Rspamd plugin for Spamhaus DQS

Accessing public Spamhaus DNS Blocklists (DNSBLs) is subject to a **fair-use policy** [^1] and may not work from certain networks (i.e. Hetzner [^2]).

Spamhaus’ Data Query Service (DQS) is the alternative protocol, implemented with an Rspamd 3.x plugin [^3], that provides similar functionality with better performance, and requires a registered token.

[^1]: https://www.spamhaus.org/organization/dnsblusage/
[^2]: https://www.spamhaus.org/resource-hub/email-security/query-the-legacy-dnsbls-via-hetzner
[^3]: https://github.com/spamhaus/rspamd-dqs?tab=readme-ov-file#installation-instructions

**Proposed solution**

- Integrate Spamhaus DQS plugin for Rspamd, as alternative to DNSBL protocol.
- Document how to configure and permanently enable the DQS plugin.
- Evaluate future integration in cluster-admin UI.

**Alternative solutions**

Migrate mail servers to another network provider.

**Additional context**

If a mail server IP address does not comply with Spamhaus' fair-use policy, the following symbols can be added by Rspamd — https://github.com/rspamd/rspamd/issues/3074:

- DBL_BLOCKED_OPENRESOLVER
- RBL_SPAMHAUS_BLOCKED_OPENRESOLVER
- RECEIVED_SPAMHAUS_BLOCKED_OPENRESOLVER
- DBL_BLOCKED
- RBL_SPAMHAUS_BLOCKED
- RECEIVED_SPAMHAUS_BLOCKED


**See also**

- https://community.nethserver.org/t/rspamd-dbl-checks-disabled-because-of-the-use-of-an-open-dns/26723
- Discussion https://mattermost.nethesis.it/nethesis/pl/kbt9im5p4jfo8pi8qf1rxqtcba

----

Thanks to [Matthieu Gaillet](https://community.nethserver.org/u/pagaille)


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Rspamd plugin for Spamhaus DQS #7801

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Rspamd plugin for Spamhaus DQS #7801

Description

Footnotes

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions