Thanks for your answer Harald. Regarding "there is no such configuration option in SpamAssassin": The conf snipplet I posted below comes from the repository, however it's an older version, which still is supported by Ubuntu 20.04.06 LTS and can be installed from their related archive (at least my rules where last updated in March 23). https://github.com/apache/spamassassin/blob/spamassassin_release_3_4_4/trunk-only/rules/20_dnsbl_tests.cf (the same is used up to 3.4.6) I should have written I'm on an older Ubuntu, might have helped to avoid confusion.
Regarding the SpamAssassin 4.x rules - are they backward compatible to 3.4.4? Thanks a lot Mark -----Ursprüngliche Nachricht----- Von: Reindl Harald (privat) [mailto:ha...@rhsoft.net] Gesendet: Donnerstag, 6. Juni 2024 16:29 An: hostmas...@audiogen.ch; users@spamassassin.apache.org Betreff: Re: RCVD_IN_RP_CERTIFIED always -3 "RCVD_IN_RP_CERTIFIED" don't exist anywhere and the stuff which exsists is correctly using response-codes the nonsense below would also trigger with 127.255.255.255 responses which indicates you are using a shared DNS - complain to the individual which was writing blacklist/whitelist rules without response codes - that don't happen in any official rules because it's plain wrong header RCVD_IN_VALIDITY_CERTIFIED eval:check_rbl('ssc-firsttrusted', 'sa-trusted.bondedsender.org.', '^127\.0\.0\.') describe RCVD_IN_VALIDITY_CERTIFIED Sender in Validity Certification - Contact certificat...@validity.com tflags RCVD_IN_VALIDITY_CERTIFIED net nice publish reuse RCVD_IN_VALIDITY_CERTIFIED RCVD_IN_RP_CERTIFIED header RCVD_IN_VALIDITY_CERTIFIED_BLOCKED eval:check_rbl('ssc-firsttrusted', 'sa-trusted.bondedsender.org.', '127.255.255.255') describe RCVD_IN_VALIDITY_CERTIFIED_BLOCKED ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. tflags RCVD_IN_VALIDITY_CERTIFIED_BLOCKED net publish reuse RCVD_IN_VALIDITY_CERTIFIED_BLOCKED RCVD_IN_VALIDITY_CERTIFIED_BLOCKED Am 06.06.24 um 14:13 schrieb hostmas...@audiogen.ch: > Every email postfix receives gets a RCVD_IN_RP_CERTIFIED=-3 score. This > leads to SPAM passing the filter. > > My findings so far > > From what I think I understood, RCVD_IN_RP_CERTIFIED checks against a > list of “trusted” servers, which are considered to not send SPAM. The > list is maintained by “Return Path” (Validity). I found the related > configuration in 20_dnsbl_tests.cf: > > /# > ---------------------------------------------------------------------------/ > > /# Return Path Certified:/ > > /# https://www.returnpath.net/internetserviceprovider/certification// > > /# (replaces RCVD_IN_BSP_TRUSTED, RCVD_IN_BSP_OTHER, > RCVD_IN_SSC_TRUSTED_COI)/ > > /header RCVD_IN_RP_CERTIFIED eval:check_rbl_txt('ssc-firsttrusted', > 'sa-trusted.bondedsender.org.')/ > > /describe RCVD_IN_RP_CERTIFIED Sender in ReturnPath Certified - > Contact cert...@returnpath.net/ > > /tflags RCVD_IN_RP_CERTIFIED net nice/ > > /reuse RCVD_IN_RP_CERTIFIED/ > > It seems Returnpath/Validity have gone out of service - is this > correct? Neither the URL above is working nor can I resolve > sa-trusted.bondedsender.org. Even worse, sa-trusted.bondedsender.org is > blacklisted by UCEPROTECTL3. > > If RP is dead, is there an alternative? Or am I missing something here?
