Hi
I use only local pdns recursor and this same I set in SA
1)Spamassassin3.x:
spamassassin -D -t w6.elm
---- ---------------------- -------------------------------------------
1.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was
blocked. See
http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block
for more information.
[URIs: pge-obrot.pl]
-1.9 BAYES_00 BODY: Bayesowskie prawdopodobie�stwo spamu
wynosi 0 do 1%
[score: 0.0000]
0.0 FSL_HELO_NON_FQDN_1 No description available.
-1.9 SPF_PASSED Przeszlo weryfikacje SPF
1.5 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level
mail domains are different
2.9 FROM_NOT_RETURN_PATH From: does not match Return-path:
0.0 HTML_MESSAGE BODY: Wiadomo�� zawiera kod HTML
0.1 MIME_HTML_ONLY BODY: Wiadomo�� posiada tylko cz�ci
tekstowe/html MIME
0.2 PAY_SPAM RAW: payment
0.1 DKIM_SIGNED Message has a DKIM or DK signature, not
necessarily
valid
4.0 DCC_CHECK Na li�cie DCC (http://www.dcc-servers.net/dcc/)
0.4 HELO_NO_DOMAIN Relay reports its domain incorrectly
5.0 Q_152 FROM_NOT_RETURN_PATH_HEADER_FROM_DIFFERENT_DOMAINS
0.1 SHORT_HELO_AND_INLINE_IMAGE Short HELO string, with inline image
0.1 DKIM_INVALID DKIM or DK signature exists, but is not valid
0.0 RDNS_NONE Delivered to internal network by a host
with no rDNS
1.0 DMARC_QUAR No description available.
Feb 14 10:34:39.762 [2817004] dbg: check: tagrun - tag DKIMDOMAIN is
still blocking action 3
Feb 14 10:34:39.765 [2817004] dbg: plugin:
Mail::SpamAssassin::Plugin::MIMEHeader=HASH(0x55e622f11470) implements
'finish_tests', priority 0
Feb 14 10:34:39.765 [2817004] dbg: plugin:
Mail::SpamAssassin::Plugin::Check=HASH(0x55e622f119e0) implements
'finish_tests', priority 0
Feb 14 10:34:39.772 [2817004] dbg: netset: cache trusted_networks
hits/attempts: 7/10, 70.0 %
Feb 14 10:34:39.801 [2817004] dbg: bayes: Redis destroy
2)Spamassassin4.x
spamassassin -D -t w6.elm
---- ---------------------- -------------------------------------------
1.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL
was blocked.
See
http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block
for more information.
[URI: gkpge.pl]
[URI: pge-obrot.pl]
0.0 URIBL_DBL_BLOCKED ADMINISTRATOR NOTICE: The query to
dbl.spamhaus.org
was blocked. See
https://www.spamhaus.org/returnc/vol/
[URI: gkpge.pl]
[URI: www.gkpge.pl]
[URI: pge-obrot.pl]
[URI: ebok.gkpge.pl]
[URI: www.pge-obrot.pl]
0.0 RCVD_IN_DNSWL_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to DNSWL
was blocked. See
http://wiki.apache.org/spamassassin/DnsBlocklists#DnsBlocklists-dnsbl-block
for more information.
[86.xxx.xxx.xxx listed in list.dnswl.org]
0.1 DKIM_SIGNED Message has a DKIM or DK signature, not
necessarily valid
0.0 ARC_SIGNED Message has a ARC signature
0.0 ARC_VALID Message has a valid ARC signature
4.0 DCC_CHECK Na li�cie DCC (http://www.dcc-servers.net/dcc/)
0.1 DKIM_INVALID DKIM or DK signature exists, but is not valid
-1.9 BAYES_00 BODY: Bayesowskie prawdopodobie�stwo spamu
wynosi 0 do 1%
[score: 0.0000]
