You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Chris <Ch...@011005.com> on 2007/10/17 11:53:07 UTC

Bouncing or just *deleting* emails from certain countries

>On Mon, 20 Aug 2007, Chris wrote:
>
>> Does anyone know of a way, that whenever someone
emails
>> from say, for example, Nigeria, Korea, Russia and
>> China, the email either gets deleted by Spamassassin
*or* returned to them, saying
>> something like, "Email failed, no such email
address" please ?
>> 
>> Any help very much appreciated.
>>
>> Chris


>-----Original Message-----
>From: John D. Hardin [mailto:jhardin@impsec.org] 
>Sent: Monday, August 20, 2007 7:14 PM
>To: Chris
>Cc: users@spamassassin.apache.org
>Subject: Re: Bouncing emails from certain countries
>
>Here's what I do in SA:
>
>describe BL_COUNTRY_CN_1 Mail client in China
>header   BL_COUNTRY_CN_1 eval:check_rbl('china', 
>'cn.countries.nerd.dk')
>score    BL_COUNTRY_CN_1 0.5
>tflags   BL_COUNTRY_CN_1 net
>
>Substitute the ISO country code as needed.
>
>If you want a hard reject, just move the DNSBL check
into your MTA
>with whatever reject message you like (assuming your
MTA lets you
>customize that for DNSBLs).
>
>--
> John Hardin KA7OHZ
http://www.impsec.org/~jhardin/
> jhardin@impsec.org    FALaholic #11174     pgpk -a
jhardin@impsec.org
> key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C  AF76
D822 E6E6 B873 2E79
>------------------------------------------------------


Hi John, Many thanks for the input on this - it's very
much appreciated.

John, whereabouts *precisely* do I input the text below
please and is that all that needs to be done ?

>describe BL_COUNTRY_CN_1 Mail client in China
>header   BL_COUNTRY_CN_1 eval:check_rbl('china', 
>'cn.countries.nerd.dk')
>score    BL_COUNTRY_CN_1 0.5
>tflags   BL_COUNTRY_CN_1 net

My scenario is that my website is on shared hosting
servers, I don't have access to the root, but I do have
access to Spamassasin.

Chris.

Re: Bouncing or just *deleting* emails from certain countries

Posted by Matt Kettler <mk...@verizon.net>.
Chris wrote:
>> On Mon, 20 Aug 2007, Chris wrote:
>>
>>     
>>> Does anyone know of a way, that whenever someone
>>>       
> emails
>   
>>> from say, for example, Nigeria, Korea, Russia and
>>> China, the email either gets deleted by Spamassassin
>>>       
> *or* returned to them, saying
>   
>>> something like, "Email failed, no such email
>>>       
> address" please ?
>   
>>> Any help very much appreciated.

Generally speaking any delete, bounce or redirect action is something
completely beyond SA's power because it doesn't control the message
envelope. (although other tools with this power over the may take such
actions based on them).

However, your best bet is to implement a reject using a country-based
blacklist at your MTA layer. No spamassassin needed.

Don't bounce probable spam post-delivery. That just creates more
problems than it solves, as the return-path and from: headers will
generally point to some valid but innocent third-party (generally just
randomly grabbed from the same database of addresses that the spam is
being sent to).

Re: Bouncing or just *deleting* emails from certain countries

Posted by "John D. Hardin" <jh...@impsec.org>.
On Wed, 17 Oct 2007, Chris wrote:

> >> Does anyone know of a way, that whenever someone
> >> emails
> >> from say, for example, Nigeria, Korea, Russia and
> >> China, the email either gets deleted by Spamassassin
> 
> >-----Original Message-----
> >From: John D. Hardin [mailto:jhardin@impsec.org] 
> >Here's what I do in SA:
> >
> >describe BL_COUNTRY_CN_1 Mail client in China
> >header   BL_COUNTRY_CN_1 eval:check_rbl('china', 
> >'cn.countries.nerd.dk')
> >score    BL_COUNTRY_CN_1 0.5
> >tflags   BL_COUNTRY_CN_1 net
> >
> >Substitute the ISO country code as needed.
> 
> Hi John, Many thanks for the input on this - it's very
> much appreciated.
> 
> John, whereabouts *precisely* do I input the text below
> please and is that all that needs to be done ?
> 
> >describe BL_COUNTRY_CN_1 Mail client in China
> >header   BL_COUNTRY_CN_1 eval:check_rbl('china', 
> >'cn.countries.nerd.dk')
> >score    BL_COUNTRY_CN_1 0.5
> >tflags   BL_COUNTRY_CN_1 net
> 
> My scenario is that my website is on shared hosting
> servers, I don't have access to the root, but I do have
> access to Spamassasin.

Those are SpamAssassin rules, so they go in the local SpamAssassin
configuration file along with any other custom rules you have.  
Typically that's some .cf file under /etc/mail/spamassassin. Don't
alter the default config files that ship with SA - they will live
someplace like /usr/share/spamassassin/

Running

   spamassassin -D --lint

should tell you where the config files live.

--
 John Hardin KA7OHZ                    http://www.impsec.org/~jhardin/
 jhardin@impsec.org    FALaholic #11174     pgpk -a jhardin@impsec.org
 key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C  AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
  ...the Fates notice those who buy chainsaws...
                                              -- www.darwinawards.com
-----------------------------------------------------------------------
 13 days until Halloween