RE: Top spam hosters, how to decline email mentioning them
On Mon, 2007-10-22 at 11:55 +0200, Chris wrote:
[ snipp mangled full-quote ]
Is there any way, on shared servers, that I can use
SpamAssassin to delete email from China, Russia, Korea
and Japan please ?
No. SpamAssassin does not delete, nor reject mail. It merely tags mail.
However, your mail-processing chain can do any action, based upon that
tagging.
To detect the location of all mail relays, you can use the RelayCountry
plugin [1]. Based on the results, you can identify mail *from* these
countries, as you asked for. (Which is not the same as the thread you
replied to, which talks about links in the email body.)
Regarding shared servers, and if this is possible (for you): Dunno,
that depends on the details. You'll need the mentioned SA plugin, which
is not possible in the user configs, but needs to be included in the SA
configs. Whether you can do this or not pretty much depends on your
level of control over SA.
guenther
[1] http://wiki.apache.org/spamassassin/RelayCountryPlugin
--
char *t=[EMAIL PROTECTED];
main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;il;i++){ i%8? c=1:
(c=*++x); c128 (s+=h); if (!(h=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}
Re: Top spam hosters, how to decline email mentioning them
On Sat, 20 Oct 2007 23:27:41 -0500, Igor Chudov [EMAIL PROTECTED] wrote: I was looking at this article http://en.wikipedia.org/wiki/E-mail_spam It claims that only five countries are hosting 99.68% of the global spammer websites, of which the foremost is China, hosting 73.58% of all web sites referenced within spam.[30] I already refuse all email coming from China (and Korea). Never regretted this. Now, I also want to ignore all emails mentioning all China and Korea hosted websites (not just .cn, but also .coms and so on that have Chinese IPs). I will have to not do so with Russia hosted sites, due to me being a Russian by origin. Is there some tool that I could use to accomplish that? Perhaps it's a translation thing; but I was under the impression he wanted to drop these early, not run them through the entire mail/sa process first? (In defence of my MTA comments :-D) Nigel
Re: Top spam hosters, how to decline email mentioning them
Nigel Frankcom wrote the following on 10/21/2007 11:22 PM -0800: On Sat, 20 Oct 2007 23:27:41 -0500, Igor Chudov [EMAIL PROTECTED] wrote: I was looking at this article http://en.wikipedia.org/wiki/E-mail_spam It claims that only five countries are hosting 99.68% of the global spammer websites, of which the foremost is China, hosting 73.58% of all web sites referenced within spam.[30] I already refuse all email coming from China (and Korea). Never regretted this. Now, I also want to ignore all emails mentioning all China and Korea hosted websites (not just .cn, but also .coms and so on that have Chinese IPs). I will have to not do so with Russia hosted sites, due to me being a Russian by origin. Is there some tool that I could use to accomplish that? Perhaps it's a translation thing; but I was under the impression he wanted to drop these early, not run them through the entire mail/sa process first? (In defence of my MTA comments :-D) Nigel I don't how one could determine the IP address associated with a URL in the body of a message at the MTA level without accepting the message first for further processing. The best you could do at the MTA level is block URLs that have a certain extension like .cn, but that's not what the OP was asking for, and explicitly stated as much. Bill
Re: Top spam hosters, how to decline email mentioning them
On Mon, 22 Oct 2007 00:07:17 -0700, Bill Landry [EMAIL PROTECTED] wrote: I don't how one could determine the IP address associated with a URL in the body of a message at the MTA level without accepting the message first for further processing. The best you could do at the MTA level is block URLs that have a certain extension like .cn, but that's not what the OP was asking for, and explicitly stated as much. A very good point I'll shut up now :-D Nigel
RE: Top spam hosters, how to decline email mentioning them
-Original Message- From: Karsten Bräckelmann [mailto:[EMAIL PROTECTED] Sent: Monday, October 22, 2007 2:46 AM To: users@spamassassin.apache.org Subject: Re: Top spam hosters, how to decline email mentioning them On Sat, 2007-10-20 at 23:27 -0500, Igor Chudov wrote: I was looking at this article http://en.wikipedia.org/wiki/E-mail_spam It claims that only five countries are hosting 99.68% of the global spammer websites, of which the foremost is China, hosting 73.58% of all web sites referenced within spam.[30] Now that's one number. Please note that this article is dated June 30th, 2004. Rather ancient in terms of Spam. Just have a look at the absolute numbers in that very Wikipedia article. Also, the Wikipedia article does not claim it, but cite it. According to the cited Commtouch report, the number is based on one *month* and actually decreased by 4.5% from the previous month. At a rate like this, there is no spam-vertised URL hosted in China today... Anyway, according to my own, personal stats, China does indeed host the most sites (out of the set I picked for observation a while ago, which does not include the USA, for example). My numbers don't even come close to 73% though... guenther Is there any way, on shared servers, that I can use SpamAssassin to delete email from China, Russia, Korea and Japan please ? Any help much appreciated. Chris.
