RE: Top spam hosters, how to decline email mentioning them
On Mon, 2007-10-22 at 11:55 +0200, Chris wrote: [ snipp mangled full-quote ] Is there any way, on shared servers, that I can use SpamAssassin to delete email from China, Russia, Korea and Japan please ? No. SpamAssassin does not delete, nor reject mail. It merely tags mail. However, your mail-processing chain can do any action, based upon that tagging. To detect the location of all mail relays, you can use the RelayCountry plugin [1]. Based on the results, you can identify mail *from* these countries, as you asked for. (Which is not the same as the thread you replied to, which talks about links in the email body.) Regarding shared servers, and if this is possible (for you): Dunno, that depends on the details. You'll need the mentioned SA plugin, which is not possible in the user configs, but needs to be included in the SA configs. Whether you can do this or not pretty much depends on your level of control over SA. guenther [1] http://wiki.apache.org/spamassassin/RelayCountryPlugin -- char *t=[EMAIL PROTECTED]; main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;il;i++){ i%8? c=1: (c=*++x); c128 (s+=h); if (!(h=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}
Re: Top spam hosters, how to decline email mentioning them
On Sat, 20 Oct 2007 23:27:41 -0500, Igor Chudov [EMAIL PROTECTED] wrote: I was looking at this article http://en.wikipedia.org/wiki/E-mail_spam It claims that only five countries are hosting 99.68% of the global spammer websites, of which the foremost is China, hosting 73.58% of all web sites referenced within spam.[30] I already refuse all email coming from China (and Korea). Never regretted this. Now, I also want to ignore all emails mentioning all China and Korea hosted websites (not just .cn, but also .coms and so on that have Chinese IPs). I will have to not do so with Russia hosted sites, due to me being a Russian by origin. Is there some tool that I could use to accomplish that? Perhaps it's a translation thing; but I was under the impression he wanted to drop these early, not run them through the entire mail/sa process first? (In defence of my MTA comments :-D) Nigel
Re: Top spam hosters, how to decline email mentioning them
Nigel Frankcom wrote the following on 10/21/2007 11:22 PM -0800: On Sat, 20 Oct 2007 23:27:41 -0500, Igor Chudov [EMAIL PROTECTED] wrote: I was looking at this article http://en.wikipedia.org/wiki/E-mail_spam It claims that only five countries are hosting 99.68% of the global spammer websites, of which the foremost is China, hosting 73.58% of all web sites referenced within spam.[30] I already refuse all email coming from China (and Korea). Never regretted this. Now, I also want to ignore all emails mentioning all China and Korea hosted websites (not just .cn, but also .coms and so on that have Chinese IPs). I will have to not do so with Russia hosted sites, due to me being a Russian by origin. Is there some tool that I could use to accomplish that? Perhaps it's a translation thing; but I was under the impression he wanted to drop these early, not run them through the entire mail/sa process first? (In defence of my MTA comments :-D) Nigel I don't how one could determine the IP address associated with a URL in the body of a message at the MTA level without accepting the message first for further processing. The best you could do at the MTA level is block URLs that have a certain extension like .cn, but that's not what the OP was asking for, and explicitly stated as much. Bill
Re: Top spam hosters, how to decline email mentioning them
On Mon, 22 Oct 2007 00:07:17 -0700, Bill Landry [EMAIL PROTECTED] wrote: I don't how one could determine the IP address associated with a URL in the body of a message at the MTA level without accepting the message first for further processing. The best you could do at the MTA level is block URLs that have a certain extension like .cn, but that's not what the OP was asking for, and explicitly stated as much. A very good point I'll shut up now :-D Nigel
RE: Top spam hosters, how to decline email mentioning them
-Original Message- From: Karsten Bräckelmann [mailto:[EMAIL PROTECTED] Sent: Monday, October 22, 2007 2:46 AM To: users@spamassassin.apache.org Subject: Re: Top spam hosters, how to decline email mentioning them On Sat, 2007-10-20 at 23:27 -0500, Igor Chudov wrote: I was looking at this article http://en.wikipedia.org/wiki/E-mail_spam It claims that only five countries are hosting 99.68% of the global spammer websites, of which the foremost is China, hosting 73.58% of all web sites referenced within spam.[30] Now that's one number. Please note that this article is dated June 30th, 2004. Rather ancient in terms of Spam. Just have a look at the absolute numbers in that very Wikipedia article. Also, the Wikipedia article does not claim it, but cite it. According to the cited Commtouch report, the number is based on one *month* and actually decreased by 4.5% from the previous month. At a rate like this, there is no spam-vertised URL hosted in China today... Anyway, according to my own, personal stats, China does indeed host the most sites (out of the set I picked for observation a while ago, which does not include the USA, for example). My numbers don't even come close to 73% though... guenther Is there any way, on shared servers, that I can use SpamAssassin to delete email from China, Russia, Korea and Japan please ? Any help much appreciated. Chris.
