On 2025-10-09 at 07:45:10 UTC-0400 (Thu, 09 Oct 2025 13:45:10 +0200)
Thomas Barth via users <[email protected]>
is rumored to have said:
Hello,
when testing new rules I noticed the message in the log: “DNSBL
blocked you due to too many queries”
dig +short 214.106.68.164.sa-accredit.habeas.com @127.0.0.1
127.255.255.255
dig +short 214.106.68.164.sa-trusted.bondedsender.org @127.0.0.1
127.255.255.255
The AI suggests to put the following lines into
/etc/spamassassin/local.cf
dns_query_restriction deny sa-accredit.habeas.com
dns_query_restriction deny sa-trusted.bondedsender.org
dns_query_restriction deny bl.score.senderscore.com
Is this correct?
From `perldoc Mail::SpamAssassin::Conf`:
dns_query_restriction (allow|deny) domain1 domain2 ...
Option allows disabling of rules which would result in a DNS
query
to one of the listed domains. The first argument must be a
literal
"allow" or "deny", remaining arguments are domains names.
So, yes, this time the slopbot provided you with a reasonable answer
consistent with the actual documentation. You could also put all of the
domains on one line.
Is all of this outdated?
Unclear what "all of this" refers to... Many DNSBLs have query volume
limits and the three cited are all now run by Validity, which recently
imposed very low limits. Their "free" service is now at best only fit
for testing, arguably not even that. We have left the related SA rules
available in the default feed to avoid breaking existing configurations,
so if you want to avoid the pointless queries and log noise, you should
add those lines.
--
Bill Cole
[email protected] or [email protected]
(AKA @[email protected] and many *@billmail.scconsult.com
addresses)
Not Currently Available For Hire
