URIBL_BLOCKED Message in SpamAssassin Logging and Headers

Contents

• URIBL_BLOCKED Message in SpamAssassin Logging and Headers

  • How the Issue Manifests

  • Cause of the Issue

  • How to Resolve

How the Issue Manifests

Logging stating URIBL_Blocked appears in both /var/log/maillog and the headers of messages that have been scanned by SpamAssassin.

Examples:

Feb 22 15:13:18 ip-172-31-37-24 spamc[15752]: connect to spamd on ::1 failed, retrying (#1 of 3): Connection refused
Feb 22 15:13:18 ip-172-31-37-24 spamd[4239]: spamd: connection from 127.0.0.1 [127.0.0.1]:64777 to port 783, fd 5
Feb 22 15:13:18 ip-172-31-37-24 spamd[4239]: spamd: processing message <b58bc4a3-a2cc-801d-ed2e-3cea306f32ce@interworx.com> for user@domain.com:241Feb 22 15:13:18 ip-172-31-37-24 spamd[4239]: dns: new_dns_packet: domain is utf8 flagged: ns.cloudflare.com
Feb 22 15:13:18 ip-172-31-37-24 spamd[4239]: dns: new_dns_packet: domain is utf8 flagged: ns.cloudflare.com
Feb 22 15:13:18 ip-172-31-37-24 spamd[4239]: spamd: clean message (1.2/5.0) for user@domain.com:241 in 0.3 seconds, 2265 bytes.
Feb 22 15:13:18 ip-172-31-37-24 spamd[4239]: spamd: result: . 1 - DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,RDNS_NONE,SPF_HELO_NONE,TVD_SPACE_RATIO,URIBL_BLOCKED scantime=0.3,size=2265,user=user@domain.com,uid=241,required_score=5.0,rhost=127.0.0.1,raddr=127.0.0.1,rport=64777,mid=<b58bc4a3-a2cc-801d-ed2e-3cea306f32ce@interworx.com>,autolearn=no autolearn_force=no
Feb 22 15:13:18 ip-172-31-37-24 spamd[4234]: prefork: child states: II

X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on
      server.com
X-Spam-Level: *
X-Spam-Status: No, score=1.2 required=5.0 tests=DKIM_SIGNED,DKIM_VALID,
      DKIM_VALID_AU,RDNS_NONE,SPF_HELO_NONE,TVD_SPACE_RATIO,URIBL_BLOCKED
      autolearn=no autolearn_force=no version=3.4.2
Received: (qmail 15733 invoked by uid 108); 22 Feb 2023 15:13:18 -0500
Received: by simscan 1.4.0 ppid: 15729, pid: 15731, t: 0.0748s
      scanners:none

Cause of the Issue

The RBL servers are currently not allowing the DNS server to do an RBL request.

For most RBL servers, as long as a given DNS server is not doing too many requests, those requests are allowed. However, if a DNS server is very busy and making too many requests, that DNS server no longer qualifies for the “free for some” method the RBL servers have in place. Because of this, it is blocked from making requests, as it would fall under a category where payment would be required.

How to Resolve

Adding 127.0.0.1 to /etc/resolv.conf and the restarting SpamAssassin will resolve the issue.

1. Log in to the server at the CLI as root, either via SSH or from the terminal

2. At the CLI, use a text editor to open /etc/resolv.conf for editing. The following example uses the Vim text editor:

   vim /etc/resolv.conf
   

3. Add the line following line:

   nameserver 127.0.0.1
   

   Example of how the file may look after editing–specific details, such as the “generated by” and “search” lines, and any other added nameservers will differ from this examples:

   ; generated by /usr/sbin/dhclient-script
   search iwx.io
   nameserver 127.0.0.1
   nameserver 8.8.8.8
   nameserver 1.1.1.1
   nameserver 1.0.0.1
   

4. Save and exit the text editor

5. Restart SpamAssassin

   systemctl restart spamassassin