.net:query timed out,blt.spamhaus.com:query timed out]
ZRD_FAIL (0) [xx.com:query timed out,spamhaus.net:query timed out,xx.com:query timed out,spamhaus.com:query timed out]
SPAMHAUS_SBL_URL_FAIL (0) [spamhaus.net:query timed out,spamhaus.com:query timed out,xx.com:query timed out]

The hlbtest.sh result:

Your DQS key XXXXXX   is -=NOT=- enabled for HBL
Please *do not* copy sh_rbl_hbl.cf, sh_rbl_group_hbl.cf and rspamd.local.lua

already checked rbl.conf content, The Zen link is good also.

I tested the DQS key by removing from rspamd and adding directly in postfix main.cf, It is orking without any issue.

Any ideas?

ricalfieri commented 1 year ago

You made some errors somewhere:, ie: "pbl-dqs.blt.spamhaus.net" is not even a zone that exist.

shap4ever commented 1 year ago

Dear @ricalfieri tnx for rapid answer, The content of rbl.conf:

rbls {
    spamhaus {
        rbl = "xxxxxxx.zen.dq.spamhaus.net";
        from = false;
    }
    spamhaus_from {
        from = true;
        received = false;
        rbl = "xxxxxxx.zen.dq.spamhaus.net";
        returncodes {
          # Add a generig hit on ZEN. It's safe to tag as spam if the last untrusted relay is in this combined list
#          SPAMHAUS_ZEN_SBL = "127.0.0.2";
#          SPAMHAUS_ZEN_CSS = "127.0.0.3";
#          SPAMHAUS_ZEN_XBL = [ "127.0.0.4", "127.0.0.5", "127.0.0.6", "127.0.0.7" ];
#          SPAMHAUS_ZEN_PBL = [ "127.0.0.10", "127.0.0.11" ];
      SPAMHAUS_ZEN = [ "127.0.0.2", "127.0.0.3", "127.0.0.4", "127.0.0.5", "127.0.0.6", "127.0.0.7", "127.0.0.9", "127.0.0.10", "127.0.0.11" ];
        }
    }
    spamhaus_authbl_received {
        # Check if the sender client is listed in AuthBL (AuthBL is *not* part of ZEN)
        rbl = "xxxxxxx.authbl.dq.spamhaus.net";
        from = false;
        received = true;
        ipv6 = true;
        returncodes {
          SH_AUTHBL_RECEIVED = "127.0.0.20"
        }
    }
    spamhaus_dbl {
        # Add checks on the HELO string
        rbl = "xxxxxxx.dbl.dq.spamhaus.net";
        helo = true;
        rdns = true;
    dkim = true;
        disable_monitoring = true;
        returncodes {
            RBL_DBL_SPAM = "127.0.1.2";
            RBL_DBL_PHISH = "127.0.1.4";
            RBL_DBL_MALWARE = "127.0.1.5";
            RBL_DBL_BOTNET = "127.0.1.6";
            RBL_DBL_ABUSED_SPAM = "127.0.1.102";
            RBL_DBL_ABUSED_PHISH = "127.0.1.104";
            RBL_DBL_ABUSED_MALWARE = "127.0.1.105";
            RBL_DBL_ABUSED_BOTNET = "127.0.1.106";
            RBL_DBL_DONT_QUERY_IPS = "127.0.1.255";
        }
    }
    spamhaus_dbl_fullurls {
    ignore_defaults = true;
    no_ip = true;
    rbl = "xxxxxxx.dbl.dq.spamhaus.net";
    selector = 'urls:get_host'
        disable_monitoring = true;
        returncodes {
            DBLABUSED_SPAM_FULLURLS = "127.0.1.102";
            DBLABUSED_PHISH_FULLURLS = "127.0.1.104";
            DBLABUSED_MALWARE_FULLURLS = "127.0.1.105";
            DBLABUSED_BOTNET_FULLURLS = "127.0.1.106";
        }
    }
