Senderscore Blacklist / Blocklist because of Excessive number of queries

Daz · July 13, 2024, 3:10pm

My YunoHost server

Hardware: VPS bought online (Hetzner)
YunoHost version: 11.2.20.2
I have access to my server : Through SSH | through the webadmin
Are you in a special context or did you perform some particular tweaking on your YunoHost instance ? : no

Description of my issue

Hello, I run 2 servers which are Hetzner VPS, and a 3rd one which is a OVH VPS.
Since 2 weeks approx. , the diagnosis tool rises an issue on my Hetzner VPS’ (not on the OVH one):

=================================
Email (mail)
=================================

[ERROR] Your IP or domain XXXXXX is blacklisted on SenderScore Blacklist
  - The blacklist reason is: "Excessive Number of Queries | https://knowledge.validity.com/hc/en-us/articles/20961730681243"
  - After identifying why you are listed and fixing it, feel free to ask for your IP or domain to be removed on https://senderscore.com

Of course I am not spamming anybody, so I don’t understand the “Excessive number of queries” assessment…

I already asked to remove the IP from the blocklist on Senderscore, but it didn’t work.
(BTW senserscore looks like a pay-to-be-in-the- whitelist company who puts everyone on the blocklist by default, I don’t like the feeling of their unblocking process)

Did some people experiment that problem too ? Is it a Hetzner specific issue ? How could I investigate the issue deeper ?

Guygoye · July 13, 2024, 4:10pm

Hello,

I had the same problem with my server on RPi 4 at home with a VPN.
However, I was able to remove it from the black list. I don’t understand this fault either. I haven’t been blacklisted since.

rodinux · July 16, 2024, 9:49am

Hello, I have this message on a OVH server… @Guygoye , how you have been able to remove it from black list ??

Guygoye · July 16, 2024, 11:43am

Hello,

I went to the Sender Score site, in the ‘Act’ tab, then I clicked on ‘Blocklist remover’.

rodinux · July 16, 2024, 2:45pm

Ok, Thanks… Well, it was just a temporally warning or diagnostic error ???

titigab · July 18, 2024, 11:46am

I also received theses notifications from Yunohost.
I tried to go through the Blocklist Remover but didn’t, because it really looked like a phishing website asking way too much personal info without giving me any sign it was related to a domain or anything…

Notifications are now gone without my intervention.

Guygoye · July 18, 2024, 1:31pm

I had same message and I asked to me same question as you.

As @titigab said, it makes you wonder if this isn’t an attempt at phishing.

Hurdle · July 19, 2024, 11:10pm

Hello self hosters,

Got the error in the logs today, again.
During the last two month’s I have seen the same error a few times. The next day Diagnosis results are ok again, so tomorrow will tell for this one.

Undertaken Actions:

Tested the Yunohost server via https://Internet.nl (ok).
Checked blacklisting of domain’s ipv4 and ipv6 at https://mxtoolbox.com (ok).

VPS: xen amd64
yunohost version: 11.2.22 (stable)
Will give it another try tomorrow and let you the results.

12 hours later:
Diagnosis: Everything ok again.

Cheers,
Hurdle

metyun · July 21, 2024, 12:00pm

i receive this notification from the diagnostic today.
Is it a false positive?
It seems i receive and can send mails without problems (of course i didn’t test all mails but some commons domains)

JfmbLinux · July 21, 2024, 9:53pm

I see I’m not the only one, I have the same problem.
I admit I don’t understand.

crustyourmind · July 22, 2024, 6:20am

Me too
I’ve asked to remove to blacklist yesterday, same issue today …

jarod5001 · July 22, 2024, 7:07am

I have also received this warning. In the diagnosis I read : The blacklist reason is: “Excessive Number of Queries | Validity Help Center”

I followed the link and found :

Starting March 1, 2024, Validity will allow up to 10,000 requests to anonymous users over a 30-day period. After 10,000 requests, you must create a MyValidity account to continue using this free service. Upon the creation of a MyValidity account, you will receive continued access to queries.

To avoid excessive queries, Validity recommends avoiding public DNS resolvers. Instead, run a local caching, non-forwarding DNS server as the system resolver on your mail server.

milouse · July 22, 2024, 7:39am

I all, I also received this notification email.

At first I thought it was directly linked somehow to postfix (mail server), but it doesn’t look so. Thus I search for senderscore into yunohost data files and found it in the file /usr/share/yunohost/dnsbl_list.yml

I have no idea what is the purpose of this file, but as it’s only data and looks like a database of services to use to check IP reputation, I just commented out the block about senderscore. Let see if I continue to receive such emails or not.

JfmbLinux · July 22, 2024, 9:05am

I received an email again today telling me the same thing, but when I make a diagnosis, everything is OK!

JfmbLinux · July 22, 2024, 9:23am

“Excessive Number of Queries”
What they want is to create an account with them.
A service that is hosted by Amazon and uses Google tag manager… everything you need to trust them

Daz · July 22, 2024, 10:08am

To your understanding, what is named a “request” here ? Does Yunohost send queries to this service ? And for what purpose ?

And how about the solution of having a local DNS resolver as suggested ? Is it easy to set up, what are the pros and cons ?

deljones · July 22, 2024, 10:14am

@JfmbLinux same here. Nothing in the diagnostics, yet the email is from diagnostics@myhostname. I only host my own email, which is small, a couple of websites and a nextcloud file sync thing. I hardly have an “Excessive Number of Queries” Sounds like a scam to me.

If I run my domain name through all the “known” DNS and mail checkers, I get a green tick on everything.

Is this not a kind of spam?

Dj

deljones · July 22, 2024, 10:17am

@jarod5001 Funny as it may seem, before I got this odd email, I was considering a “pinhole” and host my own DNS server. Is that considered local?

I use a pi as a VPN server right now so I can do all the admin remotely. I can put both on.

An option maybe?

Dj

JfmbLinux · July 22, 2024, 10:24am

Same thing, I use it for Nextcloud, for the synchronization of my files…
I don’t have a website, I installed SearXNG, but I’ve been using it for quite a while and strangely, I have a friend who also has Nextcloud, but not SearXNG and has the same warning emails.
So I don’t think it’s coming from SearXNG.

milouse · July 22, 2024, 11:01am

I just open a merge request on yunohost repository.

I really think the issue is best described by @jarod5001 and is due to the fact the check endpoint of senderscore is now behind a fair-use paywall we explode with the yunohost checking process.

As yunohost already check its status through several other services, removing one does not seems to be a problem for me.

Said otherwise: the email we are receiving is NOT about our own server being actually blocked or something. The email just warn us that we are blocked to check whether we are blocked or not ^^