Pierre Thomson wrote:
> Backing up about a light year here, and ignoring all philosophical arguments,
> I'll offer my list of _scored_ (not blocked) countries. This is, of course,
> specific to our situation:
>
> CN TW RU UA BR
>
> I use the RelayCountry plugin for this, and assign it a rather low score. It
> DOES help.
>
I do a lot of that too. I even have a few in there with 0.01 scores just for
informational purposes. (GB, ES, FR, DE, etc)
Of the rules with scores >0.1, I'm currently seeing the most spam activity from
CN and KR, followed by IL, PL, JP, RU, RO,and BR, in that order. CN and KR are
both higher than all the others by a factor of at least 2.
Some quick Short term spam/ham counts (These numbers are for my site, YMMV
greatly depending on userbase):
CN = 240/2
KR = 155/0
IL = 61/2
PL = 56/5
JP = 46/1
RU = 43/2
RO = 42/4
BR = 30/9
Since I do often see mailing list posts from people in these countries,
especially BR, so I can't be heavy-handed with the scoring. However, a little
0.5 to 1.0 nudge is helpful, and RelayCountry is low-overhead (not DNS based)
Here's a handful of rules I'm using atm:
# informational, mostly for statistical purposes
header RELAY_ES X-Relay-Countries=~/\bES\b/
describe RELAY_ES Relayed through Spain
score RELAY_ES 0.01
header RELAY_UK X-Relay-Countries=~/\bGB\b/
describe RELAY_UK Relayed through Brittan
score RELAY_UK 0.01
header RELAY_FR X-Relay-Countries=~/\bFR\b/
describe RELAY_FR Relayed through France
score RELAY_FR 0.01
header RELAY_DE X-Relay-Countries=~/\bDE\b/
describe RELAY_DE Relayed through Germany
score RELAY_DE 0.01
header RELAY_AT X-Relay-Countries=~/\bAT\b/
describe RELAY_AT Relayed through Austria
score RELAY_AT 0.01
# countries prone to abuse and low legit mail volume
# can't count these as spam outright as there is legitamate mail here
# but a slight bias is in order for countries with high spam:ham ratios
header RELAY_TW X-Relay-Countries=~/\bTW\b/
describe RELAY_TW Relayed through Taiwan
score RELAY_TW 0.5
header RELAY_JP X-Relay-Countries=~/\bJP\b/
describe RELAY_JP Relayed through Japan
score RELAY_JP 0.5
header RELAY_AR X-Relay-Countries=~/\bAR\b/
describe RELAY_AR Relayed through Argentina
score RELAY_AR 0.5
header RELAY_BR X-Relay-Countries=~/\bBR\b/
describe RELAY_BR Relayed through Brazil
score RELAY_BR 0.5
header RELAY_RU X-Relay-Countries=~/\bRU\b/
describe RELAY_RU Relayed through Russia
score RELAY_RU 0.5
header RELAY_RO X-Relay-Countries=~/\bRO\b/
describe RELAY_RO Relayed through Romania
score RELAY_RO 0.5
header RELAY_PL X-Relay-Countries=~/\bPL\b/
describe RELAY_PL Relayed through Poland
score RELAY_PL 0.5
header RELAY_IL X-Relay-Countries=~/\bIL\b/
describe RELAY_IL Relayed through Israel
score RELAY_IL 0.5
header RELAY_HU X-Relay-Countries=~/\bHU\b/
describe RELAY_HU Relayed through Hungary
score RELAY_HU 1.0
header RELAY_NG X-Relay-Countries=~/\bNG\b/
describe RELAY_NG Relayed through Nigeria
score RELAY_NG 0.5
header RELAY_PK X-Relay-Countries=~/\bPK\b/
describe RELAY_PK Relayed through Pakistan
score RELAY_PK 0.5
header RELAY_KP X-Relay-Countries=~/\bKP\b/
describe RELAY_KP Relayed through North Korea
score RELAY_KP 0.5
#more severe cases of the same..
header RELAY_CN X-Relay-Countries=~/\bCN\b/
describe RELAY_CN Relayed through china
score RELAY_CN 1.0
header RELAY_KR X-Relay-Countries=~/\bKR\b/
describe RELAY_KR Relayed through Korea
score RELAY_KR 1.0
