Knowledgebase

status_loader

What means: URIBL_BLOCKED ADMINISTRATOR NOTICE?

Question / Problem

Why does the "URIBL_BLOCKED ADMINISTRATOR NOTICE" SpamAssassin rule trigger on all of my messages, what is it for and how can I avoid this?

Answer / Solution

URIBL (https://www.uribl.com) is a DNS-based Blackhole List which tracks IP addresses which are commonly used for sending spam mails. URIBL is enabled by default for SpamAssassin installations but allows only a certain amount of requests from the same IP every day. If this amount is exceeded, any further requests will be blocked by the URIBL servers with the info notification above.

This typically happens for SpamAssassin installations that use public DNS resolvers such as Google. As any request that is forwarded via the Google servers has the same IP when it reaches the Blackhole list, all requests will share the same limit. For usage of an alternative DNS, please follow these instructions.

For the following domains it is currently useful to set up forwarding to ensure the full functionality of SpamAssassin:

  • dbl.spamhaus.org
  • zen.spamhouse.org
  • sbl.spamhouse.org
  • list.dnswl.org
  • multi.uribl.com


Now determine the name server for each of the mentioned domains.
Open a command prompt and issue the following command (e.g. for "lists.dnswl.org"):

nslookup -querytype=ns list.dnswl.org.

Attention: Do not omit the dot at the end of the domain, otherwise nslookup will append your local domain and the command will not work.

Example output:
list.dnswl.org nameserver = b.ns.dnswl.org
list.dnswl.org name server = c.ns.dnswl.org
b.ns.dnswl.org internet address = 74.208.14.82
c.ns.dnswl.org internet address = 173.255.241.134
c.ns.dnswl.org AAAA IPv6 address = 2600:3c01::21:1000

  • Now create a "conditional forwarding" on your domain controller for each IP address.
  • Open the DNS management console on the server
     <Server Name> ' "Conditional Forwarding" ' Right click, "New Conditional Forwarding"
  • Enter the domain (in the example: "lists.dnswl.org") and then enter the IP addresses previously queried.

 

If you are using an enterprise firewall, you can also make these settings there. The function can be found in the 'DNS' section and is called 'DNS Request Routing' or 'DNS Redirection' or similar.

Need further help getting started?

You did not find what you were looking for? Please contact us so we can provide an answer to your question.

Contact Form