Re: Top spam hosters, how to decline email mentioning them
On Sunday, Oct 21st 2007 at 00:27 -, quoth Igor Chudov:
=I was looking at this article
=
= http://en.wikipedia.org/wiki/E-mail_spam
=
=It claims that only five countries are hosting 99.68% of the global
=spammer websites, of which the foremost is China, hosting 73.58% of
=all web sites referenced within spam.[30]
=
=I already refuse all email coming from China (and Korea). Never
=regretted this.
=
=Now, I also want to ignore all emails mentioning all China and Korea
=hosted websites (not just .cn, but also .coms and so on that have
=Chinese IPs).
=
=I will have to not do so with Russia hosted sites, due to me being a
=Russian by origin.
=
=Is there some tool that I could use to accomplish that?
I realize that this is a spamassassin list, but I do have another trick
that I use:
http://countries.nerd.dk/
So in my sendmail.mc I have the following incantations:
FEATURE(enhdnsbl,`tr.countries.nerd.dk', `SPAM from Turkey:${client_addr}
rejected',`t')dnl
FEATURE(enhdnsbl,`kr.countries.nerd.dk', `SPAM from Korea:${client_addr}
rejected',`t')dnl
FEATURE(enhdnsbl,`cn.countries.nerd.dk', `SPAM from China:${client_addr}
rejected',`t')dnl
This then just rejects them at the first tickle of a packet from them.
--
Time flies like the wind. Fruit flies like a banana. Stranger things have .0.
happened but none stranger than this. Does your driver's license say Organ ..0
Donor?Black holes are where God divided by zero. Listen to me! We are all- 000
individuals! What if this weren't a hypothetical question?
steveo at syslang.net
Re: Top spam hosters, how to decline email mentioning them
this looks interesting to me as well
i am a little confused about how to use/install it
on the page you provided a link to it says under USAGE to add the
following to your local.cf file
loadplugin Mail::SpamAssassin::Plugin::URICountry
uricountry URICOUNTRY_XX XX
header URICOUNTRY_XX eval:check_uricountry('URICOUNTRY_XX')
describeURICOUNTRY_XX Contains a URI hosted in XX
tflags URICOUNTRY_XX net
score URICOUNTRY_XX 2.0
Where XX is replaced with the 2 character country code of your
choice. (e.g. CN, KR, RO, RU, IN etc.)
that makes sense to me but after that it says THE CODE followed by
a bunch of code.
i am unclear on what needs to be done with this code.
any light shed on this will be greatly appreciated.
jp kelly
On Oct 20, 2007, at 10:10 PM, Bill Landry wrote:
Take a look at the URICountry plugin:
http://wiki.apache.org/spamassassin/URICountryPlugin
That should do what you want.
Bill
Re: Top spam hosters, how to decline email mentioning them
JP Kelly wrote: that makes sense to me but after that it says THE CODE followed by a bunch of code. i am unclear on what needs to be done with this code. Typically you put it in a file called something like URICountry.pm and then load it in your local.cf or vN.pre (eg. v320.pre) using the loadplugin directive. Derek
Re: Top spam hosters, how to decline email mentioning them
JP Kelly wrote the following on 10/21/2007 11:41 AM -0800:
this looks interesting to me as well
i am a little confused about how to use/install it
on the page you provided a link to it says under USAGE to add the
following to your local.cf file
loadplugin Mail::SpamAssassin::Plugin::URICountry
uricountry URICOUNTRY_XX XX
header URICOUNTRY_XX eval:check_uricountry('URICOUNTRY_XX')
describeURICOUNTRY_XX Contains a URI hosted in XX
tflags URICOUNTRY_XX net
score URICOUNTRY_XX 2.0
Where XX is replaced with the 2 character country code of your choice.
(e.g. CN, KR, RO, RU, IN etc.)
that makes sense to me but after that it says THE CODE followed by a
bunch of code.
i am unclear on what needs to be done with this code.
any light shed on this will be greatly appreciated.
THE CODE will go into a file named URICountry.pm and placed in the
same directory as your local.cf file (usually /etc/mail/spamassassin/).
As for the rules, I prefer to create a separate .cf file for them rather
than place them in local.cf (e.g., URICountry.cf), but that is simply a
matter of personal preference - I just like to keep my local.cf clean of
any rules and only use it for configuration settings.
