#1132527 spamassassin: please update the Validity rules to have zero scores or disable the checks

#1132527#5
Date:
2026-04-02 09:54:31 UTC
From:
To:
Last year, I had reported

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1106669

There is now a low limit on the Validity requests. This yields

  RCVD_IN_VALIDITY_CERTIFIED_BLOCKED
  RCVD_IN_VALIDITY_RPBL_BLOCKED
  RCVD_IN_VALIDITY_SAFE_BLOCKED

even on personal servers. To solve this issue, upstream has changed
the Validity rules to have zero scores:

https://lists.apache.org/thread/75rhgh5cmx5bcv0thsqwq1pkw80f90cn
----

I had not checked the fix since in the mean time I had added

dns_query_restriction deny sa-trusted.bondedsender.org
dns_query_restriction deny bl.score.senderscore.com
dns_query_restriction deny sa-accredit.habeas.com

to /etc/spamassassin/local.cf (and anyway, the fix was not available
in Debian/stable).

But in a test with "spamc -R" on a Debian/unstable machine, I can
still see the issue:

 1.0 RCVD_IN_VALIDITY_CERTIFIED_BLOCKED RBL: ADMINISTRATOR NOTICE: The
                            query to Validity was blocked.  See
https://knowledge.validity.com/hc/en-us/articles/20961730681243
                             for more information.
                         [217.70.182.74 listed in sa-trusted.bondedsender.org]
 1.0 RCVD_IN_VALIDITY_SAFE_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to
                             Validity was blocked.  See
https://knowledge.validity.com/hc/en-us/articles/20961730681243
                             for more information.
                            [217.70.182.74 listed in sa-accredit.habeas.com]
 1.0 RCVD_IN_VALIDITY_RPBL_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to
                             Validity was blocked.  See
https://knowledge.validity.com/hc/en-us/articles/20961730681243
                             for more information.
                            [217.70.182.74 listed in bl.score.senderscore.com]

This adds 3 points to the spam score!

I think that it would actually be better to disable the checks
by default.

#1132527#10
Date:
2026-06-16 14:05:51 UTC
From:
To:
I just discovered that this has been causing large numbers of false positives on my system for the past several months. These rules need to be fixed ASAP. People using the default configuration in good faith need to be protected from this breakage.

A

#1132527#19
Date:
2026-06-29 19:04:24 UTC
From:
To:
close 1132527 4.0.2+svn1933012-1
thanks

This was closed in unstable with 4.0.2+svn1933012-1

Note that the use of sa-update will ensure that you get rule changes
installed more promptly.