This shows a real spam collected in a user quarantine. This shows the headers of the messages with the X-MailCleaner anti spam tags and filtering process

Received: by mailcleaner.example.net stage2 with id 1WspLI-0005ch-V6
for <john.doe@example.net>; Fri, 06 Jun 2014 10:17:41 +0200
Received: from hermes.apache.org ([140.211.11.3] helo=mail.apache.org)
by mailcleaner.example.net stage1 with smtp
(Exim MailCleaner)
id 1WspLI-0005b4-9Q
for <john.doe@example.net>
from <users-return-103486-john.doe=example.net@spamassassin.apache.org>; Fri, 06 Jun 2014 10:17:40 +0200
Received: (qmail 27234 invoked by uid 500); 6 Jun 2014 08:17:33 -0000
X-MailCleaner-SPF: pass
Mailing-List: contact users-help@spamassassin.apache.org; run by ezmlm
Precedence: bulk
list-help: <mailto:users-help@spamassassin.apache.org>
list-unsubscribe: <mailto:users-unsubscribe@spamassassin.apache.org>
List-Post: <mailto:users@spamassassin.apache.org>
List-Id: <users.spamassassin.apache.org>
Delivered-To: mailing list users@spamassassin.apache.org
Received: (qmail 27227 invoked by uid 99); 6 Jun 2014 08:17:33 -0000
Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136)
by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 06 Jun 2014 08:17:33 +0000
X-ASF-Spam-Status: No, hits=1.3 required=10.0
tests=SPF_PASS,URI_HEX
X-Spam-Check-By: apache.org
Received-SPF: pass (athena.apache.org: local policy includes SPF record at spf.trusted-forwarder.org)
Received: from [216.139.236.26] (HELO sam.nabble.com) (216.139.236.26)
by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 06 Jun 2014 08:17:28 +0000
Received: from [192.168.236.26] (helo=sam.nabble.com)
by sam.nabble.com with esmtp (Exim 4.72)
(envelope-from <nab@brutsoft.com>)
id 1WspKm-0006rs-4x
for users@spamassassin.apache.org; Fri, 06 Jun 2014 01:17:08 -0700
Date: Fri, 6 Jun 2014 01:17:08 -0700 (PDT)
From: zespri <nab@brutsoft.com>
To: users@spamassassin.apache.org
Message-ID: <1402042628146-109466.post@n5.nabble.com>
In-Reply-To: <op.xg0wwcdgj10ho0@ajc6>
References: <1402011337879-109457.post@n5.nabble.com> <1402017932.4794.27.camel@monkey> <1402030100224-109460.post@n5.nabble.com> <op.xg0wwcdgj10ho0@ajc6>
Subject: Re: Why do I get both URIBL_DBL_SPAM and URIBL_BLOCKED?
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
X-Virus-Checked: Checked by ClamAV on apache.org
X-Commtouch-ctIPd-RefID: tid=0001.0A0B0302.53917925.00DC
X-Commtouch-ctasd-RefID: str=0001.0A0B0201.53917925.010D:SCGSTAT1067355,ss=1,re=0.000,recu=0.000,reip=0.000,cl=1,cld=1,fgs=1024
X-Commtouch: is not spam (Spam: Unknown, VOD: Medium)
X-NiceBayes: is not spam (66.29%)
X-Spamc: is spam (5.3/5.0)
X-MailCleaner-Information: Please contact support@example.net for more information
X-MailCleaner-ID: 1WspLI-0005ch-V6
X-MailCleaner: Found to be clean
X-MailCleaner-SpamCheck: spam, Spamc (score=5.3, required=5.0, DCC_CHECK 2.0,
URI_HEX 1.3, MC_NICEBAYES_60 2.0)
X-Auto-Response-Suppress: DR, NDR, RN, NRN, OOF, AutoReply

Anthony Cartmell-2 wrote
> The caching aspect isn't particularly relevant.
>
> The problem is that your ISP's name server will be querying the URIBL
> server on behalf of perhaps thousands of SpamAssassin instances on other
> machines. So it's blocked because it's making too many queries from a
> single IP address.

Yep, thank you, already figured this out. My problem was that I was not sure
how exactly DNS works, and by studying dnsmasq configuration I incorrectly
assumed that a dns server is always supposed to have an upstream server.
Apparently this is the case for dnsmasq but not the case in general. So now
with djbdns setup that I have in place that perform recursive queries
starting from the root servers this all makes sense. Thank you again.

--
View this message in context: http://spamassassin.1065346.n5.nabble.com/Why-do-I-get-both-URIBL-DBL-SPAM-and-URIBL-BLOCKED-tp109457p109466.html
Sent from the SpamAssassin - Users mailing list archive at Nabble.com.