• Please be aware: Kaspersky Anti-Virus has been deprecated
    With the upgrade to Plesk Obsidian 18.0.64, "Kaspersky Anti-Virus for Servers" will be automatically removed from the servers it is installed on. We recommend that you migrate to Sophos Anti-Virus for Servers.
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Question How to disable URIBL

C

Change Maker

Basic Pleskian
Server operating system version
Ubuntu 22.04.4 LTS
Plesk version and microupdate number
18.0.64
I'm getting Spam reports that Spam was found on my server.
"0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was blocked"
I don't know enough about this, but I think it usually relates to an email that was blocked as it was found to potentially be Spam on my server..
I deleted and trashed the last one, so I can't replicate exactly what it says.
I think it's related to Spam Assassin.

I was wondering if a simple solution would be to disable URIBL and if so how and what would be any negative impact of doing so?
Does anyone know?
Thanks
 
Thanks and just checking before that, because here's the message I get now:
Spam detection software, running on the system "server.x.x.x", has identified this incoming email as possible spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, seethe administrator of that system for details.
Content preview: Hello, You have received a newsletter from INNOWO. However, your email software can't display HTML emails. You can view the newsletter
by clicking here:

Content analysis details: (102.0 points, 5.2 required)

pts rule name description
---- ---------------------- --------------------------------------------------
0.0 URIBL_DBL_BLOCKED_OPENDNS ADMINISTRATOR NOTICE: The query to
dbl.spamhaus.org was blocked due to usage
of an open resolver. See
https://www.spamhaus.org/returnc/pub/
[URIs: mlsend.com]
0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was
blocked. See
DnsBlocklists - SPAMASSASSIN - Apache Software Foundation
 
What are the email address Spam settings? I assume you are not using Ples Email Security. You should be able to send all emails detected as spam to the Spam folder of the email address.

> "0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was blocked"

This is because you are, most likely, using a public DNS resolver like Google or Cloudflare. These big resolvers send a large number of requests to the RBL DNS servers and reach request limits. You can use your own server DNS service as a resolver using nameserver 127.0.0.1. It's configured to work as a resolver for all IP addresses on your server.
 
We don't use Plesk Email and thanks for the reply. Our Server is on Ionos and we link to a CRM for each individual domain. Our emails are sent from our own domains.
It appears nobody thinks that because we're using an Open Resolver, that the suggestions above would not solve the issue?
I'm just looking for a solution that isn't too technical to fix this.?
Thanks
 
From where did you get the line from your initial report?
"0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was blocked"
Click to expand...
From a received email to a Plesk hosted email address?
 
Hi. I had an email telling me about it. Here's one in Full with sensitive data XXX out. The IP address isn't mine. FYI.

" Spam detection software, running on the system "xxxxx", has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details.

Content preview: Hello, You have received a newsletter from INNOWO. However,your email software can't display HTML emails. You can view the newsletter by clicking here:

Content analysis details: (102.0 points, 5.2 required)

pts rule name description
---- ---------------------- --------------------------------------------------
0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was
blocked. See
DnsBlocklists - SPAMASSASSIN - Apache Software Foundation
for more information.
[URIs: mlcdn.com]
0.0 URIBL_DBL_BLOCKED_OPENDNS ADMINISTRATOR NOTICE: The query to
dbl.spamhaus.org was blocked due to usage
of an open resolver. See
https://www.spamhaus.org/returnc/pub/
[URIs: mlcdn.com]
0.0 RCVD_IN_DNSWL_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to
DNSWL was blocked. See
DnsBlocklists - SPAMASSASSIN - Apache Software Foundation
for more information.
[185.249.220.116 listed in list.dnswl.org]
0.0 RCVD_IN_ZEN_BLOCKED_OPENDNS RBL: ADMINISTRATOR NOTICE: The query
to zen.spamhaus.org was blocked due to
usage of an open resolver. See
https://www.spamhaus.org/returnc/pub/
[185.249.220.116 listed in zen.spamhaus.org]
-0.0 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)
[185.249.220.116 listed in wl.mailspike.net]
0.0 URIBL_ZEN_BLOCKED_OPENDNS ADMINISTRATOR NOTICE: The query to
zen.spamhaus.org was blocked due to usage
of an open resolver. See
https://www.spamhaus.org/returnc/pub/
[URIs: mlcdn.com]
0.0 USER_IN_BLOCKLIST From: user is listed in the block-list
100 USER_IN_BLACKLIST DEPRECATED: See USER_IN_BLOCKLIST
1.7 DEAR_SOMETHING BODY: Contains 'Dear (something)'
0.0 RCVD_IN_VALIDITY_CERTIFIED_BLOCKED RBL: ADMINISTRATOR NOTICE:
The query to Validity was blocked. See
Validity Help Center
for more information.
[185.249.220.116 listed in sa-trusted.bondedsender.org]
0.0 RCVD_IN_VALIDITY_RPBL_BLOCKED RBL: ADMINISTRATOR NOTICE: The
query to Validity was blocked. See
Validity Help Center
for more information.
[185.249.220.116 listed in bl.score.senderscore.com]
0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record
0.2 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level
mail domains are different
-0.0 SPF_PASS SPF: sender matches SPF record
0.1 MIME_HTML_MOSTLY BODY: Multipart message mostly text/html MIME
0.0 HTML_MESSAGE BODY: HTML included in message
0.0 HTML_FONT_LOW_CONTRAST BODY: HTML font color similar or
identical to background
-0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from
envelope-from domain
0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily
valid
-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
0.0 UNPARSEABLE_RELAY Informational: message has unparseable relay
lines
-0.0 DKIMWL_WL_MED DKIMwl.org - Medium trust sender

The original message was not completely plain text, and may be unsafe to
open with some email clients; in particular, it may contain a virus,
or confirm that your address can receive spam. If you wish to view
it, it may be safer to save it to a file and open it with an editor.
 
Change Maker said:
Does anyone think the actions they suggested, would stop that message coming to my inbox?
Thanks
Click to expand...
No.
You are getting that message because the server detected an incoming mail as spam and lists the reasons for the classification and their respective score.
Blocked RBL queries do not count towards the score (they're all listed as 0.0), so it means that mail does already get a high score from the other tests.
This particular mail got its score mostly from appearing on your own blacklist:
100 USER_IN_BLACKLIST DEPRECATED: See USER_IN_BLOCKLIST
 
Ok. So my blacklist is good, but is it necessary to get these emails, or is this just normal. I just want to ensure I'm doing all I can.
Thanks for your clarity.
 
The bounce was caused by the recipient email address block rule, as pointed out by mow. Your email address was added to the recipient email address blacklist.

1729075589870.png

Generally speaking, I recommend setting What to do with messages classified as spam to Move spam to the Spam folder.

All the RBL checks have a 0 score because the nameserver used by the remote server to check your server IP address against RBL lists DNS servers reached the fair usage requests limit.

If you see the same in received email headers you might want to use your own Plesk server address or your hosting provider nameserver.
 
Apologies for the delay.
So I believe what you illustrated refers to using Plesk Email.
I'm not using that so I don't have the option on my email.
Is there somewhere else this can be configured.
1730330700425.png
 
Sorry. I did find this option in Mail Settings.
1730331018252.png
It wasn't switched on and I've just done that. So will this help and/or do I need to put something in the DNS Zones?
Thanks
 
You must log in or register to reply here.

Similar threads

L
Issue Daily Maintenance Script Spawns Off A Bunch Of PHP-FPM processes Leading To Huge Load Spike
Replies
2
Views
364
Ladylinux
L
O
Question How Can I Set Up Email Notifications in Plesk to Alert Me About Issues with the "Locate My Postal Code" Tool?
Replies
0
Views
523
OusmaneKannon
O
K
Question Error message during Plesk Updates “Warning: install PAM module not successed” (PAMConfig.confset.PAMServiceError: system-auth)
Replies
0
Views
595
kosmos
K
T
Question Plesk Email Security - how/where to adjust spam assassin its score points
Replies
2
Views
1K
danami
danami
T
Issue Node.js - Domain names not resolved correctly when performing local GET requests during build-time
Replies
1
Views
1K
tacriela
T
Back
Top