Re: Spamassassin generating DNSBL blocks
Hi,
On Fri, Feb 21, 2025 at 06:59:14PM -0600, Greg Marks wrote:
> spamd: check: dns_block_rule RCVD_IN_DNSWL_BLOCKED hit, creating /root/.spamassassin/dnsblock_list.dnswl.org (This means DNSBL blocked you due to too many queries. Set all affected rules score to 0, or use "dns_query_restriction deny list.dnswl.org" to disable queries)
>
> (and many, many more). My /etc/resolv.conf file contains the lines:
>
> nameserver 8.8.8.8
> nameserver 8.8.4.4
You cannot use a public resolver like these two, to query a DNSBL with
usage limits. The DNSBL measures usage by the IP address of the DNS
resolver that is asking it questions. Your usage is indistinguishable
from the entirety of Google.
If you are going to use DNSBLs with usage limits then you must install
your own caching DNS resolver so that your DNS queries come only from
you.
This is a well-documented issue for these DNSBLs.
> Can I get rid of these "too many queries" errors by inserting lines
>
> dns_query_restriction deny sa-accredit.habeas.com
> dns_query_restriction deny list.dnswl.org
> ...
>
> into the file /etc/mail/spamassassin?
Yes but you'd be better off putting your custom directives into a
separate file such as local.cf for that purpose.
> Will that interfere with proper spam filtering?
Yes, if you consider use of those DNSBLs to be desirable. I mean,
spamassassin will still *work* without them.
> The alternative instruction provided in the logs, "set all affected
> rules score to 0," is rather opaque; I'm not sure how that is to be done.
https://cwiki.apache.org/confluence/display/spamassassin/DnsBlocklists#dnsbl-block
says:
score __RCVD_IN_DNSWL 0
in local.cf.
Thanks,
Andy
--
https://bitfolk.com/ -- No-nonsense VPS hosting
Reply to: