SpamAssassin Rule: <RCVD_IN_PBL>

Standard description: Received via a relay in Spamhaus PBL


The PBL official page and description is here and that page can also be used to look up an IP in the PBL.

The Spamhaus PBL is a DNSBL database of end-user IP address ranges which should not be delivering unauthenticated SMTP email to any Internet mail server, except those provided for specifically by an ISP for that customer's use. The PBL helps networks enforce their Acceptable Use Policy for dynamic and non-MTA customer IP ranges.

In other words, it lists IP addresses that are not expected to host a normal mail server, and the PBL has Self-Service removal and IP owner management mechanisms.

Further Info

The default scores for this rule can be found in the online list of tests.

Common Problems

If this rule triggers based on mails received from large mail providers (eg. United Internet / GMX or Google), chances are that SpamAssassin has a wrong view of what constitutes the local network. Unless SpamAssassin runs on, for example, a United Internet server, the Received: lines indicating that some United Internet server has taken up the message from a dynamic IP (no matter what that line says about authentication credentials) should not be evaluated; RCVD_IN_PBL is a last_internal rule. (It should trigger, however, if a server under local administration has accepted the message from a dynamic IP without indicating that proper authentication has happened).

In such situations, make sure that the TrustPath is configured correctly, and that SpamAssassin is actually working on the right headers (which can be an issue with some spamass-milter configurations).


Rules/RCVD_IN_PBL (last edited 2015-03-10 20:47:16 by KevinMcGrail)