Question
Why do I see the following in my email headers, and how do I block connections to this Remote Blocklist to stop these errors?
0.0 RCVD_IN_VALIDITY_RPBL_BLOCKED RBL: ADMINISTRATOR NOTICE: The
query to Validity was blocked. See
https://knowledge.validity.com/hc/en-us/articles/20961730681243
for more information.
[REDACTED_IP_ADDRESS listed in bl.score.senderscore.com]
0.0 RCVD_IN_VALIDITY_CERTIFIED_BLOCKED RBL: ADMINISTRATOR NOTICE:
The query to Validity was blocked. See
https://knowledge.validity.com/hc/en-us/articles/20961730681243
for more information.
[REDACTED_IP_ADDRESS listed in sa-trusted.bondedsender.org]
Answer
SpamAssassin uses multiple blocklist by default, one of which is the Validity blocklist which requires an account to be created for the blocklist to be checked from the server. If an account is not created with validity.com you will see the above response in the SpamAssassin Headers as checks to this block list fail. This does not indicate a server error, just that your server is not authorized to query these block lists.
This can be changed by creating a custom configuration file for SpamAssassin, you need to create a custom configuration file as updates to SpamAssassin will overwrite changes to the local.cf file. This custom file can have almost any name as long as it has the .cf suffix to indicate to Spamd it is a configuration file. For the example below we will use custom.cf as our custom configuration file.
First, you will need to identify which version of SpamAssassin you are using, you can do this with the command below:
/usr/local/cpanel/3rdparty/bin/spamassassin -V
For servers using a SpamAssassin version below 3.4, we recommend adding a rule to redirect the queries to these URLs to the local server. This can be done by creating the file below:
touch /etc/mail/spamassassin/custom.cfWith the contents of the code block below:
# Disable SpamAssassin queries to Validity RBLs (e.g., bl.score.senderscore.com).
ifplugin Mail::SpamAssassin::Plugin::DNSEval
header RCVD_IN_VALIDITY_RPBL eval:check_rbl('custom', '127.0.0.1')
header RCVD_IN_VALIDITY_SAFE eval:check_rbl('custom', '127.0.0.1')
header RCVD_IN_VALIDITY_CERTIFIED eval:check_rbl('custom', '127.0.0.1')
header RCVD_IN_VALIDITY_RPBL_BLOCKED eval:check_rbl('custom', '127.0.0.1')
header RCVD_IN_VALIDITY_SAFE_BLOCKED eval:check_rbl('custom', '127.0.0.1')
header RCVD_IN_VALIDITY_CERTIFIED_BLOCKED eval:check_rbl('custom', '127.0.0.1')
endif # Mail::SpamAssassin::Plugin::DNSEval
For servers using a SpamAssassin version Above 3.4, we recommend adding a rule to block queries to the RBL in question using the dns_query_restriction rule. This can be done by creating the custom configuration file:
touch /etc/mail/spamassassin/custom.cfThen adding the contents of the codeblock below to the file to block requests to the three URLs used by Validity:
dns_query_restriction deny sa-trusted.bondedsender.org
dns_query_restriction deny sa-accredit.habeas.com
dns_query_restriction deny bl.score.senderscore.com
After making the changes in the custom.cf, you will want to verify the SpamAssassin configuration:
/usr/local/cpanel/3rdparty/bin/spamassassin --lint
If this returns an empty output it means no syntax errors have been detected and the service can be reloaded with the utility below:
/usr/local/cpanel/scripts/restartsrv_spamd
Once this final step is complete the requests to Validity's URLs should no longer occur.
Comments
0 comments
Article is closed for comments.