Using the RelayCountry plugin
The [http://spamassassin.apache.org/full/3.0.x/dist/doc/Mail_SpamAssassin_Plugin_RelayCountry.html RelayCountry] plugin exposes the countries that a mail was relayed from – turn it on by reading that documentation page, installing the required CPAN module IP::Country::Fast
, and uncommenting the 'loadplugin' line in the /etc/mail/spamassassin/init.pre
file for Mail::SpamAssassin::Plugin::RelayCountry
.
The [http://spamassassin.apache.org/full/3.0.x/dist/doc/Mail_SpamAssassin_Plugin_RelayCountry.html RelayCountry] plugin will add metadata to the Bayesian filtering process, allowing the Bayesian filters to learn information based on countries.
When using SA 3.1.0, you can also write rules that match specific countries, e.g.:
header RELAYCOUNTRY_CN X-Relay-Countries =~ /CN/ describe RELAYCOUNTRY_CN Relayed through China score RELAYCOUNTRY_CN 3.0 header RELAYCOUNTRY_RU X-Relay-Countries =~ /RU/ describe RELAYCOUNTRY_RU Relayed through Russian Federation score RELAYCOUNTRY_RU 2.0
You can get a list of IANA country codes from [http://www.iana.org/cctld/cctld-whois.htm]. You can get a list of countries that statistically relay most of the spam by looking at the source file for lib/Mail/SpamAssassin/EvalTests.pm
and reading the comments surrounding $CCTLDS_WITH_LOTS_OF_OPEN_RELAYS
.
Also for 3.1.0, you can apply a patch [http://bugzilla.spamassassin.org/show_bug.cgi?id=3815] which will allow you to add a separate MIME header that shows all the message's relay countries, independent of the rules.
add_header all Relay _RELAYCOUNTRY_
and this will show up in your MIME headers as:
X-Spam-Relay: US CN RU