You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Alex <my...@gmail.com> on 2020/10/25 17:50:16 UTC
Blocking by country/ASN/IP/domain
Hi, I have a spamassassin-3.4.4 install with amavisd-2.12 and postfix
on fedora32 and would like to be able to block email from an entire
country on a per-user or per-domain basis. What is the best way to do
this?
I'm currently using the RelayCountry plugin and Amavis::Custom to add
an X-Relay-Countries header to each email, and have a series of rules
of the form:
header RELAYCOUNTRY_JP X-Relay-Countries =~ /JP/
describe RELAYCOUNTRY_JP Relayed through Japan
score RELAYCOUNTRY_JP 0.1
I've also been considering blocking by ASN or IP, but I believe it
would be the same problem just presented in a different way.
How do I tie this into amavisd so that I can allow individual users to
control their own email? Perhaps this is done in a policy_bank?
Perhaps I would analyze the X-Relay-Countries header directly instead
of processing the resulting RELAYCOUNTRY_JP rule, for example?
Re: Blocking by country/ASN/IP/domain
Posted by Peter Blair <pe...@petermblair.com>.
At 25 October, 2020 Marc Roos wrote:
> From: Marc Roos <M....@f1-outsourcing.eu>
> To: mysqlstudent <my...@gmail.com>, users
> <us...@spamassassin.apache.org>
> Date: Sun, 25 Oct 2020 18:57:27 +0100
> X-Spam-Status: No, score=-13.2 required=4.0
> tests=HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,
> RCVD_IN_DNSWL_HI,RCVD_IN_MSPIKE_H2,SPF_HELO_PASS,SPF_PASS,
> URIBL_BLOCKED,URIBL_SBL_A,USER_IN_DEF_SPF_WL autolearn=ham
> autolearn_force=no version=3.4.4
> Subject: RE: Blocking by country/ASN/IP/domain
>
>
> I have been looking into exactly the same, don't know how I am going to
> implement it still. What I know for now.
You can use one of the DNSBL country zones, ie:
https://dino.ciuffetti.info/2011/08/dnsbl-geoip-service-at-countries-nerd-dk/
$ dig TXT 201.65.24.151.zz.countries.nerd.dk +short [12:00:
"it"
Shows that the IP address belongs to IT. And if we want to confirm that
this IP hits the IT zone:
$ dig 201.65.24.151.it.countries.nerd.dk +short
127.0.0.2
Just add those to your spamassassin DNSBL list for whichever country
codes you don't want mail from.
RE: Blocking by country/ASN/IP/domain
Posted by Marc Roos <M....@f1-outsourcing.eu>.
I have been looking into exactly the same, don't know how I am going to
implement it still. What I know for now.
This is how you can get info on a netblock owner.
[@]$ dig +short -t txt 80.53.103.176.origin.asn.cymru.com
'48031 | 176.103.48.0/20 | UA | ripencc | 2011-12-09'
You can then either decide to mark everything as spam with spamassassin
or block reject it via a milter or so. Combined with this you can then
whitelist only this networks official outgoing smtp servers.
-----Original Message-----
From: Alex [mailto:mysqlstudent@gmail.com]
Sent: Sunday, October 25, 2020 6:50 PM
To: SA Mailing list
Subject: Blocking by country/ASN/IP/domain
Hi, I have a spamassassin-3.4.4 install with amavisd-2.12 and postfix on
fedora32 and would like to be able to block email from an entire country
on a per-user or per-domain basis. What is the best way to do this?
I'm currently using the RelayCountry plugin and Amavis::Custom to add an
X-Relay-Countries header to each email, and have a series of rules of
the form:
header RELAYCOUNTRY_JP X-Relay-Countries =~ /JP/
describe RELAYCOUNTRY_JP Relayed through Japan
score RELAYCOUNTRY_JP 0.1
I've also been considering blocking by ASN or IP, but I believe it would
be the same problem just presented in a different way.
How do I tie this into amavisd so that I can allow individual users to
control their own email? Perhaps this is done in a policy_bank?
Perhaps I would analyze the X-Relay-Countries header directly instead of
processing the resulting RELAYCOUNTRY_JP rule, for example?