Re: DNS Help

2023-09-11 Thread Tom Williams via users 

On 9/11/23 10:35 AM, D Benham wrote:

Ok, I need some guidance.  I am getting a lot of this:


 0.0 URIBL_BLOCKED  ADMINISTRATOR NOTICE: The query to URIBL 
was blocked.

    See
http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block
 for more information.
 0.0 URIBL_DBL_BLOCKED_OPENDNS ADMINISTRATOR NOTICE: The query to
    dbl.spamhaus.org was blocked due to usage 
of an

 open resolver. See
    https://www.spamhaus.org/returnc/pub/


I have done a lot of searches on the 'Net but I'm still coming up 
blank.  Everything I read says to install a local resolver, so I've 
installed unbound.  According to the log, queries are being answered 
by unbound, but I'm still getting the errors indicated above.  I'm 
guessing that the requests are... being forwarded to a public DNS 
server?  I assume that, at some point, that has to happen...?  What am 
I missing?  What do I need to do/change?  What log files do I need to 
provide to help?  I'm just not sure where to go from here.



D



I had this issue as well and installed unbound.  In addition to that, I 
had to configure Spamassassin to point to the local resolver and my 
URIBL_BLOCKED issue pretty much went away.


Tom

Re: Reporting spoofing to Amazon

2020-10-24 Thread Tom Williams 

On 10/24/20 7:52 AM, Ramon F Herrera wrote:


Needless to say, the producers of spam and other malware are getting 
more and more clever.


Amazon is obviously one of the largest targets. I received the e-mail 
at the bottom, obviously fraudulent. Normally I mark those and remove 
them. In this case I called Amazon. They immediately returned my call 
and provided an e-mail address: stop-spoof...@amazon.com


-Ramon F. Herrera


Yes, I've sent many samples of phishing email messages to that Amazon 
email address.  I know it well.  :)


Peace...

Tom

Question about the 'URIBL_BLOCKED' rule

2020-04-30 Thread Tom Williams 
Hi!  I'm new to this mailing list, but not new to SpamAssassin. I've 
used it on and off for a number years.  :)   Recently, (within the past 
6 months or so) I enabled it for email in a shared web hosting 
environment (we host with InMotionHosting). Anyway, due to the volume of 
email traffic the server receives, I see a *lot* of 'URIBL_BLOCKED' 
entries in the SpamAssassin header injected in the headers of incoming 
mail.   If our server can't use URIBL to check mail, will that have an 
adverse or negative impact on SpamAssassin's ability to detect/identify 
spam?  Our host is running SpamAssassin 3.0 (shudders, I know it's ancient).


Thanks in advance!

Tom