Re: .../updates_spamassassin_org/50_scores.cf is ignored

Wed, 11 Jun 2025 05:13:36 -0700 

Matus UHLAR - fantomas skrev den 2025-06-11 13:13:

On 11.06.25 09:47, Vincent Lefevre wrote:

Well, it appears that the scores of the _BLOCKED strings are set
in the file
/var/lib/spamassassin/4.000001/updates_spamassassin_org/72_scores.cf
by

score RCVD_IN_VALIDITY_CERTIFIED_BLOCKED    0.001 0.001 0.001 0.001
score RCVD_IN_VALIDITY_RPBL_BLOCKED         0.001 0.001 0.001 0.001
score RCVD_IN_VALIDITY_SAFE_BLOCKED         0.001 0.001 0.001 0.001

This is also something that is updated by sa-update. So everyone
should have them, this is not a local config.

So I still don't understand why there is an issue specific to my
machine, i.e. the fact that RCVD_IN_VALIDITY_CERTIFIED, etc. (the
strings without _BLOCKED) with a score of 0[*] still trigger a DNS
request and associated error in the logs and message headers.

[*] as given by
/var/lib/spamassassin/4.000001/updates_spamassassin_org/50_scores.cf

I recall that this file has

# Validity (née ReturnPath) Certified
# https://www.validity.com/resource-center/fact-sheet-certification/
# CERTIFIED is a subset of SAFE, thus the score is cumulative.
# -2 + -3 = -5 points for CERTIFIED
# disabled by default 2025-05-11 WKC bz#8278
score RCVD_IN_VALIDITY_CERTIFIED 0
score RCVD_IN_VALIDITY_SAFE 0
score RCVD_IN_VALIDITY_RPBL 0
# Uncomment these if you enable the ones above
#score RCVD_IN_VALIDITY_SAFE_BLOCKED 0.001
#score RCVD_IN_VALIDITY_CERTIFIED_BLOCKED  0.001
#score RCVD_IN_VALIDITY_RPBL_BLOCKED 0.001


score 0 just hide the problem, it does not stop the underlaying query

to test it in bind:

rndc querylog on

spamassasssin -t mailmsg.eml

rndc querylog off

see named logs



i.e. only the versions without _BLOCKED have been set to 0.
The _BLOCKED versions are set by the 72_scores.cf file above,
if I understand correctly.

And why "Uncomment these if you enable the ones above" while the
scores are already set in the 72_scores.cf file I've mentioned
above?
This looks to me that setting scores of RCVD_IN_VALIDITY_*_BLOCKED unintentionally caused those DNS lookups to be performed.
Apparently those scores should be set to 0 too, so the "uncomment these" would only apply to people who manually enabled RCVD_IN_VALIDITY_* rules.

Reply via email to