On Sat, Aug 24, 2019 at 08:27:03PM +0200, tba...@txbweb.de wrote:
> Hello,
>
> I would like to block mails from ip addresses that cant be found. There
> is a tricky spam serie getting a low score. Currently I can block the
> mails just be scoring the tdl.
>
> I use the RelayCountry Plugin, but it dosnt work if the ip address is
> not available.
>
> header RELAYCOUNTRY_BAD X-Relay-Countries =~ /(List of country
> codes)/
> describe RELAYCOUNTRY_BAD Relayed through spam country at some
> point
> score RELAYCOUNTRY_BAD 3.5
>
>
> Here some infos of an header examples
>
> X-Spam-Status: Yes, score=11.891 tag=2 tag2=6.31 kill=6.31
> tests=[AM.WBL=7,
> BAYES_50=0.8, DKIM_SIGNED=0.1, DKIM_VALID=-0.1,
> DKIM_VALID_AU=-0.1,
> DKIM_VALID_EF=-0.1, FROMSPACE=0.001, FROM_SUSPICIOUS_NTLD=0.5,
> FSL_BULK_SIG=1.596, HTML_MESSAGE=0.001, PYZOR_CHECK=1.392,
> RDNS_NONE=0.793, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001,
> T_REMOTE_IMAGE=0.01] autolearn=no autolearn_force=no
>
> DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; s=mail;
> d=strapdebut.pro;
> h=From:Date:MIME-Version:Subject:To:Message-ID:Content-Type;
> i=nonse...@strapdebut.pro;
> bh=p2qRX9+f0yHDj3jqqnVU4hoNG58=;
>
> b=MmuxhWP6r2xfmasBMUUXqDc0ai2/zlR9ZgmBZPvsbo3fgl6m4dBkmpVvVqZo2DMgiee7I6Msp07c
>
> 3xIc7SbGGs9QOFGZYkaQpYpY56zW8AqjIWQvbC6D6jVq43P/7yF6nwrI7GrHTKgeL6/SAtzCUpf2
> HOR8Zr3N45GuMa5iHdc=
> DomainKey-Signature: a=rsa-sha1; c=nofws; q=dns; s=mail;
> d=strapdebut.pro;
>
> b=UH6pdk+pAUj1o9TF7Z0RySxRb7AFJUL4yori8RZ99Wd4nxABrPXndv88xSVu2rfBPTlQO/8KbdP4
>
> O2fJMJeSMRS+4Q7IFkjbMSkwYi+wGXZkcU10diEVt24i7bQf9l1zRNMQ9zV7GlAs4XeqAjEqGvV1
> SmcUvgGYccNp65I07nQ=;
> From: " Carol Yates" <nonse...@strapdebut.pro>
> Date: Sat, 24 Aug 2019 12:48:11 -0500
> MIME-Version: 1.0
> Subject: ACs are going to be extinct after this discovery
>
>
>
> Aug 24 19:54:38 mx2 amavis[3405]: (03405-11) Blocked SPAM
> {RejectedOpenRelay,Quarantined}, [45.141.151.5]:2812 [45.141.151.5]
> <nonse...@strapdebut.pro> -> <user@domain>, quarantine:
> N/spam-NHIkGYse9Osv.gz, Message-ID:
> <aegv4bk4h7smgwcq-ywdx3qgmoinnudsw-mbj1q4rq4.zz_c59zjjs9vofj7gws...@strapdebut.pro>,
>
> mail_id: NHIkGYse9Osv, Hits: 11.891, size: 9352, 2697 ms
>
>
> # geoiplookup 45.141.151.5
> GeoIP Country Edition: IP Address not found
> GeoIP City Edition, Rev 1: IP Address not found
> GeoIP ASNum Edition: IP Address not found
>
geoip 1.x is no more updated, with 3.4.2+ you can use country_db_type DB_File
and it would
have matched that ip.------------------------------------------------- $ pgeoiplookup 45.141.151.5 GeoIP version 1566720869: TR, Turkey ------------------------------------------------- Giovanni
signature.asc
Description: PGP signature
