Re: Blocking by country/ASN/IP/domain
At 25 October, 2020 Marc Roos wrote: > From: Marc Roos > To: mysqlstudent , users > > Date: Sun, 25 Oct 2020 18:57:27 +0100 > X-Spam-Status: No, score=-13.2 required=4.0 > tests=HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI, > RCVD_IN_DNSWL_HI,RCVD_IN_MSPIKE_H2,SPF_HELO_PASS,SPF_PASS, > URIBL_BLOCKED,URIBL_SBL_A,USER_IN_DEF_SPF_WL autolearn=ham > autolearn_force=no version=3.4.4 > Subject: RE: Blocking by country/ASN/IP/domain > > > I have been looking into exactly the same, don't know how I am going to > implement it still. What I know for now. You can use one of the DNSBL country zones, ie: https://dino.ciuffetti.info/2011/08/dnsbl-geoip-service-at-countries-nerd-dk/ $ dig TXT 201.65.24.151.zz.countries.nerd.dk +short [12:00: "it" Shows that the IP address belongs to IT. And if we want to confirm that this IP hits the IT zone: $ dig 201.65.24.151.it.countries.nerd.dk +short 127.0.0.2 Just add those to your spamassassin DNSBL list for whichever country codes you don't want mail from.
RE: Blocking by country/ASN/IP/domain
I have been looking into exactly the same, don't know how I am going to implement it still. What I know for now. This is how you can get info on a netblock owner. [@]$ dig +short -t txt 80.53.103.176.origin.asn.cymru.com '48031 | 176.103.48.0/20 | UA | ripencc | 2011-12-09' You can then either decide to mark everything as spam with spamassassin or block reject it via a milter or so. Combined with this you can then whitelist only this networks official outgoing smtp servers. -Original Message- From: Alex [mailto:mysqlstud...@gmail.com] Sent: Sunday, October 25, 2020 6:50 PM To: SA Mailing list Subject: Blocking by country/ASN/IP/domain Hi, I have a spamassassin-3.4.4 install with amavisd-2.12 and postfix on fedora32 and would like to be able to block email from an entire country on a per-user or per-domain basis. What is the best way to do this? I'm currently using the RelayCountry plugin and Amavis::Custom to add an X-Relay-Countries header to each email, and have a series of rules of the form: header RELAYCOUNTRY_JP X-Relay-Countries =~ /JP/ describeRELAYCOUNTRY_JP Relayed through Japan score RELAYCOUNTRY_JP 0.1 I've also been considering blocking by ASN or IP, but I believe it would be the same problem just presented in a different way. How do I tie this into amavisd so that I can allow individual users to control their own email? Perhaps this is done in a policy_bank? Perhaps I would analyze the X-Relay-Countries header directly instead of processing the resulting RELAYCOUNTRY_JP rule, for example?