Re: Top spam hosters, how to decline email mentioning them
On Sunday, Oct 21st 2007 at 00:27 -, quoth Igor Chudov: =I was looking at this article = = http://en.wikipedia.org/wiki/E-mail_spam = =It claims that only five countries are hosting 99.68% of the global =spammer websites, of which the foremost is China, hosting 73.58% of =all web sites referenced within spam.[30] = =I already refuse all email coming from China (and Korea). Never =regretted this. = =Now, I also want to ignore all emails mentioning all China and Korea =hosted websites (not just .cn, but also .coms and so on that have =Chinese IPs). = =I will have to not do so with Russia hosted sites, due to me being a =Russian by origin. = =Is there some tool that I could use to accomplish that? I realize that this is a spamassassin list, but I do have another trick that I use: http://countries.nerd.dk/ So in my sendmail.mc I have the following incantations: FEATURE(enhdnsbl,`tr.countries.nerd.dk', `SPAM from Turkey:${client_addr} rejected',`t')dnl FEATURE(enhdnsbl,`kr.countries.nerd.dk', `SPAM from Korea:${client_addr} rejected',`t')dnl FEATURE(enhdnsbl,`cn.countries.nerd.dk', `SPAM from China:${client_addr} rejected',`t')dnl This then just rejects them at the first tickle of a packet from them. -- Time flies like the wind. Fruit flies like a banana. Stranger things have .0. happened but none stranger than this. Does your driver's license say Organ ..0 Donor?Black holes are where God divided by zero. Listen to me! We are all- 000 individuals! What if this weren't a hypothetical question? steveo at syslang.net
Re: Top spam hosters, how to decline email mentioning them
this looks interesting to me as well i am a little confused about how to use/install it on the page you provided a link to it says under USAGE to add the following to your local.cf file loadplugin Mail::SpamAssassin::Plugin::URICountry uricountry URICOUNTRY_XX XX header URICOUNTRY_XX eval:check_uricountry('URICOUNTRY_XX') describeURICOUNTRY_XX Contains a URI hosted in XX tflags URICOUNTRY_XX net score URICOUNTRY_XX 2.0 Where XX is replaced with the 2 character country code of your choice. (e.g. CN, KR, RO, RU, IN etc.) that makes sense to me but after that it says THE CODE followed by a bunch of code. i am unclear on what needs to be done with this code. any light shed on this will be greatly appreciated. jp kelly On Oct 20, 2007, at 10:10 PM, Bill Landry wrote: Take a look at the URICountry plugin: http://wiki.apache.org/spamassassin/URICountryPlugin That should do what you want. Bill
Re: Top spam hosters, how to decline email mentioning them
JP Kelly wrote: that makes sense to me but after that it says THE CODE followed by a bunch of code. i am unclear on what needs to be done with this code. Typically you put it in a file called something like URICountry.pm and then load it in your local.cf or vN.pre (eg. v320.pre) using the loadplugin directive. Derek
Re: Top spam hosters, how to decline email mentioning them
JP Kelly wrote the following on 10/21/2007 11:41 AM -0800: this looks interesting to me as well i am a little confused about how to use/install it on the page you provided a link to it says under USAGE to add the following to your local.cf file loadplugin Mail::SpamAssassin::Plugin::URICountry uricountry URICOUNTRY_XX XX header URICOUNTRY_XX eval:check_uricountry('URICOUNTRY_XX') describeURICOUNTRY_XX Contains a URI hosted in XX tflags URICOUNTRY_XX net score URICOUNTRY_XX 2.0 Where XX is replaced with the 2 character country code of your choice. (e.g. CN, KR, RO, RU, IN etc.) that makes sense to me but after that it says THE CODE followed by a bunch of code. i am unclear on what needs to be done with this code. any light shed on this will be greatly appreciated. THE CODE will go into a file named URICountry.pm and placed in the same directory as your local.cf file (usually /etc/mail/spamassassin/). As for the rules, I prefer to create a separate .cf file for them rather than place them in local.cf (e.g., URICountry.cf), but that is simply a matter of personal preference - I just like to keep my local.cf clean of any rules and only use it for configuration settings. I disagree with placing the loadplugin line in the cf file. The proper place for this entry is in init.pre so that it gets loaded before any rulesets, and can be referenced as: loadplugin Mail::SpamAssassin::Plugin::URICountry /etc/mail/spamassassin/URICountry.pm Also, at the top of your ruleset you should add: ifplugin Mail::SpamAssassin::Plugin::URICountry and at the end: endif For example: == ifplugin Mail::SpamAssassin::Plugin::URICountry uricountry URICOUNTRY_CN CN header URICOUNTRY_CN eval:check_uricountry('URICOUNTRY_CN') describeURICOUNTRY_CN Contains a URI hosted in China tflags URICOUNTRY_CN net score URICOUNTRY_CN 2.5 uricountry URICOUNTRY_HK HK header URICOUNTRY_HK eval:check_uricountry('URICOUNTRY_HK') describeURICOUNTRY_HK Contains a URI hosted in Hong Kong tflags URICOUNTRY_HK net score URICOUNTRY_HK 2.5 uricountry URICOUNTRY_IN IN header URICOUNTRY_IN eval:check_uricountry('URICOUNTRY_IN') describeURICOUNTRY_IN Contains a URI hosted in India tflags URICOUNTRY_IN net score URICOUNTRY_IN 2.5 endif == This will allow you to comment out the URICourntry loadplugin line in your init.pre file if you should want to disable the URICourntry test without having to remove the URICounrty.cf file (it will not load the ruleset unless the plugin has been pre-loaded). Bill