    spamhaus_zrd {
        # Add checks on the HELO string also for DQS
        rbl = "xxxxxxx.zrd.dq.spamhaus.net";
        helo = true;
        rdns = true;
    dkim = true;
        disable_monitoring = true;
        returncodes {
            RBL_ZRD_VERY_FRESH_DOMAIN = "127.0.2.[2-4]+";
            RBL_ZRD_FRESH_DOMAIN = ["127.0.2.[5-9]+","127.0.2.1[0-9]+","127.0.2.2[0-4]+"];
            RBL_ZRD_DONT_QUERY_IPS = "127.0.2.255";
        }
    }
    "SPAMHAUS_ZEN_URIBL" {
      rbl = "xxxxxxx.zen.dq.spamhaus.net";
      resolve_ip = true;
      checks = ['urls'];
      replyto = true;
      emails = true;
      ipv4 = true;
      ipv6 = true;
      emails_domainonly = true;
      returncodes {
        URIBL_SBL = "127.0.0.2";
        URIBL_SBL_CSS = "127.0.0.3";
        URIBL_XBL = ["127.0.0.4", "127.0.0.5", "127.0.0.6", "127.0.0.7"];
        URIBL_PBL = ["127.0.0.10", "127.0.0.11"];
        URIBL_DROP = "127.0.0.9";
      }
    }
    SH_EMAIL_DBL {
       ignore_defaults = true;
       replyto = true;
       emails_domainonly = true;
       disable_monitoring = true;
       rbl = "xxxxxxx.dbl.dq.spamhaus.net"
       returncodes = {
         SH_EMAIL_DBL = [
           "127.0.1.2",
           "127.0.1.4",
           "127.0.1.5",
           "127.0.1.6"
         ];
         SH_EMAIL_DBL_ABUSED = [
           "127.0.1.102",
           "127.0.1.104",
           "127.0.1.105",
           "127.0.1.106"
         ];
         SH_EMAIL_DBL_DONT_QUERY_IPS = [ "127.0.1.255" ];
       }
    }
    SH_EMAIL_ZRD {
       ignore_defaults = true;
       replyto = true;
       emails_domainonly = true;
       disable_monitoring = true;
       rbl = "xxxxxxx.zrd.dq.spamhaus.net"
       returncodes = {
         SH_EMAIL_ZRD_VERY_FRESH_DOMAIN = [
           "127.0.2.[2-4]+"
         ];
         SH_EMAIL_ZRD_FRESH_DOMAIN = [
           "127.0.2.[5-9]+",
           "127.0.2.1[0-9]+",
           "127.0.2.2[0-4]+"
         ];
         SH_EMAIL_ZRD_DONT_QUERY_IPS = [ "127.0.2.255" ];
       }
   } 
   "DBL" {
      rbl = "xxxxxxx.dbl.dq.spamhaus.net";
      disable_monitoring = true;
   }
   "ZRD" {
      ignore_defaults = true;
      rbl = "xxxxxxx.zrd.dq.spamhaus.net";
      no_ip = true;
      dkim = true;
      emails = true;
      emails_domainonly = true;
      urls = true;
      returncodes = {
          ZRD_VERY_FRESH_DOMAIN = ["127.0.2.2", "127.0.2.3", "127.0.2.4"];
          ZRD_FRESH_DOMAIN = ["127.0.2.5", "127.0.2.6", "127.0.2.7", "127.0.2.8", "127.0.2.9", "127.0.2.10", "127.0.2.11", "127.0.2.12", "127.0.2.13", "127.0.2.14", "127.0.2.15", "127.0.2.16", "127.0.2.17", "127.0.2.18", "127.0.2.19", "127.0.2.20", "127.0.2.21", "127.0.2.22", "127.0.2.23", "127.0.2.24"];
      }
   }
   spamhaus_sbl_url {
    ignore_defaults = true
        rbl = "xxxxxxx.sbl.dq.spamhaus.net";
        checks = ['urls'];
        disable_monitoring = true;
        returncodes {
            SPAMHAUS_SBL_URL = "127.0.0.2";
        }
    }

.include(try=true,priority=5) "$LOCAL_CONFDIR/local.d/sh_rbl_hbl.conf"