Since two months X-Spamd-Result often contains RBL_SPAMHAUS_BLOCKED_OPENRESOLVER or DBL_BLOCKED_OPENRESOLVER. This should only occur when using an open resolver, which shouldn’t be the case with the unbound container. For investigating I did manual dns requests:
dig 1.2.3.4.zen.spamhaus.org @b.gns.spamhaus.org. returns 127.255.255.254, but issuing the same query with -4 returns NXDOMAIN. So it seems to be an issue with ipv6. PTR records are correctly set for ipv4 and ipv6.
Executing curl https://asn-check.mailcow.email with -4 and -6 returns “AS is not blocked” in both cases. I’m running mailcow on a Hetzner cloud instance.
I’ve added prefer-ip4: yes to unbound.conf (and cleared unbound cache), which seem to work better, but I’m still seeing open resolver tags.
I’ve also tried to use DQS. It works, but then rspamd also tries to access hash blocklist (hbl), which results in an error, because I don’t have a commercial subscription. Is there any way to disable hbl usage in a local rspamd config without the need to overwrite data/Dockerfiles/rspamd/docker-entrypoint.sh and build a new image?