Re: Lots of FN because of VALIDITY* rules

Mon, 03 Jun 2024 03:02:17 -0700 

On 03.06.24 07:26, postgarage Graz IT wrote:
A few days ago a lot of false negatives landed in our inboxes. As it turned out the reason was that the for nearly all mails the RCVD_IN_VALIDITY_CERTIFIED and RCVD_IN_VALIDITY_SAFE rules matched. 


I now know that validity introduced a query limit which we hit, 
because I have to admit, I wasn't aware that I shouldn't use public 
DNS resolvers for blacklists


I'd say you should not use public DNS resolvers with mailserver.


and therefore we got "Excessive Number of 
Queries" answers. I also found this patch 
https://bz.apache.org/SpamAssassin/show_bug.cgi?id=8244 which 
introduces new rules addressing the query limit.


my current rules show that all RCVD_IN_VALIDITY_* rules check for blocked.


Those *BLOCKED rules where never applied because our spamassassin 
received an updated rule-set which was saved to 
/var/lib/spamassassin/4.000000/updates_spamassassin_org/ but never 
received an update for the active.list file located in 
/usr/share/spamassassin/



After I manually added the changes from the above mentioned patch to 
the active.list file it started to work.


Now for my questions:

*) as is stated in active.list it should not be edited. What's the 
correct place to add the new rules to activate them? local.cf?


you can use dns_query_restriction to restrict which DNS lists to query.


further, you can tune uridnsbl_skip_domain to avoid lookups for domains in 
URI* lists.



*) If I understand it correctly

/var/lib/spamassassin/4.000000/updates_spamassassin_org/ is updated by 
the SA update mechanism but it's the Linux distribution's 
responsibility to update /var/lib/spamassassin? In that case should I 
fill a Debian bug? Or should the SA updates also include the file 
active.list?



reload spamd or amavis, the rules in /var/lib/spamassassin/ are used by 
default.



Maybe you need to enable cron job by setting CRON=1 in 
/etc/default/spamassassin and it will happen automatically.


...I have no idea how active.list works.


--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety. -- Benjamin Franklin, 1759






















					Reply via email to