Flag mail from certain country codes.

[joea <jo...@j4computers.com>]

I find some SPAM slips through un marked, mostly from certain country codes (in the senders email address/domain). 

I was thinking of a regex to taste and paste (say add 5 to SPAM score), but don't really want to reinvent a wheel.   Or run over my own toes.  

I did find a plug in or two, but these seem to rely on checking the IP of sender or relay.   Since my mail collects at a mail provider, I fetch(mail)  it and pass it on to a box running spamassassin, they might not work un-hacked, in any case.

Direction?

Re: Flag mail from certain country codes.

[Martin Gregorie <ma...@gregorie.org>]

On Sun, 2012-04-08 at 16:14 -0400, joea wrote:
> I was thinking of a regex to taste and paste (say add 5 to SPAM
> score), but don't really want to reinvent a wheel.   Or run over my
> own toes.  
> 
What will work for you depends a lot on what your ham stream contains.
For instance, I've started to get spam from Russia, and even the old .su
domain, recently. I have about three Russian correspondents, so a good
solution for me is a meta-rule that applies a high score to all mail
from .ru and .su domains except when its from my named correspondents.
While this is a good solution for me, it would be terrible for a site
that does a lot of business with Russian companies or a person with a
lot of Russian friends.

> I did find a plug in or two, but these seem to rely on checking the IP
> of sender or relay.   Since my mail collects at a mail provider, I
> fetch(mail)  it and pass it on to a box running spamassassin, they
> might not work un-hacked, in any case.
> 
I only added this rule when it became apparent that the 'ok_locales'
directive no longer works well: this is something to do with the
widespread use of utf-8 encoding IIRC. This has been discussed here, so
searching the list archives for relevant threads may help you decide
which way to jump.
 
Martin

Re: Flag mail from certain country codes.

[Benny Pedersen <me...@junc.org>]

Den 2012-04-08 22:14, joea skrev:
> I find some SPAM slips through un marked, mostly from certain country
> codes (in the senders email address/domain).

pastebin is hungry

> I was thinking of a regex to taste and paste (say add 5 to SPAM
> score), but don't really want to reinvent a wheel.   Or run over my
> own toes.

train bayes ham , bayes spam more with dovecot, dovecot-antispam

move the autolearn threshold lover than default so bayes do not say 
bayes 00 to spam that is untrained

using dspam with succes here

> I did find a plug in or two,

link ?

> but these seem to rely on checking the
> IP of sender or relay.

default with relaycountry in spamassassin, but do you like results of

ip2cc 2.104.223.10

if you do not see it, then you need to build updated db self

there is a new relaycountry2 that do use geoip database, but imho this 
is progressing work in sa 3.4.x

> Since my mail collects at a mail provider, I
> fetch(mail)  it and pass it on to a box running spamassassin, they
> might not work un-hacked, in any case.

make sure that trusted_networks is setup to include the host you 
fetchmail from aswell as your own ips listed in ifconfig

hope sa 3.4.x will have rfc1918 hardcoded internal_networks / 
trusted_networks, even if there is legit servers there it makes no point 
check dnsbl on them

> Direction?

you deside :)

Re: Flag mail from certain country codes.

[Mariusz Kruk <kr...@epsilon.eu.org>]

RelayCountry plugin does the work for you. You configure it to score certain relay countries (looked up by ip extracted from headers, not DNS domain of the sender) and it just does so. I've used it for few years and it works very well. (Since I don't expect any traffic at all from i.e. Vietnam, I give it 5 points. Countries my users do mail but not very often I score with 2 points).

-- 
Sent from my Android phone with K-9 Mail. Please excuse my brevity.

joea <jo...@j4computers.com> wrote:

I find some SPAM slips through un marked, mostly from certain country codes (in the senders email address/domain). 

I was thinking of a regex to taste and paste (say add 5 to SPAM score), but don't really want to reinvent a wheel. Or run over my own toes. 

I did find a plug in or two, but these seem to rely on checking the IP of sender or relay. Since my mail collects at a mail provider, I fetch(mail) it and pass it on to a box running spamassassin, they might not work un-hacked, in any case.

Direction?