Using the RelayCountry plugin
The [http://spamassassin.apache.org/full/3.0.x/dist/doc/Mail_SpamAssassin_Plugin_RelayCountry.html RelayCountry] plugin exposes the countries that a mail was relayed from – turn it on by reading that documentation page, installing the required CPAN module IP::Country::Fast
, and uncommenting the 'loadplugin' line in the /etc/mail/spamassassin/init.pre
file for Mail::SpamAssassin::Plugin::RelayCountry
.
The [http://spamassassin.apache.org/full/3.0.x/dist/doc/Mail_SpamAssassin_Plugin_RelayCountry.html RelayCountry] plugin will add metadata to the Bayesian filtering process, allowing the Bayesian filters to learn information based on countries.
---- Edit conflict - other version: ----
When using SA 3.1.0, you can also write rules that match specific countries and add it to your /etc/mail/local.cf
file. For example:
---- Edit conflict - your version: ----
When using SA 3.1.0, you can also write rules that match specific countries and add it to your /etc/mail/spamassassin/local.cf
file. For example:
---- End of edit conflict ----
header RELAYCOUNTRY_CN X-Relay-Countries =~ /CN/ describe RELAYCOUNTRY_CN Relayed through China score RELAYCOUNTRY_CN 3.0 header RELAYCOUNTRY_RU X-Relay-Countries =~ /RU/ describe RELAYCOUNTRY_RU Relayed through Russian Federation score RELAYCOUNTRY_RU 2.0
You can get a list of IANA country codes from [http://www.iana.org/cctld/cctld-whois.htm]. You can get a list of countries that statistically relay most of the spam by looking at the source file for [http://svn.apache.org/repos/asf/spamassassin/branches/3.1/lib/Mail/SpamAssassin/EvalTests.pm SpamAssassin::EvalTests.pm] and reading the comments surrounding $CCTLDS_WITH_LOTS_OF_OPEN_RELAYS
.
Also for 3.1.0, you can apply a patch [http://bugzilla.spamassassin.org/show_bug.cgi?id=3815] which will allow you to add a separate MIME header that shows all the message's relay countries, independent of the rules.
---- /!\ '''Edit conflict - other version:''' ---- add_header all Relay-Country _RELAYCOUNTRY_ ---- /!\ '''Edit conflict - your version:''' ---- add_header all Relay-Country _RELAYCOUNTRY_ ---- /!\ '''End of edit conflict''' ----
and this will show up in your MIME headers as:
---- /!\ '''Edit conflict - other version:''' ---- X-Spam-Relay-Country: US CN RU
---- Edit conflict - your version: ----
X-Spam-Relay-Country: US CN RU
}}}
---- End of edit conflict ----