SpamAssassin, The query to URIBL was blocked.

Avatar forum:youradds 1 year, 2 months ago

Hi,

I'm trying to work out how to get around this error:

X-Spam-Score: 0
X-Spam-Bar: /
X-Spam-Report: Spam detection software, running on the system "admin.newbyhost.com",
 has NOT identified this incoming email as spam.  The original
 message has been attached to this so you can view it or label
 similar future email.  If you have any questions, see
 @@CONTACT_ADDRESS@@ for details.

 Content preview:  new car? compare the best deals. --> the epic way to finance
    your new car. the epic way to finance your new car [1] apply now › car
   loans from £1,000to £100,000* [...] 

 Content analysis details:   (-0.0 points, 5.0 required)

  pts rule name              description
 ---- ---------------------- --------------------------------------------------
  0.0 URIBL_BLOCKED          ADMINISTRATOR NOTICE: The query to URIBL was blocked.
                             See
                             http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block
                              for more information.
                             [URIs: bmetrack.com]
 -0.0 RCVD_IN_MSPIKE_H3      RBL: Good reputation (+3)
                             [207.8.97.3 listed in wl.mailspike.net]
 -0.0 SPF_HELO_PASS          SPF: HELO matches SPF record
 -0.0 T_RP_MATCHES_RCVD      Envelope sender domain matches handover relay
                             domain
 -0.0 SPF_PASS               SPF: sender matches SPF record
  0.0 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail
                             domains are different
  0.0 HTML_MESSAGE           BODY: HTML included in message
 -0.0 RCVD_IN_MSPIKE_WL      Mailspike good senders
  0.0 LOTS_OF_MONEY          Huge... sums of money
  0.0 T_DKIM_INVALID         DKIM-Signature header exists but is not valid

It's a basic setup using VestaCP, but I can't work out why it gives that error. There is no way my server is sending too much traffic to the RBL checks to warrant a blocking, so it must be something else?

Cheers

Andy

7 Replies

Everyone using linode's DNS servers has this problem and linode has decided not to address the issue.

Basically, the URIBL service is free for a few emails (like personal use), but anything above that requires some kind of payment. Linode does not want to pay for such a service to offer to us, so any requests to URIBL (via spamassassin or other similar tool) fail with URIBL_BLOCKED.

There are two things you can do:

1) Keep using linode's DNS servers and just ignore URIBL (you can even disable the check in spamassassin)

2) Setup your own DNS servers, if you have a normal amount of emails then you'll get free service from URIBL, but if you exceed their threshold then you will also be blocked.

Hi,

Thanks for the reply. Mmm yeah, not too sure I like the idea of setting up my own DNS server. Seems a bit of a faff :( Maybe I will just have to deal with it then.

What is confusing me though, is why these both match, but don't hold any "score" ?

  0.0 LOTS_OF_MONEY          Huge... sums of money
  0.0 T_DKIM_INVALID         DKIM-Signature header exists but is not valid

I would have thought the fact that they matched, would mean it needs to give them some kind of negative score.

Cheers

Andy

Some tests match only to give output in the headers. I assume this is for people to filter on matched text in their email clients.

Indeed as the above user mentioned, some are matched but do not have a score. For example, if you are a banker and talk about "huge sums of money" then you may not want a negative score on your emails.

TDKIMINVALID is there to tell people that their DKIM implementation is broken. In my servers I always reject emails with an invalid DKIM. In addition, I don't use spamassassin for DKIM checking, but I prefer the check to happen earlier in the process via OpenDKIM milter during postfix processing. Thus, emails will be rejected earlier and spamassassin will have to do less work.

If you want, you can give TDKIMINVALID a score of 100 to just block those broken emails.

In OpenDKIM I use the following settings:

On-BadSignature        reject
On-KeyNotFound        reject
On-Security        reject

Thanks everyone. Where would I go about editing the score for TDKIMINVALID? I'm assuming its part of the core, so I would need to overwrite it in local.cf maybe?

Cheers

Andy

Yes, you can edit the local.cf, in CentOS its under /etc/mail/spamassassin and add a line like:

score TDKIMINVALID 100

In CentOS, you can look at the rules under /var/lib/spamassassin/

Reply

Please enter an answer
Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Community Code of Conduct