Mailing List Archive

Blocking by country/ASN/IP/domain
Hi, I have a spamassassin-3.4.4 install with amavisd-2.12 and postfix
on fedora32 and would like to be able to block email from an entire
country on a per-user or per-domain basis. What is the best way to do
this?

I'm currently using the RelayCountry plugin and Amavis::Custom to add
an X-Relay-Countries header to each email, and have a series of rules
of the form:

header RELAYCOUNTRY_JP X-Relay-Countries =~ /JP/
describe RELAYCOUNTRY_JP Relayed through Japan
score RELAYCOUNTRY_JP 0.1

I've also been considering blocking by ASN or IP, but I believe it
would be the same problem just presented in a different way.

How do I tie this into amavisd so that I can allow individual users to
control their own email? Perhaps this is done in a policy_bank?
Perhaps I would analyze the X-Relay-Countries header directly instead
of processing the resulting RELAYCOUNTRY_JP rule, for example?
RE: Blocking by country/ASN/IP/domain [ In reply to ]
I have been looking into exactly the same, don't know how I am going to
implement it still. What I know for now.

This is how you can get info on a netblock owner.

[@]$ dig +short -t txt 80.53.103.176.origin.asn.cymru.com
'48031 | 176.103.48.0/20 | UA | ripencc | 2011-12-09'

You can then either decide to mark everything as spam with spamassassin
or block reject it via a milter or so. Combined with this you can then
whitelist only this networks official outgoing smtp servers.





-----Original Message-----
From: Alex [mailto:mysqlstudent@gmail.com]
Sent: Sunday, October 25, 2020 6:50 PM
To: SA Mailing list
Subject: Blocking by country/ASN/IP/domain

Hi, I have a spamassassin-3.4.4 install with amavisd-2.12 and postfix on
fedora32 and would like to be able to block email from an entire country
on a per-user or per-domain basis. What is the best way to do this?

I'm currently using the RelayCountry plugin and Amavis::Custom to add an
X-Relay-Countries header to each email, and have a series of rules of
the form:

header RELAYCOUNTRY_JP X-Relay-Countries =~ /JP/
describe RELAYCOUNTRY_JP Relayed through Japan
score RELAYCOUNTRY_JP 0.1

I've also been considering blocking by ASN or IP, but I believe it would
be the same problem just presented in a different way.

How do I tie this into amavisd so that I can allow individual users to
control their own email? Perhaps this is done in a policy_bank?
Perhaps I would analyze the X-Relay-Countries header directly instead of
processing the resulting RELAYCOUNTRY_JP rule, for example?
Re: Blocking by country/ASN/IP/domain [ In reply to ]
At 25 October, 2020 Marc Roos wrote:
> From: Marc Roos <M.Roos@f1-outsourcing.eu>
> To: mysqlstudent <mysqlstudent@gmail.com>, users
> <users@spamassassin.apache.org>
> Date: Sun, 25 Oct 2020 18:57:27 +0100
> X-Spam-Status: No, score=-13.2 required=4.0
> tests=HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,
> RCVD_IN_DNSWL_HI,RCVD_IN_MSPIKE_H2,SPF_HELO_PASS,SPF_PASS,
> URIBL_BLOCKED,URIBL_SBL_A,USER_IN_DEF_SPF_WL autolearn=ham
> autolearn_force=no version=3.4.4
> Subject: RE: Blocking by country/ASN/IP/domain
>
>
> I have been looking into exactly the same, don't know how I am going to
> implement it still. What I know for now.

You can use one of the DNSBL country zones, ie:

https://dino.ciuffetti.info/2011/08/dnsbl-geoip-service-at-countries-nerd-dk/

$ dig TXT 201.65.24.151.zz.countries.nerd.dk +short [12:00:
"it"

Shows that the IP address belongs to IT. And if we want to confirm that
this IP hits the IT zone:

$ dig 201.65.24.151.it.countries.nerd.dk +short
127.0.0.2

Just add those to your spamassassin DNSBL list for whichever country
codes you don't want mail from.