PMG Strange "dns_block_rule" log entries in mail.log

[balutojas]

Hello forum members!

I'm reaching out to you with an issue that I noticed a few weeks ago in the /var/log/mail.log on our Proxmox Mail Gateway 8.1.6 server:

2025-04-16T15:03:12.142375+02:00 mailgw pmg-smtp-filter[197971]: WARNING: check: dns_block_rule RCVD_IN_VALIDITY_RPBL_BLOCKED hit, creating /root/.spamassassin/dnsblock_bl.score.senderscore.com (This means DNSBL blocked you due to too many queries. Set all affected rules score to 0, or use "dns_query_restriction deny bl.score.senderscore.com" to disable queries)

2025-04-16T15:08:20.533740+02:00 mailgw pmg-smtp-filter[197971]: WARNING: check: dns_block_rule RCVD_IN_VALIDITY_CERTIFIED_BLOCKED hit, creating /root/.spamassassin/dnsblock_sa-trusted.bondedsender.org (This means DNSBL blocked you due to too many queries. Set all affected rules score to 0, or use "dns_query_restriction deny sa-trusted.bondedsender.org" to disable queries)

2025-04-16T15:08:20.534082+02:00 mailgw pmg-smtp-filter[197971]: WARNING: check: dns_block_rule RCVD_IN_VALIDITY_SAFE_BLOCKED hit, creating /root/.spamassassin/dnsblock_sa-accredit.habeas.com (This means DNSBL blocked you due to too many queries. Set all affected rules score to 0, or use "dns_query_restriction deny sa-accredit.habeas.com" to disable queries)

2025-04-16T15:08:20.534229+02:00 mailgw pmg-smtp-filter[197971]: WARNING: check: dns_block_rule RCVD_IN_VALIDITY_RPBL_BLOCKED hit, creating /root/.spamassassin/dnsblock_bl.score.senderscore.com (This means DNSBL blocked you due to too many queries. Set all affected rules score to 0, or use "dns_query_restriction deny bl.score.senderscore.com" to disable queries)

2025-04-16T15:13:43.522687+02:00 mailgw pmg-smtp-filter[198347]: WARNING: check: dns_block_rule RCVD_IN_VALIDITY_CERTIFIED_BLOCKED hit, creating /root/.spamassassin/dnsblock_sa-trusted.bondedsender.org (This means DNSBL blocked you due to too many queries. Set all affected rules score to 0, or use "dns_query_restriction deny sa-trusted.bondedsender.org" to disable queries)

2025-04-16T15:13:43.522999+02:00 mailgw pmg-smtp-filter[198286]: WARNING: check: dns_block_rule RCVD_IN_VALIDITY_CERTIFIED_BLOCKED hit, creating /root/.spamassassin/dnsblock_sa-trusted.bondedsender.org (This means DNSBL blocked you due to too many queries. Set all affected rules score to 0, or use "dns_query_restriction deny sa-trusted.bondedsender.org" to disable queries)

2025-04-16T15:13:43.523230+02:00 mailgw pmg-smtp-filter[198286]: WARNING: check: dns_block_rule RCVD_IN_VALIDITY_SAFE_BLOCKED hit, creating /root/.spamassassin/dnsblock_sa-accredit.habeas.com (This means DNSBL blocked you due to too many queries. Set all affected rules score to 0, or use "dns_query_restriction deny sa-accredit.habeas.com" to disable queries)

2025-04-16T15:13:43.523392+02:00 mailgw pmg-smtp-filter[198286]: WARNING: check: dns_block_rule RCVD_IN_VALIDITY_RPBL_BLOCKED hit, creating /root/.spamassassin/dnsblock_bl.score.senderscore.com (This means DNSBL blocked you due to too many queries. Set all affected rules score to 0, or use "dns_query_restriction deny bl.score.senderscore.com" to disable queries)

2025-04-16T15:19:01.689710+02:00 mailgw pmg-smtp-filter[198415]: WARNING: check: dns_block_rule RCVD_IN_VALIDITY_CERTIFIED_BLOCKED hit, creating /root/.spamassassin/dnsblock_sa-trusted.bondedsender.org (This means DNSBL blocked you due to too many queries. Set all affected rules score to 0, or use "dns_query_restriction deny sa-trusted.bondedsender.org" to disable queries)

