You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Pierre Thomson <Pi...@bruderhof.com> on 2005/11/11 22:58:22 UTC
RE: What countries to block ?
Backing up about a light year here, and ignoring all philosophical arguments, I'll offer my list of _scored_ (not blocked) countries. This is, of course, specific to our situation:
CN TW RU UA BR
I use the RelayCountry plugin for this, and assign it a rather low score. It DOES help.
Pierre
-----Original Message-----
From: Jerry [mailto:admin@mybloo.com]
Sent: Friday, November 11, 2005 12:11 PM
To: spam
Subject: What countries to block ? and detectng Trojan attachments?
We are getting a lot of spam mail from countries outside of the US. Anyone
have a list of what country domain extensions are fairly Ok to block? We
don't have a lot of users whoreceive mail from outside the US. We'd like to
cut down onspam/spoof/virus messages.
Currently I am blocking all mails from = *.nl *.br *.ch etc..
Also, Is there a special rule to detect messages like the one below?
Thanks
Re: What countries to block ?
Posted by Andrzej Adam Filip <an...@xl.wp.pl>.
Matt Kettler wrote:
> Pierre Thomson wrote:
>
>>Backing up about a light year here, and ignoring all philosophical arguments, I'll offer my list of _scored_ (not blocked) countries. This is, of course, specific to our situation:
>>
>>CN TW RU UA BR
>>
>>I use the RelayCountry plugin for this, and assign it a rather low score. It DOES help.
>>
>
>
> I do a lot of that too. I even have a few in there with 0.01 scores just for
> informational purposes. (GB, ES, FR, DE, etc)
>
>
> Of the rules with scores >0.1, I'm currently seeing the most spam activity from
> CN and KR, followed by IL, PL, JP, RU, RO,and BR, in that order. CN and KR are
> both higher than all the others by a factor of at least 2.
>
> Some quick Short term spam/ham counts (These numbers are for my site, YMMV
> greatly depending on userbase):
>
> CN = 240/2
> KR = 155/0
> IL = 61/2
> PL = 56/5
> JP = 46/1
> RU = 43/2
> RO = 42/4
> BR = 30/9
>
>
> Since I do often see mailing list posts from people in these countries,
> especially BR, so I can't be heavy-handed with the scoring. However, a little
> 0.5 to 1.0 nudge is helpful, and RelayCountry is low-overhead (not DNS based)
>
>
> Here's a handful of rules I'm using atm:
> [...]
Have you tried to use AS scoring instead of (or together with) country
scoring? [AS = Autonoumous (Routing) System]
IMHO it is not a bad idea to give incetives to good ISP in a bad countries.
--
[en: Andrew] Andrzej Adam Filip : anfi@priv.onet.pl : anfi@xl.wp.pl
http://anfi.homeunix.net/ Netcraft Site Rank: 466219
All that is necessary for the triumph of evil is that good men do nothing
-- Edmund Burke, 18th century
Re: What countries to block ?
Posted by Matt Kettler <mk...@evi-inc.com>.
Pierre Thomson wrote:
> Backing up about a light year here, and ignoring all philosophical arguments, I'll offer my list of _scored_ (not blocked) countries. This is, of course, specific to our situation:
>
> CN TW RU UA BR
>
> I use the RelayCountry plugin for this, and assign it a rather low score. It DOES help.
>
I do a lot of that too. I even have a few in there with 0.01 scores just for
informational purposes. (GB, ES, FR, DE, etc)
Of the rules with scores >0.1, I'm currently seeing the most spam activity from
CN and KR, followed by IL, PL, JP, RU, RO,and BR, in that order. CN and KR are
both higher than all the others by a factor of at least 2.
Some quick Short term spam/ham counts (These numbers are for my site, YMMV
greatly depending on userbase):
CN = 240/2
KR = 155/0
IL = 61/2
PL = 56/5
JP = 46/1
RU = 43/2
RO = 42/4
BR = 30/9
Since I do often see mailing list posts from people in these countries,
especially BR, so I can't be heavy-handed with the scoring. However, a little
0.5 to 1.0 nudge is helpful, and RelayCountry is low-overhead (not DNS based)
Here's a handful of rules I'm using atm:
# informational, mostly for statistical purposes
header RELAY_ES X-Relay-Countries=~/\bES\b/
describe RELAY_ES Relayed through Spain
score RELAY_ES 0.01
header RELAY_UK X-Relay-Countries=~/\bGB\b/
describe RELAY_UK Relayed through Brittan
score RELAY_UK 0.01
header RELAY_FR X-Relay-Countries=~/\bFR\b/
describe RELAY_FR Relayed through France
score RELAY_FR 0.01
header RELAY_DE X-Relay-Countries=~/\bDE\b/
describe RELAY_DE Relayed through Germany
score RELAY_DE 0.01
header RELAY_AT X-Relay-Countries=~/\bAT\b/
describe RELAY_AT Relayed through Austria
score RELAY_AT 0.01
# countries prone to abuse and low legit mail volume
# can't count these as spam outright as there is legitamate mail here
# but a slight bias is in order for countries with high spam:ham ratios
header RELAY_TW X-Relay-Countries=~/\bTW\b/
describe RELAY_TW Relayed through Taiwan
score RELAY_TW 0.5
header RELAY_JP X-Relay-Countries=~/\bJP\b/
describe RELAY_JP Relayed through Japan
score RELAY_JP 0.5
header RELAY_AR X-Relay-Countries=~/\bAR\b/
describe RELAY_AR Relayed through Argentina
score RELAY_AR 0.5
header RELAY_BR X-Relay-Countries=~/\bBR\b/
describe RELAY_BR Relayed through Brazil
score RELAY_BR 0.5
header RELAY_RU X-Relay-Countries=~/\bRU\b/
describe RELAY_RU Relayed through Russia
score RELAY_RU 0.5
header RELAY_RO X-Relay-Countries=~/\bRO\b/
describe RELAY_RO Relayed through Romania
score RELAY_RO 0.5
header RELAY_PL X-Relay-Countries=~/\bPL\b/
describe RELAY_PL Relayed through Poland
score RELAY_PL 0.5
header RELAY_IL X-Relay-Countries=~/\bIL\b/
describe RELAY_IL Relayed through Israel
score RELAY_IL 0.5
header RELAY_HU X-Relay-Countries=~/\bHU\b/
describe RELAY_HU Relayed through Hungary
score RELAY_HU 1.0
header RELAY_NG X-Relay-Countries=~/\bNG\b/
describe RELAY_NG Relayed through Nigeria
score RELAY_NG 0.5
header RELAY_PK X-Relay-Countries=~/\bPK\b/
describe RELAY_PK Relayed through Pakistan
score RELAY_PK 0.5
header RELAY_KP X-Relay-Countries=~/\bKP\b/
describe RELAY_KP Relayed through North Korea
score RELAY_KP 0.5
#more severe cases of the same..
header RELAY_CN X-Relay-Countries=~/\bCN\b/
describe RELAY_CN Relayed through china
score RELAY_CN 1.0
header RELAY_KR X-Relay-Countries=~/\bKR\b/
describe RELAY_KR Relayed through Korea
score RELAY_KR 1.0