On Mon, Nov 18, 2024 at 05:21:12PM +0000, Nix wrote: > I'm not a high-volume site, a few thousand mails a day. If I'm blocked, > probably more or less everyone is being blocked. (Are the DNSBLs above
Yes, pretty much every non-paying customer is blocked... >From >https://knowledge.validity.com/s/articles/Accessing-Validity-reputation-data-through-DNS > : > Starting March 1, 2024, Validity will allow up to 10,000 requests to > anonymous users over a 30-day period. 10k requests per 30-day period is about 333 queries/day. Or less than 14 queries per hour. Not very much at all (and certainly at least order of magnitude less than your stated traffic). No amount of local DNS caching is going to fix limits *that low*. > (Are the DNSBLs above all run by the same entity now?) You mean RCVD_IN_VALIDITY_* ? Yes, I'd very much assume they're all run by Validity. > ... hm actually perhaps my checks of mail to a couple of high-volume > mailing lists are triggering it. I wonder if I can prevent those DNSBLs > from being consulted just for mail apparently to those lists? > > But, really... what on earth is going on in that message? > > Nov 14 00:00:03 loom warning: check: dns_block_rule > RCVD_IN_VALIDITY_RPBL_BLOCKED hit, creating > /etc/mail/spamassassin/helpers/.spamassassin/dnsblock_bl.score.senderscore.com > (This means DNSBL blocked you due to too many queries. Set all affected > rules score to 0, or use "dns_query_restriction deny > bl.score.senderscore.com" to disable queries) As it suggests, Set all affected rules score to 0, or use "dns_query_restriction deny bl.score.senderscore.com" to disable queries. (unless you intend to become their paying cusomer, or heavily customize your ruleset to only query them on very small subset of messages to stay under those limits) > So there's a mention of a file under > /etc/mail/spamassassin/helpers/.spamassassin/, but that directory is > empty (writable only by root, but spamd is running as root). Is this > just a misfire because it's trying to write after dropping privileges or > something? Probably. You could strace(1) it to see if and why it is failing to create a file. Your spamd is probably (hopefully!) dropping permissions to some user before doing all those zillions of checks, so it should be writeable by that user. -- Opinions above are GNU-copylefted.