2025-04-16T15:19:01.689900+02:00 mailgw pmg-smtp-filter[198415]: WARNING: check: dns_block_rule RCVD_IN_VALIDITY_SAFE_BLOCKED hit, creating /root/.spamassassin/dnsblock_sa-accredit.habeas.com (This means DNSBL blocked you due to too many queries. Set all affected rules score to 0, or use "dns_query_restriction deny sa-accredit.habeas.com" to disable queries)

2025-04-16T15:19:01.689955+02:00 mailgw pmg-smtp-filter[198415]: WARNING: check: dns_block_rule RCVD_IN_VALIDITY_RPBL_BLOCKED hit, creating /root/.spamassassin/dnsblock_bl.score.senderscore.com (This means DNSBL blocked you due to too many queries. Set all affected rules score to 0, or use "dns_query_restriction deny bl.score.senderscore.com" to disable queries)

2025-04-16T15:24:03.212991+02:00 mailgw pmg-smtp-filter[198705]: WARNING: check: dns_block_rule RCVD_IN_VALIDITY_CERTIFIED_BLOCKED hit, creating /root/.spamassassin/dnsblock_sa-trusted.bondedsender.org (This means DNSBL blocked you due to too many queries. Set all affected rules score to 0, or use "dns_query_restriction deny sa-trusted.bondedsender.org" to disable queries)

2025-04-16T15:24:03.213212+02:00 mailgw pmg-smtp-filter[198705]: WARNING: check: dns_block_rule RCVD_IN_VALIDITY_SAFE_BLOCKED hit, creating /root/.spamassassin/dnsblock_sa-accredit.habeas.com (This means DNSBL blocked you due to too many queries. Set all affected rules score to 0, or use "dns_query_restriction deny sa-accredit.habeas.com" to disable queries)

Hundreds of these log entries appear every day.
After looking into the problem, I initially suspected our locally installed DNS server, but it seems to be working fine. I followed this guide for the setup:
https://pmg.proxmox.com/wiki/index.php/DNS_server_on_Proxmox_Mail_Gateway

DNSBL filtering is handled by SpamAssassin using a /etc/mail/spamassassin/custom-dnsbl.cf file:

header DNSBL_SPAMHAUS eval:check_rbl('spamhaus', 'zen.spamhaus.org.')

describe DNSBL_SPAMHAUS sender listed in zen.spamhaus.org

score DNSBL_SPAMHAUS 2



header DNSBL_UCEPROTECT1 eval:check_rbl('uceprotect1', 'dnsbl-1.uceprotect.net.')

describe DNSBL_UCEPROTECT1 sender listed in dnsbl-1.uceprotect.net

score DNSBL_UCEPROTECT1 2



header DNSBL_SURRIEL eval:check_rbl('surriel', 'psbl.surriel.com.')

describe DNSBL_SURRIEL sender listed in psbl.surriel.com

score DNSBL_SURRIEL 2



header DNSBL_SPAMRATS eval:check_rbl('spamrats', 'all.spamrats.com.')

describe DNSBL_SPAMRATS sender listed in all.spamrats.com

score DNSBL_SPAMRATS 2

The DNSBL list field in the web GUI is empty:



Since I don't know which DNSBL list is causing the issue, I tried disabling the checks in the custom-dnsbl.cf file one by one. Eventually, I commented out the entire content of the file. Even after restarting the entire server, the error messages in mail.log persist.

Where could this error be coming from? What could be the solution?
If you need more information or configuration files, feel free to ask and I’ll gladly share the details

 

[balutojas]

Can't anyone help with this?

 

[Cristian Seres]

I also seem to see hundreds of RCVD_IN_VALIDITY_CERTIFIED_BLOCKED lines in journalctl -u pmg-smtp-filter on Proxmox Mail Gateway 8.2.0. I am using a local nameserver on PMG.

 

[Kisuke]

Hello,

from my knowledge of testing PMG so far, it seems it is using some SA rules which is querying public blacklist for reputation. This error indicates, your public IP (of your DNS you are using) was blocked by that certain blacklist.

For example SPAMHAUS: https://www.spamhaus.org/faqs/dnsbl-usage/
Diagnostic can bee quite simple. Try to run this on your PMG:

dig 8.8.8.8.zen.spamhaus.org +short

If you get some response like 127.255.255.* your DNS is prohibited to query SPAMHAUS.

Same applies for other lists PMG is using (error codes may differ).

 

[Patmo.de]

Check your Spamassasin settings. Validity is a provider for checks similar to Spamhaus, though it is mostly used with Spamassasin.

Have a look at this: https://forum.proxmox.com/threads/h...bl-lookups-in-spamassassin.165886/post-769274