I disagree with placing the loadplugin line in the cf file. The
proper place for this entry is in init.pre so that it gets loaded before
any rulesets, and can be referenced as:
loadplugin Mail::SpamAssassin::Plugin::URICountry
/etc/mail/spamassassin/URICountry.pm
Also, at the top of your ruleset you should add:
ifplugin Mail::SpamAssassin::Plugin::URICountry
and at the end:
endif
For example:
==
ifplugin Mail::SpamAssassin::Plugin::URICountry
uricountry URICOUNTRY_CN CN
header URICOUNTRY_CN eval:check_uricountry('URICOUNTRY_CN')
describeURICOUNTRY_CN Contains a URI hosted in China
tflags URICOUNTRY_CN net
score URICOUNTRY_CN 2.5
uricountry URICOUNTRY_HK HK
header URICOUNTRY_HK eval:check_uricountry('URICOUNTRY_HK')
describeURICOUNTRY_HK Contains a URI hosted in Hong Kong
tflags URICOUNTRY_HK net
score URICOUNTRY_HK 2.5
uricountry URICOUNTRY_IN IN
header URICOUNTRY_IN eval:check_uricountry('URICOUNTRY_IN')
describeURICOUNTRY_IN Contains a URI hosted in India
tflags URICOUNTRY_IN net
score URICOUNTRY_IN 2.5
endif
==
This will allow you to comment out the URICourntry loadplugin line in
your init.pre file if you should want to disable the URICourntry test
without having to remove the URICounrty.cf file (it will not load the
ruleset unless the plugin has been pre-loaded).
Bill
Re: Top spam hosters, how to decline email mentioning them
On Sat, 2007-10-20 at 23:27 -0500, Igor Chudov wrote:
I was looking at this article
http://en.wikipedia.org/wiki/E-mail_spam
It claims that only five countries are hosting 99.68% of the global
spammer websites, of which the foremost is China, hosting 73.58% of
all web sites referenced within spam.[30]
Now that's one number.
Please note that this article is dated June 30th, 2004. Rather ancient
in terms of Spam. Just have a look at the absolute numbers in that
very Wikipedia article.
Also, the Wikipedia article does not claim it, but cite it. According to
the cited Commtouch report, the number is based on one *month* and
actually decreased by 4.5% from the previous month. At a rate like this,
there is no spam-vertised URL hosted in China today...
Anyway, according to my own, personal stats, China does indeed host the
most sites (out of the set I picked for observation a while ago, which
does not include the USA, for example). My numbers don't even come close
to 73% though...
guenther
--
char *t=[EMAIL PROTECTED];
main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;il;i++){ i%8? c=1:
(c=*++x); c128 (s+=h); if (!(h=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}
Re: Top spam hosters, how to decline email mentioning them
On Sat, 20 Oct 2007 23:27:41 -0500, Igor Chudov [EMAIL PROTECTED] wrote: I was looking at this article http://en.wikipedia.org/wiki/E-mail_spam It claims that only five countries are hosting 99.68% of the global spammer websites, of which the foremost is China, hosting 73.58% of all web sites referenced within spam.[30] I already refuse all email coming from China (and Korea). Never regretted this. Now, I also want to ignore all emails mentioning all China and Korea hosted websites (not just .cn, but also .coms and so on that have Chinese IPs). I will have to not do so with Russia hosted sites, due to me being a Russian by origin. Is there some tool that I could use to accomplish that? Blocks of that type are more usually done at the MTA level. You'd need to post your server details before anyone could offer advice. If I recall right there are lists of netblocks you can use, though I think they integrate differently with different servers. In short, post your mail server details and perhaps someone will be able to offer some suggestions. Mine allows keyword blocking but that can come back and bite you. HTH Nigel
Re: Top spam hosters, how to decline email mentioning them
It claims that only five countries are hosting 99.68% of the global spammer websites, of which the foremost is China, hosting 73.58% of all web sites referenced within spam.[30] Now, I also want to ignore all emails mentioning all China and Korea hosted websites (not just .cn, but also .coms and so on that have Chinese IPs). I will have to not do so with Russia hosted sites, due to me being a Russian by origin. Is there some tool that I could use to accomplish that? You would probably be better off by simply adding some points for site references to known spam sites, rather than simply assuming that everything referencing a given country is spam. URIBL does precisely this, and is a standard SA network test. If you don't have it enabled you should enable it. Loren
Re: Top spam hosters, how to decline email mentioning them
Igor Chudov wrote the following on 10/20/2007 9:27 PM -0800: I was looking at this article http://en.wikipedia.org/wiki/E-mail_spam It claims that only five countries are hosting 99.68% of the global spammer websites, of which the foremost is China, hosting 73.58% of all web sites referenced within spam.[30] I already refuse all email coming from China (and Korea). Never regretted this. Now, I also want to ignore all emails mentioning all China and Korea hosted websites (not just .cn, but also .coms and so on that have Chinese IPs). I will have to not do so with Russia hosted sites, due to me being a Russian by origin. Is there some tool that I could use to accomplish that? Take a look at the URICountry plugin: http://wiki.apache.org/spamassassin/URICountryPlugin That should do what you want. Bill
