You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 8 Next »

Using the RelayCountry plugin

The [http://spamassassin.apache.org/full/3.0.x/dist/doc/Mail_SpamAssassin_Plugin_RelayCountry.html RelayCountry] plugin exposes the countries that a mail was relayed from – turn it on by reading that documentation page, installing the required CPAN module IP::Country::Fast, and uncommenting the 'loadplugin' line in the /etc/mail/spamassassin/init.pre file for Mail::SpamAssassin::Plugin::RelayCountry.

The [http://spamassassin.apache.org/full/3.0.x/dist/doc/Mail_SpamAssassin_Plugin_RelayCountry.html RelayCountry] plugin will add metadata to the Bayesian filtering process, allowing the Bayesian filters to learn information based on countries.

When using SA 3.1.0, you can also write rules that match specific countries, e.g.:

   header          RELAYCOUNTRY_CN X-Relay-Countries =~ /CN/
   describe        RELAYCOUNTRY_CN Relayed through China
   score           RELAYCOUNTRY_CN 3.0

   header          RELAYCOUNTRY_RU X-Relay-Countries =~ /RU/
   describe        RELAYCOUNTRY_RU Relayed through Russian Federation
   score           RELAYCOUNTRY_RU 2.0

You can get a list of IANA country codes from [http://www.iana.org/cctld/cctld-whois.htm]. You can get a list of countries that statistically relay most of the spam by looking at the source file for [http://svn.apache.org/repos/asf/spamassassin/branches/3.1/lib/Mail/SpamAssassin/EvalTests.pm SpamAssassin::EvalTests.pm] and reading the comments surrounding $CCTLDS_WITH_LOTS_OF_OPEN_RELAYS.

Also for 3.1.0, you can apply a patch [http://bugzilla.spamassassin.org/show_bug.cgi?id=3815] which will allow you to add a separate MIME header that shows all the message's relay countries, independent of the rules.

   add_header all Relay _RELAYCOUNTRY_

and this will show up in your MIME headers as:

   X-Spam-Relay: US CN RU
  • No labels