Re: Top spam hosters, how to decline email mentioning them
On Sat, 2007-10-20 at 23:27 -0500, Igor Chudov wrote: I was looking at this article http://en.wikipedia.org/wiki/E-mail_spam It claims that only five countries are hosting 99.68% of the global spammer websites, of which the foremost is China, hosting 73.58% of all web sites referenced within spam.[30] Now that's one number. Please note that this article is dated June 30th, 2004. Rather ancient in terms of Spam. Just have a look at the absolute numbers in that very Wikipedia article. Also, the Wikipedia article does not claim it, but cite it. According to the cited Commtouch report, the number is based on one *month* and actually decreased by 4.5% from the previous month. At a rate like this, there is no spam-vertised URL hosted in China today... Anyway, according to my own, personal stats, China does indeed host the most sites (out of the set I picked for observation a while ago, which does not include the USA, for example). My numbers don't even come close to 73% though... guenther -- char *t=[EMAIL PROTECTED]; main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;il;i++){ i%8? c=1: (c=*++x); c128 (s+=h); if (!(h=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}
Re: Top spam hosters, how to decline email mentioning them
On Sat, 20 Oct 2007 23:27:41 -0500, Igor Chudov [EMAIL PROTECTED] wrote: I was looking at this article http://en.wikipedia.org/wiki/E-mail_spam It claims that only five countries are hosting 99.68% of the global spammer websites, of which the foremost is China, hosting 73.58% of all web sites referenced within spam.[30] I already refuse all email coming from China (and Korea). Never regretted this. Now, I also want to ignore all emails mentioning all China and Korea hosted websites (not just .cn, but also .coms and so on that have Chinese IPs). I will have to not do so with Russia hosted sites, due to me being a Russian by origin. Is there some tool that I could use to accomplish that? Blocks of that type are more usually done at the MTA level. You'd need to post your server details before anyone could offer advice. If I recall right there are lists of netblocks you can use, though I think they integrate differently with different servers. In short, post your mail server details and perhaps someone will be able to offer some suggestions. Mine allows keyword blocking but that can come back and bite you. HTH Nigel
Re: Top spam hosters, how to decline email mentioning them
It claims that only five countries are hosting 99.68% of the global spammer websites, of which the foremost is China, hosting 73.58% of all web sites referenced within spam.[30] Now, I also want to ignore all emails mentioning all China and Korea hosted websites (not just .cn, but also .coms and so on that have Chinese IPs). I will have to not do so with Russia hosted sites, due to me being a Russian by origin. Is there some tool that I could use to accomplish that? You would probably be better off by simply adding some points for site references to known spam sites, rather than simply assuming that everything referencing a given country is spam. URIBL does precisely this, and is a standard SA network test. If you don't have it enabled you should enable it. Loren
Re: Top spam hosters, how to decline email mentioning them
Igor Chudov wrote the following on 10/20/2007 9:27 PM -0800: I was looking at this article http://en.wikipedia.org/wiki/E-mail_spam It claims that only five countries are hosting 99.68% of the global spammer websites, of which the foremost is China, hosting 73.58% of all web sites referenced within spam.[30] I already refuse all email coming from China (and Korea). Never regretted this. Now, I also want to ignore all emails mentioning all China and Korea hosted websites (not just .cn, but also .coms and so on that have Chinese IPs). I will have to not do so with Russia hosted sites, due to me being a Russian by origin. Is there some tool that I could use to accomplish that? Take a look at the URICountry plugin: http://wiki.apache.org/spamassassin/URICountryPlugin That should do what you want. Bill