Package: spamassassin
Version: 4.0.1-5
Severity: normal
Dear Maintainer,
Minutes after upgrade from 4.0.1-3 to 4.0.1-5
------------ apt history ---------------------
Start-Date: 2025-07-09 06:03:22
Commandline: /usr/bin/unattended-upgrade
Upgrade: sa-compile:amd64 (4.0.1-3, 4.0.1-5), spamc:amd64 (4.0.1-3, 4.0.1-5),
spamd:amd64 (4.0.1-3, 4.0.1-5), spamassassin:amd64 (4.0.1-3, 4.0.1-5)
----------------------------------------------
some mail from a internal service got marked as spam due to the rule
Jul 9 06:04:26 nyc spamd[3561773]: check: dns_block_rule
RCVD_IN_VALIDITY_SAFE_BLOCKED hit, creating
/root/.spamassassin/dnsblock_sa-accredit.habeas.com (This means DNSBL blocked
you due to too many queries. Set all affected rules score to 0, or use
"dns_query_restriction deny sa-accredit.habeas.com" to disable queries)
Since there was three it go over the limit:
------------ mail snippet --------------
1.0 RCVD_IN_VALIDITY_SAFE_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to
Validity was blocked. See
https://knowledge.validity.com/hc/en-us/articles/20961730681243
for more information.
[185.107.x.y listed in sa-accredit.habeas.com]
1.0 RCVD_IN_VALIDITY_CERTIFIED_BLOCKED RBL: ADMINISTRATOR NOTICE: The
query to Validity was blocked. See
https://knowledge.validity.com/hc/en-us/articles/20961730681243
for more information.
[185.107.x.y listed in sa-trusted.bondedsender.org]
1.0 RCVD_IN_VALIDITY_RPBL_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to
Validity was blocked. See
https://knowledge.validity.com/hc/en-us/articles/20961730681243
for more information.
[185.107.x.y listed in bl.score.senderscore.com]
------------------
The article points to qouta issues (10K) but the validity cant have hit 10K in
a minute. My server is low-volume.
Prior to upgrade not logging of the rule can be found.
A blocked/failed query to a RBL should be ignored, not assigning a score. I
believe it is correctly fixed in upstream.
The work around for me is to disable in local config:
dns_query_restriction deny sa-trusted.bondedsender.org
dns_query_restriction deny sa-accredit.habeas.com
dns_query_restriction deny bl.score.senderscore.com
cheers,
Dennis
-- System Information:
Debian Release: 13.0
APT prefers testing-security
APT policy: (950, 'testing-security'), (500,
'testing-proposed-updates-debug'), (500, 'testing-debug'), (500, 'testing')
Architecture: amd64 (x86_64)
Kernel: Linux 6.12.31-amd64 (SMP w/8 CPU threads; PREEMPT)
Locale: LANG=en_DK.UTF-8, LC_CTYPE=en_DK.UTF-8 (charmap=UTF-8) (ignored: LC_ALL
set to en_DK.UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages spamassassin depends on:
ii adduser 3.152
ii curl 8.14.1-2
ii libhtml-parser-perl 3.83-1+b2
ii libhttp-date-perl 6.06-1
ii libio-string-perl 1.08-4
ii libmail-dkim-perl 1.20240923-1
ii libnet-dns-perl 1.50-1
ii libnetaddr-ip-perl 4.079+dfsg-2+b5
ii libsocket6-perl 0.29-3+b4
ii libsys-hostname-long-perl 1.5-3
ii perl [libarchive-tar-perl] 5.40.1-5
Versions of packages spamassassin recommends:
ii gnupg 2.4.7-21
pn libbsd-resource-perl <none>
pn libmail-dmarc-perl <none>
pn libmail-spf-perl <none>
ii perl [libsys-syslog-perl] 5.40.1-5
ii sa-compile 4.0.1-5
ii spamc 4.0.1-5
Versions of packages spamassassin suggests:
pn libdbi-perl <none>
pn libencode-detect-perl <none>
pn libgeoip2-perl <none>
ii libio-socket-ssl-perl 2.089-1
pn libnet-patricia-perl <none>
ii perl [libcompress-zlib-perl] 5.40.1-5
pn pyzor <none>
ii razor 1:2.85-11
-- no debconf information
