Before you can take action, you need to know the reason why you receive the URIBL_BLOCKED message.As there are many members processing huge amounts of mail, it could help others with the same issue.
***Just forgot to ask, do you use ipv6?
*** Do you use efa only inbound?
internal_networks and trusted_networks aren't there to avoid scanning (although there is an ALL_TRUSTED rule with a zero score), they are
there to help SA determine which relays are relevant to certain tests.
To be sure, take a look at 1 Inbound and 1 outbound message and see what checks are done, just for spamassassin.
Code: Select all
spamassassin 2>&1 -D -t msg | grep untrusted | less
You could also debug posfix if the above check reveals no clue.
Enable verbose logging: in /etc/postfix/master.cf
Code: Select all
# ==========================================================================
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (yes) (never) (100)
# ==========================================================================
smtp inet n - - - - smtpd -v
Code: Select all
service postfix restart
tail -f /var/log/mail.log
*** How many scanners
You are right, no impact on the uribl reject message. But as you already noticed, this will have an big impact on total scanning time per message. Due the heavy cpu load of sophos, you succesfully configured saphosavi.
** Also the number of dnbl lists
looking at the unbound stats, there is no way to see the multi.uribl.com queries only. The total shown is since the last start/reset of unbound for all queries.
*** So check your postfix main.cf rbl's and your spamassassin rbl's.
Just take a look at the following massive rblbl example. You can have multiple checks on a single rbl list ( like grey or black) aka 2 queries per message.
Postfix
smtpd_recipient_restrictions =
reject_invalid_hostname,
reject_unknown_recipient_domain,
reject_unauth_pipelining,
permit_mynetworks,
permit_sasl_authenticated,
reject_non_fqdn_recipient,
reject_unauth_destination,
reject_unverified_recipient,
reject_non_fqdn_sender,
reject_unknown_sender_domain,
reject_rbl_client access.redhawk.org,
reject_rbl_client all.spamrats.com,
reject_rbl_client b.barracudacentral.org,
reject_rbl_client bl.spamcannibal.org,
reject_rbl_client bl.spamcop.net,
reject_rbl_client blackholes.mail-abuse.org,
reject_rbl_client bogons.cymru.com,
reject_rbl_client cbl.abuseat.org,
reject_rbl_client cblless.anti-spam.org.cn,
reject_rbl_client combined.njabl.org,
reject_rbl_client csi.cloudmark.com,
reject_rbl_client db.wpbl.info,
reject_rbl_client dnsbl.dronebl.org,
reject_rbl_client dnsbl.inps.de,
reject_rbl_client dnsbl.njabl.org,
reject_rbl_client dnsbl.sorbs.net,
reject_rbl_client drone.abuse.ch,
reject_rbl_client dsn.rfc-ignorant.org,
reject_rbl_client httpbl.abuse.ch,
reject_rbl_client ix.dnsbl.manitu.net,
reject_rbl_client korea.services.net,
reject_rbl_client multi.surbl.org,
reject_rbl_client netblock.pedantic.org,
reject_rbl_client opm.tornevall.org,
reject_rbl_client pbl.spamhaus.org,
reject_rbl_client psbl.surriel.com,
reject_rbl_client query.senderbase.org,
reject_rbl_client rbl.efnetrbl.org,
reject_rbl_client rbl.interserver.net,
reject_rbl_client rbl.rbldns.ru,
reject_rbl_client rbl.spamlab.com,
reject_rbl_client rbl.suresupport.com,
reject_rbl_client rbl-plus.mail-abuse.org,
reject_rbl_client relays.mail-abuse.org,
reject_rbl_client sbl.spamhaus.org,
reject_rbl_client short.rbl.jp,
reject_rbl_client spam.dnsbl.sorbs.net,
reject_rbl_client spamguard.leadmon.net,
reject_rbl_client spamrbl.imp.ch,
reject_rbl_client tor.dan.me.uk,
reject_rbl_client ubl.unsubscore.com,
reject_rbl_client virbl.bit.nl,
reject_rbl_client virus.rbl.jp,
reject_rbl_client wormrbl.imp.ch,
reject_rbl_clientbl.spamhaus.org,
reject_rbl_client zen.spamhaus.org,
reject_rbl_client dnsbl-1.uceprotect.net,
reject_rhsbl_sender dbl.spamhaus.org,
reject_rhsbl_helo dbl.spamhaus.org,
reject_rhsbl_client dbl.spamhaus.org,
reject_rhsbl_helo black.uribl.com,
reject_rhsbl_sender black.uribl.com,
reject_rhsbl_client black.uribl.com,
reject_rhsbl_helo multi.surbl.org,
reject_rhsbl_sender multi.surbl.org,
reject_rhsbl_client multi.surbl.org,
reject_rhsbl_helo multi.uribl.com,
reject_rhsbl_sender multi.uribl.com,
reject_rhsbl_client multi.uribl.com,
reject_rhsbl_helo rhsbl.ahbl.org,
reject_rhsbl_sender rhsbl.ahbl.org,
reject_rhsbl_client rhsbl.ahbl.org
check_sender_access hash:/etc/postfix/sender_access,
check_sender_access hash:/etc/postfix/whitelist,
check_client_access hash:/etc/postfix/rbl_override, permit
SpamAssassin
# Custom Rules
urirhssub URIBL_BLACK multi.uribl.com. A 2
body URIBL_BLACK eval:check_uridnsbl('URIBL_BLACK')
describe URIBL_BLACK Contains an URL listed in the URIBL blacklist
tflags URIBL_BLACK net
score URIBL_BLACK 3.0
urirhssub URIBL_GREY multi.uribl.com. A 4
body URIBL_GREY eval:check_uridnsbl('URIBL_GREY')
describe URIBL_GREY Contains an URL listed in the URIBL greylist
tflags URIBL_GREY net
score URIBL_GREY 0.25