Hi Noel, With upstream RBLs and postscreen, unbound setup for caching resolution, etc., once SA is invoked on my system it is scanning real mail which is going to be delivered, at which point out-of-the-box-spamassassin does 3 x lookups to lists which appear to count against the Validity limits. 10,000 in 30 days at 3 per email scanned by SA = 111 sets of lookups in a day, or < 5 per hour. Unless I'm misunderstanding 20_dnsbl_tests.cf: # --------------------------------------------------------------------------- # Validity (née Return Path, SenderScore) reputation DNSBLs # https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6247 # Certified: # https://www.validity.com/resource-center/fact-sheet-certification/ # (replaces RCVD_IN_BSP_TRUSTED, RCVD_IN_BSP_OTHER, RCVD_IN_SSC_TRUSTED_COI) header RCVD_IN_VALIDITY_CERTIFIED eval:check_rbl_txt('ssc-firsttrusted', 'sa-trusted.bondedsender.org.') describe RCVD_IN_VALIDITY_CERTIFIED Sender in Validity Certification - Contact certificat...@validity.com tflags RCVD_IN_VALIDITY_CERTIFIED net nice publish reuse RCVD_IN_VALIDITY_CERTIFIED # Safe: # https://www.validity.com/resource-center/fact-sheet-certification/ # (replaces HABEAS_ACCREDITED_COI, HABEAS_ACCREDITED_SOI, HABEAS_CHECKED) header RCVD_IN_VALIDITY_SAFE eval:check_rbl_txt('ssc-firsttrusted','sa-accredit.habeas.com.') describe RCVD_IN_VALIDITY_SAFE Sender in Validity Safe - Contact certificat...@validity.com tflags RCVD_IN_VALIDITY_SAFE net nice publish reuse RCVD_IN_VALIDITY_SAFE # Validity RPBL (née Return Path Reputation Network Blacklist - RNBL): # https://www.senderscore.org/blocklistlookup/ header RCVD_IN_VALIDITY_RPBL eval:check_rbl('rnbl-lastexternal','bl.score.senderscore.com.') describe RCVD_IN_VALIDITY_RPBL Relay in Validity RPBL, https://senderscore.org/blocklistlookup/ tflags RCVD_IN_VALIDITY_RPBL net publish reuse RCVD_IN_VALIDITY_RPBL Re your comment: “10K is enough for a home business or small office, and if it's not, they need to configure their network correctly so SA only processes only what the MTA passes” - I beg to differ :) I'm certainly not a reselling service - I do email for 6x family members only, my email chain is configured to that SA is only invoked for final scanning on actual mail to be delivered, and with an average 240 valid inbound emails a day hitting SA I am exceeding the free threshold about 2.5 times over. Simon
On Saturday, April 05, 2025 13:18 AEST, Noel Butler <noel.but...@ausics.net> wrote: On 05/04/2025 01:25, Andrew Fragias via users wrote: Firstly, I wanted to point out that the free service will not be changing and we will be allowing 10,000 Queries within a rolling 30 day window, what will be changing is all those that are excessively exceeding that volume will no longer be able to This wont bother us as we disable all BL's/whitelist/reputation style services in SA (we'd hit 10K in an hour anyway) and have postfix alone make these decisions by a select few RBL's, most of which we have local databases for. 10K queries a month sounds a lot, but is only 13 requests an hour. I certainly hope nobody has you in their MTA. But using SA, a small office or home business would get away with this, especially if they use standard RBL's where they should be used - upfront in postfix, sendmail, etc, blocking the crap, so SA wont be doing probe lookups slurping up your query limits faster than a kid flying down a water slide in middle of summer, it'll be doing requests for actual messages. I think that's really what small free tiers are targeted towards, not for those reselling services, so I think 10K is enough for a home business or small office, and if it's not, they need to configure their network correctly so SA only processes only what the MTA passes. -- Regards, Noel Butler -- Simon Wilson M: 0400 121 116
