Block Single IP or /24 Cidr without blocking the entire country
Posted: 05 Sep 2017 12:42
When you can't block unknown domains with Postfix for whatever reason, but you still want to mark it as spam without blocking the entire country.
(Since plugin Mail::SpamAssassin::Plugin::URILocalBL doesn't work.)
Example: Spam from US based Wowrack.com Net-range: 208.89.208.0 - 208.89.215.255
For some strange reason the spammer(s) are mainly in the 208.89.215.xxx net-range
Option. Country block, works fine for countries. See the E.F.A. forum
countrybl.cf - modify Countries
Additional option, thanks to smyers119 Block IPs - modify IP's
blockip.cf
This catches every ip from 208.84.40.0 to 208.84.47.255 and 208.89.215.0 to 208.89.215.255
Just put these 2 files in /etc/mail/spamassassin and restart MailScanner. Use MailScanner --lint to check!
To get the descriptions visible: Reload rule_descriptions thru the Gui.
(Since plugin Mail::SpamAssassin::Plugin::URILocalBL doesn't work.)
Example: Spam from US based Wowrack.com Net-range: 208.89.208.0 - 208.89.215.255
For some strange reason the spammer(s) are mainly in the 208.89.215.xxx net-range
Code: Select all
Received: from epharab.loan (unknown [208.89.215.52])
Received: from wasptit.loan (unknown [208.89.215.47])
Received: from nyedumb.loan (unknown [208.89.215.48])
Received: from yikeest.loan (unknown [208.89.215.53])
Received: from hrhmar.loan (unknown [208.89.215.12])
Received: from poemesky.faith (unknown [208.89.210.118])
countrybl.cf - modify Countries
Code: Select all
ifplugin Mail::SpamAssassin::Plugin::RelayCountry
header COUNTRY_RELAY_BH X-Relay-Countries =~ /BH/
describe COUNTRY_RELAY_BH Relayed through Bahrain
score COUNTRY_RELAY_BH 3.5
header COUNTRY_RELAY_CN X-Relay-Countries =~ /CN/
describe COUNTRY_RELAY_CN Relayed through China
score COUNTRY_RELAY_CN 6.5
#etc etc
endif # Mail::SpamAssassin::Plugin::RelayCountry
blockip.cf
Code: Select all
header CLASSMATE_NET Received =~ /208\.84\.4[0-7]\.\d{1,3}/
describe CLASSMATE_NET Spam Mail from 208.84.40.0/21
score CLASSMATE_NET 9.0
# or just a /24 range whatever suits your situation
header SPAMMING_IP Received =~ /208\.89\.215\.\d{1,3}/
describe SPAMMING_IP Spam Mail from 208.89.215.0/24
score SPAMMING_IP 6.0
Just put these 2 files in /etc/mail/spamassassin and restart MailScanner. Use MailScanner --lint to check!
To get the descriptions visible: Reload rule_descriptions thru the Gui.