Block spam with OriginatingCountry SpamAssassin plugin
Tuesday, September 8th, 2009Save 2 files below in /etc/mail/spamassassin directory and enable plugin by add line
-
loadplugin Mail::SpamAssassin::Plugin::OriginatingCountry OriginatingCountry.pm
in file /etc/mail/spamassassin/init.pre
Check and adjust score with your system
File OriginatingCountry.pm
-
package Mail::SpamAssassin::Plugin::OriginatingCountry;
-
-
use Mail::SpamAssassin::Plugin;
-
use Mail::SpamAssassin::Constants qw(:ip);
-
use strict;
-
use warnings;
-
use bytes;
-
-
use vars qw(@ISA);
-
@ISA = qw(Mail::SpamAssassin::Plugin);
-
-
sub dbg { Mail::SpamAssassin::Plugin::dbg ("xip: @_"); }
-
-
sub new {
-
my $class = shift;
-
my $mailsaobject = shift;
-
-
$class = ref($class) || $class;
-
my $self = $class->SUPER::new($mailsaobject);
-
bless ($self, $class);
-
-
$self->register_eval_rule ("check_x_ip_header");
-
$self->register_eval_rule ("check_yahoo_ip_header");
-
$self->register_eval_rule ("check_authen_ip_header");
-
$self->register_eval_rule ("check_any_ip_header");
-
-
return $self;
-
}
-
-
-
sub check_x_ip_header {
-
my ($self, $permsgstatus, $regex) = @_;
-
my $reg;
-
eval {
-
require IP::Country::Fast;
-
$reg = IP::Country::Fast->new();
-
};
-
if ($@) {
-
dbg("failed to load 'IP::Country::Fast', skipping ($@)");
-
return 1;
-
}
-
my $ip = ($permsgstatus->get("X-Originating-IP"));
-
$ip =~ s/[\[\]]//g;
-
my $IP_ADDRESS = IP_ADDRESS;
-
if ($ip =~ /$IP_ADDRESS/) {
-
dbg("Found x-ip $ip");
-
my $country = '';
-
my $cc = $reg->inet_atocc($ip) || "XX";
-
$country = $cc;
-
chomp $country;
-
dbg("X-Originating-IP: $country");
-
my $re;
-
if (defined $regex) {
-
$re = eval { qr/$regex/; };
-
if ($@) {
-
warn("invalid regex: $@");
-
return 0;
-
}
-
}
-
if (defined $re) {
-
if ($country =~ $re) {
-
dbg("Found hotmail country and matches regex: $country");
-
return 1;
-
}
-
}
-
}
-
return 0;
-
}
-
-
sub check_yahoo_ip_header {
-
my ($self, $permsgstatus, $regex) = @_;
-
my $reg;
-
eval {
-
require IP::Country::Fast;
-
$reg = IP::Country::Fast->new();
-
};
-
if ($@) {
-
dbg("failed to load 'IP::Country::Fast', skipping ($@)");
-
return 1;
-
}
-
my $ip = '';
-
if ($permsgstatus->get("Received") =~ /\s?from\s+(\S+)\s+by\s+web[a-z0-9\.]+\.yahoo\.[a-z0-9\.]+\s+via\s+HTTP\;/) {
-
$ip = $1;
-
$ip =~ s/[\[\]]//g;
-
dbg("Found yahoo-ip: $ip");
-
my $country = '';
-
my $cc = $reg->inet_atocc($ip) || "XX";
-
$country = $cc;
-
chomp $country;
-
dbg("Yahoo-IP: $country");
-
my $re;
-
if (defined $regex) {
-
$re = eval { qr/$regex/; };
-
if ($@) {
-
warn("invalid regex: $@");
-
return 0;
-
}
-
}
-
if (defined $re) {
-
if ($country =~ $re) {
-
dbg("Found yahoo country and matches regex: $country");
-
return 1;
-
}
-
}
-
}
-
return 0;
-
}
-
-
sub check_authen_ip_header {
-
my ($self, $permsgstatus, $regex) = @_;
-
my $reg;
-
eval {
-
require IP::Country::Fast;
-
$reg = IP::Country::Fast->new();
-
};
-
if ($@) {
-
dbg("failed to load 'IP::Country::Fast', skipping ($@)");
-
return 1;
-
}
-
my $ip = '';
-
if ($permsgstatus->get("Received") =~ /\s?from\s+\w+\s+(\S+)/) {
-
$ip = $1;
-
$ip =~ s/[\[\]]//g;
-
-
dbg("Found authen-ip: $ip");
-
-
my $country = '';
-
my $cc = $reg->inet_atocc($ip) || "XX";
-
$country = $cc;
-
chomp $country;
-
dbg("Authen-IP: $country");
-
my $re;
-
if (defined $regex) {
-
$re = eval { qr/$regex/; };
-
if ($@) {
-
warn("invalid regex: $@");
-
return 0;
-
}
-
}
-
if (defined $re) {
-
if ($country =~ $re) {
-
dbg("Found authen country and matches regex: $country");
-
return 1;
-
}
-
}
-
}
-
return 0;
-
}
-
-
sub check_any_ip_header {
-
my ($self, $permsgstatus, $regex) = @_;
-
return ( $self->check_x_ip_header($permsgstatus,$regex) ||
-
$self->check_yahoo_ip_header($permsgstatus,$regex) ||
-
$self->check_authen_ip_header($permsgstatus,$regex)
-
);
-
}
-
-
1;
File originate_ip.cf
-
ifplugin Mail::SpamAssassin::Plugin::OriginatingCountry
-
-
header X_ORIG_IP_CN eval:check_any_ip_header('CN')
-
describe X_ORIG_IP_CN Message was sending originate from China
-
score X_ORIG_IP_CN 5.00
-
-
header X_ORIG_IP_NG eval:check_any_ip_header('NG')
-
describe X_ORIG_IP_NG Message was sending originate from Nigeria
-
score X_ORIG_IP_NG 1.00
-
-
header X_ORIG_IP_SN eval:check_any_ip_header('SN')
-
describe X_ORIG_IP_SN Message was sending originate from Senegal
-
score X_ORIG_IP_SN 1.00
-
-
header X_ORIG_IP_BN eval:check_any_ip_header('BN')
-
describe X_ORIG_IP_BN Message was sending originate from Benin
-
score X_ORIG_IP_BN 1.00
-
-
header X_ORIG_IP_GH eval:check_any_ip_header('GH')
-
describe X_ORIG_IP_GH Message was sending originate from Ghana
-
score X_ORIG_IP_GH 1.00
-
-
header X_ORIG_IP_CI eval:check_any_ip_header('CI')
-
describe X_ORIG_IP_CI Message was sending originate from Ivoiry Coast
-
score X_ORIG_IP_CI 1.00
-
-
header X_ORIG_IP_ZA eval:check_any_ip_header('ZA')
-
describe X_ORIG_IP_ZA Message was sending originate from South Africa
-
score X_ORIG_IP_ZA 1.00
-
-
endif
Posted in Internet, Perl, Programming, Spam | 2 Comments »