Administrators can create rules to score mail from specific organizations higher or lower using their autonomous system number (ASN).
Enable an ASN Lookup Provider
For SpamAssassin 3.4.X
- Go to Warden -> Settings -> Plugin Settings -> ASN and set ASN lookup to:
origin.asn.cymru.com _ASN_ _ASNCIDR_
- If using IPv6 set ASN lookup IPv6 to:
origin6.asn.cymru.com _ASN_ _ASNCIDR_
- Press the update button to save the page.
For SpamAssassin 4.0.X
SpamAssassin 4.0 can use the local MaxMind ASN database to lookup ASN information for an IP address so it does not require that you use external lookups like SpamAssassin 3.4.X. Sign up for your free MaxMind API key and download the MaxMind databases if you haven't done so already. See here for more information.
Add ASNs to the ASN plugin
1. Add the ASNs you want to score higher to Bad ASNs (Press the space bar to add additional entries).
2. If you want to just score the entered ASNs higher leave the Bad ASN score at 3.25. If you want all mail from these ASNs to be flagged as spam then set the Bad relay score to 10.0
3. Press the update button to save the page.
How to Test that the ASN plugin is Working
You can enable verbose mode in Amavis to test if the ASN plugin is working properly. See here for more information. You will see an asn entry when clicking on the plus icon in the message log after Amavis is in verbose mode:
asn=AS11377_SENDGRID_
In this example the AS number is 11377 being sent from Sendgrid.
How to lookup the AS number for an IP Address within Warden
After the Maxmind ASN databases have been downloaded you can lookup the ASN for an IP address by clicking on the client addr in the message log and selecting information from the popup menu.
Verify Your New Rules are Working
If verbose mode is enabled in Amavis then you should see the new rule in the list of rules that were matched by the message. See here for more information.
Adding the X-ASN Header to Message Headers
If you want the X-ASN header added to all message headers then add the following line to the SpamAssassin config file /etc/mail/spamassassin/local.cf within the ifplugin Mail::SpamAssassin::Plugin::ASN section:
For SpamAssassin 3.4.X:
add_header all ASN _ASN_ _ASNCIDR_
For SpamAssassin 4.0.X (The _ASNCIDR_ tag is not available if using the local MaxMind databases so we omit it):
add_header all ASN _ASN_
Then on Centos/RHEL/CloudLinux/AlmaLinux edit the file /etc/amavisd/warden.conf or on Debian/Ubuntu edit the file /etc/amavis/conf.d/99-warden and add the following line (before the 1; # ensure a defined return line).
$allowed_added_header_fields{lc('X-Spam-ASN')} = 1;
Restart Amavis
// Centos/RHEL/CloudLinux/AlmaLinux
systemctl restart amavisd
// Debian Ubuntu
systemctl restart amavis
Now the X-ASN header should be present on all messages processed my Amavis.
Viewing Which Organizations that Send the Most Spam
1. Admins can go to Warden -> Reports -> and select the Spam - Client Addr ASN report to get a list of organizations that are sending the most spam.
2. Admins can go to Warden -> Reports -> and select the Clean - Client Addr ASN report to get a list of organizations that are sending mail that is being classified as clean. Sometimes you might see spam that is coming from an organization but it is being flagged as clean by Amavis so you can add an X-ASN rule for it to score it higher so that it gets properly classified as spam.