The \[http://spamassassin.apache.org/full/3.0.x/dist/doc/Mail_SpamAssassin_Plugin_RelayCountry.html RelayCountry\] plugin exposes the countries that a mail was relayed from -- turn it on by reading that documentation page, installing the required CPAN module {{IP::Country::Fast}}, and uncommenting the 'loadplugin' line in the {{/etc/mail/spamassassin/init.pre}} file for {{Mail::SpamAssassin::Plugin::RelayCountry}}. |
The \[http://spamassassin.apache.org/full/3.0.x/dist/doc/Mail_SpamAssassin_Plugin_RelayCountry.html RelayCountry\] plugin will add metadata to the Bayesian filtering process, allowing the Bayesian filters to learn information based on countries. |
When using SA 3.1.0, you can also write rules that match specific countries and add them to your /etc/mail/spamassassin/local.cf
file. For example:
header RELAYCOUNTRY_CN X-Relay-Countries =~ /CN/ describe RELAYCOUNTRY_CN Relayed through China score RELAYCOUNTRY_CN 3.0 header RELAYCOUNTRY_RU X-Relay-Countries =~ /RU/ describe RELAYCOUNTRY_RU Relayed through Russian Federation score RELAYCOUNTRY_RU 2.0 |
You can get a list of IANA country codes from \[http://www.iana.org/cctld/cctld-whois.htm\]. You can get a list of countries that statistically relay most of the spam by looking at the source file for \[http://svn.apache.org/repos/asf/spamassassin/branches/3.1/lib/Mail/SpamAssassin/EvalTests.pm SpamAssassin::EvalTests.pm\] and reading the comments surrounding {{$CCTLDS_WITH_LOTS_OF_OPEN_RELAYS}}. |
Also for 3.1.0, you can apply a patch \[http://bugzilla.spamassassin.org/show_bug.cgi?id=3815\] which will allow you to add a separate MIME header that shows all the message's relay countries, independent of the rules. |
add_header all Relay-Country _RELAYCOUNTRY_ |
and this will show up in your MIME headers as:
X-Spam-Relay-Country: US CN RU |