-1.9 SPF_PASSED Przeszlo weryfikacje SPF
0.0 FSL_HELO_NON_FQDN_1 No description available.
2.9 FROM_NOT_RETURN_PATH From: does not match Return-path:
1.5 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail
domains are different
0.1 MIME_HTML_ONLY BODY: Wiadomo�� posiada tylko cz�ci
tekstowe/html
MIME
0.0 HTML_MESSAGE BODY: Wiadomo�� zawiera kod HTML
0.2 PAY_SPAM RAW: payment
0.4 HELO_NO_DOMAIN Relay reports its domain incorrectly
0.0 RDNS_NONE Delivered to internal network by a host
with no rDNS
5.0 Q_152 FROM_NOT_RETURN_PATH_HEADER_FROM_DIFFERENT_DOMAINS
0.1 SHORT_HELO_AND_INLINE_IMAGE Short HELO string, with inline image
1.2 DMARC_QUAR DMARC quarantine policy
Feb 14 10:33:06.358 [161899] dbg: check: tagrun - tag DKIMDOMAIN is
still blocking action 0, 1, 2, 3, 4, 5, 6, 7
Feb 14 10:33:06.363 [161899] dbg: plugin:
Mail::SpamAssassin::Plugin::MIMEHeader=HASH(0x55a1fb0055f8) implements
'finish_tests', priority 0
Feb 14 10:33:06.363 [161899] dbg: plugin:
Mail::SpamAssassin::Plugin::Check=HASH(0x55a1fb005b38) implements
'finish_tests', priority 0
Feb 14 10:33:06.368 [161899] dbg: bayes: Redis destroy
Feb 14 10:33:06.378 [161899] dbg: netset: cache trusted_networks
hits/attempts: 7/10, 70.0 %
W dniu 14.02.2025 o 04:48, Matija Nalis pisze:
On Thu, Feb 13, 2025 at 05:13:43PM +0100, natan wrote:
IP ban may make sense - but there was a similar problem with another machine
also with spamassin4.x - after returning to 3x there was no problem
Are you SURE there was NO problem? Or is it possible that the problem
*just isn't reported* in SA3? (i.e. SA4 has better reporting than SA3)
it looks like sa4 e.g. asked a few times e.g. about one thing
Feb 13 17:02:06 amavis5 amavis[9316]: (09316-01) _WARN: check:
dns_block_rule RCVD_IN_VALIDITY_RPBL_BLOCKED hit, creating
/var/amavis/var/.spamassassin/dnsblock_bl.score.senderscore.com (This means
DNSBL blocked you due to too many queries. Set all affected rules score to
0, or use "dns_query_restriction deny bl.score.senderscore.com" to disable
queries)
are you a paying VALIDITY customer?
Because their public limits are quite low IIRC.
So unless you're paying, you should probably just do what that error
message is suggesting that you do.
But of course, you could do more debugging as described below.
dig +short
127.0.0.1.bzdaby.clicks.mlsend.com.dnsblock_bl.score.senderscore.com
@127.0.0.1
You are still using unneeded "@127.0.0.1", please skip doing that.
It can only introduce confusion and error, and never help when testing SA.
Also, are you sure
"127.0.0.1.bzdaby.clicks.mlsend.com.dnsblock_bl.score.senderscore.com"
is right thing to query? Is SA saying that is **exact** query that is
causing RCVD_IN_VALIDITY_RPBL_BLOCKED rule to hit?
Have you done "spamassassin -D -t" on problematic mail as I
suggested? I have not seen output of that. Please run that command on
both SA3 and SA4 on same e-mail and compare what DNS queries ther are
actually sending.
It is hard to debug further without that essential information.
It will tell you what DNS queries the SA is sending, which you then
can ran manually with dig.
2) that this pdns-recursor, if it is used, has same version and same
configuration as other machines (e.g. cache size, forwarders etc).
IOW, it could be behaving differently.
have you checked this?
yes
3) just because SA3 does not show you the errors, does not
necessarily mean that it does not experience same errors (but for
example have errors, but fails to show them)
Also, have you checked this? You need to run "spamassassin -D -t" to
see what SA3 and SA4 are doing. Just because only SA4 reports error
does not mean that SA3 does not also have the error (it is more
likely that it also has the error, but its error detection is not as
good, so it does not inform you of the error).
Probably you right - SA4 is more verbose (debugging)
--
