The RBL's check the referring DNS Server. if you use someone like
OpenDNS or GoogleDNS, as many others do then, as far as the RBL list is
concernet it is receiving too many queries via those DNS servers.
If you want to use these RBL's, it is recommended you run your own
recursive DNS server rather than use a public DNS server.
On 18/11/2024 17:21, Nix wrote:
On 14 Nov 2024, Mark London uttered the following:
FWIW, Today I discovered that RCVD_IN_VALIDITY_CERTIFIED,
RCVD_IN_VALIDITY_RPBL, and RCVD_IN_VALIDITY_SAFE, were being triggered for
every email that our server received. I do not use a public DNS server. I
disabled all of them. Strange. - Mark
I'm seeing this too. I'm not a high-volume site, yet...
Nov 14 00:00:03 loom warning: check: dns_block_rule RCVD_IN_VALIDITY_RPBL_BLOCKED hit,
creating /etc/mail/spamassassin/helpers/.spamassassin/dnsblock_bl.score.senderscore.com
(This means DNSBL blocked you due to too many queries. Set all affected rules score to 0,
or use "dns_query_restriction deny bl.score.senderscore.com" to disable queries)
Nov 14 00:00:03 loom warning: check: dns_block_rule RCVD_IN_VALIDITY_SAFE_BLOCKED hit,
creating /etc/mail/spamassassin/helpers/.spamassassin/dnsblock_sa-accredit.habeas.com
(This means DNSBL blocked you due to too many queries. Set all affected rules score to 0,
or use "dns_query_restriction deny sa-accredit.habeas.com" to disable queries)
Nov 14 00:00:03 loom warning: check: dns_block_rule RCVD_IN_VALIDITY_CERTIFIED_BLOCKED
hit, creating
/etc/mail/spamassassin/helpers/.spamassassin/dnsblock_sa-trusted.bondedsender.org (This
means DNSBL blocked you due to too many queries. Set all affected rules score to 0, or
use "dns_query_restriction deny sa-trusted.bondedsender.org" to disable queries)
Nov 14 00:00:26 loom warning: check: dns_block_rule RCVD_IN_VALIDITY_CERTIFIED_BLOCKED
hit, creating
/etc/mail/spamassassin/helpers/.spamassassin/dnsblock_sa-trusted.bondedsender.org (This
means DNSBL blocked you due to too many queries. Set all affected rules score to 0, or
use "dns_query_restriction deny sa-trusted.bondedsender.org" to disable queries)
Nov 14 00:00:26 loom warning: check: dns_block_rule RCVD_IN_VALIDITY_SAFE_BLOCKED hit,
creating /etc/mail/spamassassin/helpers/.spamassassin/dnsblock_sa-accredit.habeas.com
(This means DNSBL blocked you due to too many queries. Set all affected rules score to 0,
or use "dns_query_restriction deny sa-accredit.habeas.com" to disable queries)
I'm not a high-volume site, a few thousand mails a day. If I'm blocked,
probably more or less everyone is being blocked. (Are the DNSBLs above
all run by the same entity now?)
... hm actually perhaps my checks of mail to a couple of high-volume
mailing lists are triggering it. I wonder if I can prevent those DNSBLs
from being consulted just for mail apparently to those lists?
But, really... what on earth is going on in that message?
Nov 14 00:00:03 loom warning: check: dns_block_rule RCVD_IN_VALIDITY_RPBL_BLOCKED hit,
creating /etc/mail/spamassassin/helpers/.spamassassin/dnsblock_bl.score.senderscore.com
(This means DNSBL blocked you due to too many queries. Set all affected rules score to 0,
or use "dns_query_restriction deny bl.score.senderscore.com" to disable queries)
So there's a mention of a file under
/etc/mail/spamassassin/helpers/.spamassassin/, but that directory is
empty (writable only by root, but spamd is running as root). Is this
just a misfire because it's trying to write after dropping privileges or
something?
