Using the RelayCountry plugin
The RelayCountry plugin exposes the countries that a mail was relayed from – turn it on by reading that documentation page, installing the required CPAN module (see below), and uncommenting the 'loadplugin' line in the /etc/mail/spamassassin/init.pre
file for Mail::SpamAssassin::Plugin::RelayCountry
.
Required CPAN module dependencies, choose one:
GeoIP2::Reader::Database | Supported since SpamAssassin 3.4.2, install MaxMind::DB::Reader::XS for best performance |
IP::Country::DB_File | Supported since SpamAssassin 3.4.2 |
Geo::IP | Supported since SpamAssassin 3.4.0 |
IP::Country::Fast | Not recommended, outdated |
Country metadata will also be added to the Bayesian filtering process, allowing it to learn information based on countries.
You can also write rules that match specific countries and add them to your /etc/mail/spamassassin/local.cf
file. For example:
No Format |
---|
header RELAYCOUNTRY_BAD X-Relay-Countries =~ /CN/
describe RELAYCOUNTRY_BAD Relayed through China at some point
score RELAYCOUNTRY_BAD 3.0
header RELAYCOUNTRY_GOOD X-Relay-Countries =~ /^(FI|SE)/
describe RELAYCOUNTRY_GOOD First untrusted relay is Finland or Sweden :-)
score RELAYCOUNTRY_GOOD -0.2
|
...
It's also possible to add a separate MIME header that shows all the message's relay countries, independent of the rules:
No Format |
---|
add_header all Relay-Country _RELAYCOUNTRY_
|
This will show up in your MIME headers as:
No Format |
---|
X-Spam-Relay-Country: US CN RU
|
...
Perhaps the easiest to install, since most distributions package these.
Note that Geo::IP updates are discontinued since April 2018, so you should use the new GeoIP2 (MMDB) databases. Free and commercial versions can be found from several vendors:
...
UPDATE: Maintained legacy Geo::IP databases can be downloaded from several 3rd party sites:
Note about IP::Country::DB_File
This module does not come with a database or update mechanism, but it is quite easy and fast to create yourself (it does need a bit of hacking, mentioned urls are outdated).
Easier way is to download a daily generated database, sponsored by HenrikKrohns:
...
Here you can download occasionally updated files:
The gunzipped file can be placed anywhere, just let SpamAssassin know where it is (country_db_path setting).
...
The database consists of files named cc.gif and ip.gif. You can find the path with this command:
No Format |
---|
$ perl -MIP::Country::Fast -e '$_=$INC{"IP/Country/Fast.pm"};s/\.pm/\n/;print';
|
Updating the database files requires entering dbmScripts directory in IP::Country::Fast sources and running whois_filenames, ipcc_loader.pl and ipcc_maker.pl scripts in that order. Note that the build can use up to 2GB of system memory. The files must be put in directory mentioned above, it is not configurable.
Here you can download occasionally updated files sponsored by HenrikKrohns:http