On 14 Nov 2024, Mark London uttered the following: > FWIW, Today I discovered that RCVD_IN_VALIDITY_CERTIFIED, > RCVD_IN_VALIDITY_RPBL, and RCVD_IN_VALIDITY_SAFE, were being triggered for > every email that our server received. I do not use a public DNS server. I > disabled all of them. Strange. - Mark
I'm seeing this too. I'm not a high-volume site, yet... Nov 14 00:00:03 loom warning: check: dns_block_rule RCVD_IN_VALIDITY_RPBL_BLOCKED hit, creating /etc/mail/spamassassin/helpers/.spamassassin/dnsblock_bl.score.senderscore.com (This means DNSBL blocked you due to too many queries. Set all affected rules score to 0, or use "dns_query_restriction deny bl.score.senderscore.com" to disable queries) Nov 14 00:00:03 loom warning: check: dns_block_rule RCVD_IN_VALIDITY_SAFE_BLOCKED hit, creating /etc/mail/spamassassin/helpers/.spamassassin/dnsblock_sa-accredit.habeas.com (This means DNSBL blocked you due to too many queries. Set all affected rules score to 0, or use "dns_query_restriction deny sa-accredit.habeas.com" to disable queries) Nov 14 00:00:03 loom warning: check: dns_block_rule RCVD_IN_VALIDITY_CERTIFIED_BLOCKED hit, creating /etc/mail/spamassassin/helpers/.spamassassin/dnsblock_sa-trusted.bondedsender.org (This means DNSBL blocked you due to too many queries. Set all affected rules score to 0, or use "dns_query_restriction deny sa-trusted.bondedsender.org" to disable queries) Nov 14 00:00:26 loom warning: check: dns_block_rule RCVD_IN_VALIDITY_CERTIFIED_BLOCKED hit, creating /etc/mail/spamassassin/helpers/.spamassassin/dnsblock_sa-trusted.bondedsender.org (This means DNSBL blocked you due to too many queries. Set all affected rules score to 0, or use "dns_query_restriction deny sa-trusted.bondedsender.org" to disable queries) Nov 14 00:00:26 loom warning: check: dns_block_rule RCVD_IN_VALIDITY_SAFE_BLOCKED hit, creating /etc/mail/spamassassin/helpers/.spamassassin/dnsblock_sa-accredit.habeas.com (This means DNSBL blocked you due to too many queries. Set all affected rules score to 0, or use "dns_query_restriction deny sa-accredit.habeas.com" to disable queries) I'm not a high-volume site, a few thousand mails a day. If I'm blocked, probably more or less everyone is being blocked. (Are the DNSBLs above all run by the same entity now?) ... hm actually perhaps my checks of mail to a couple of high-volume mailing lists are triggering it. I wonder if I can prevent those DNSBLs from being consulted just for mail apparently to those lists? But, really... what on earth is going on in that message? Nov 14 00:00:03 loom warning: check: dns_block_rule RCVD_IN_VALIDITY_RPBL_BLOCKED hit, creating /etc/mail/spamassassin/helpers/.spamassassin/dnsblock_bl.score.senderscore.com (This means DNSBL blocked you due to too many queries. Set all affected rules score to 0, or use "dns_query_restriction deny bl.score.senderscore.com" to disable queries) So there's a mention of a file under /etc/mail/spamassassin/helpers/.spamassassin/, but that directory is empty (writable only by root, but spamd is running as root). Is this just a misfire because it's trying to write after dropping privileges or something? -- NULL && (void)
