Interesting! Thanks Greg. My results (about 1800 inbound emails across 6 days) show: * combination of postscreen and other upstream tests are catching true baddies enough that the VALIDITY_RPBL does not catch any for me * VALIDITY_SAFE and VALIDITY_CERTIFIED hit on about 5% of total emails (96) I've now disabled the SA lookups for RPBL (thanks @ pgnd for the link with an easy way to do that), so that should drop my lookups by a third, taking me to about 15k per 30 days I think on average. As you mention, a combined answer would safe a huge amount of lookups. My mail server is running RHEL8 with spamassassin 3.4.6 - so the BLOCKED tests are not there - but I'm not being blocked from what I can see, so that's not an issue for now. Simon.
On Saturday, April 05, 2025 11:57 AEST, Greg Troxel <g...@lexort.com> wrote: "Simon Wilson via users" <users@spamassassin.apache.org> writes: > OK, back to the purpose of this list - spamassassin! :) > Validity are planning to enforce limits (although how they will > enforce remains unknown - timeouts? false -ves? false +ves?). Given > that these DNS BLs are in the standard config, and I'm apparently > exceeding the free threshold of 10,000 queries in 30 days I need to > explore ways to reduce consumption. > From looking in 20_dnsbl_tests.cf, the Validity tests seem to be > generating queries to sa-trusted.bondedsender.org, > sa-accredit.habeas.com and bl.score.senderscore.com. I have no recollection of signing up in any form, and have not gotten an email asking me to pay. I actually had no idea these were pay/limited until your mail, as I figured free access to SAFE/CERTIFIED for relying parties was part of the business model of charnging "high volume email senders" to be certified as not spammers. (To be fair, my analysis of 30 days of logs did not find any CERTIFIED or SAFE senders as spam.) Reading 20_dnsbl_tests.cf, I notice: Indeed there are 3 tests, for 3 rules. (Interesting that it isn't a combined answer.) There are _BLOCKED rules, checking for 127.255.255.255, and code to stop querying (I think) if that rule fires. Looking in my logs, there are enough emails that I should be seeing a somehwhat higher query volume than you, although if TTLs are reasonably long a fair bit of mailinglist traffic may avoid lookups. Still, I'm almost certainly over 10000/month. I didn't react to 10000/month when you said it but having done the math, finding my usage (definitely personal) over, and that it's only just over 100 messages/day, it seems clear that 10K is way too low a limit for a service to be included in the default ruleset. But maybe with an overlimit response and SA configured to just stop after getting that once, it's ok. I don't remember doctrine accomodating that but I suspect I would have missed discussion depending on when. Are you using SA 4, that should handle *_BLOCKED? If not, upgrading seems in order. Or is that rule firing? Looking at scores: 33 messages had both RCVD_IN_VALIDITY_CERTIFIED and RCVD_IN_VALIDITY_SAFE seems like all ham 27 messages hit RCVD_IN_VALIDITY_RPBL 3 are ham, same host 24 were very high scoring and I can comfortably say all spam I'm not sure how much it would have hurt my classification to skip these rules. For your amusement, my custom scores, adjusted ad hoc over time. I don't remember clearly, but I think I was getting spam that was hiting SAFE (and you can see by the comments that SAFE seems to include "single opt in"). score RCVD_IN_VALIDITY_SAFE 2 # was -2 score RCVD_IN_VALIDITY_CERTIFIED -2 # was -3 # VALIDITY's blocklist appears good. score RCVD_IN_VALIDITY_RPBL (2) # was 1.3 Based on recent log analysis, I changed to: score RCVD_IN_VALIDITY_SAFE -1 # was -2 #score RCVD_IN_VALIDITY_CERTIFIED -3 # was -3 -- Simon Wilson M: 0400 121 116
