How can I create rules to score mail from certain organizations higher or lower using their ASN in Warden?

Administrators can create rules to score mail from specific organizations higher or lower using their autonomous system number (ASN).

Enable an ASN Lookup Provider

For SpamAssassin 3.4.X

  1. Go to Warden -> Settings -> Plugin Settings -> ASN and set ASN lookup to:
    origin.asn.cymru.com _ASN_ _ASNCIDR_
  2. If using IPv6 set ASN lookup IPv6 to:
    origin6.asn.cymru.com _ASN_ _ASNCIDR_
  3. Press the update button to save the page.

For SpamAssassin 4.0.X

SpamAssassin 4.0 can use the local MaxMind ASN database to lookup ASN information for an IP address so it does not require that you use external lookups like SpamAssassin 3.4.X. Sign up for your free MaxMind API key and download the MaxMind databases if you haven't done so already. See here for more information.

Add ASNs to the ASN plugin

1. Add the ASNs you want to score higher to Bad ASNs (Press the space bar to add additional entries).
2. If you want to just score the entered ASNs higher leave the Bad ASN score at 3.25. If you want all mail from these ASNs to be flagged as spam then set the Bad relay score to 10.0
3. Press the update button to save the page.

Adding ASN

How to Test that the ASN plugin is Working

You can enable verbose mode in Amavis to test if the ASN plugin is working properly. See here for more information. You will see an asn entry when clicking on the plus icon in the message log after Amavis is in verbose mode:

asn=AS11377_SENDGRID_

In this example the AS number is 11377 being sent from Sendgrid.

How to lookup the AS number for an IP Address within Warden

After the Maxmind ASN databases have been downloaded you can lookup the ASN for an IP address by clicking on the client addr in the message log and selecting information from the popup menu.

ASN Lookup

Verify Your New Rules are Working

If verbose mode is enabled in Amavis then you should see the new rule in the list of rules that were matched by the message. See here for more information.

Adding the X-ASN Header to Message Headers

If you want the X-ASN header added to all message headers then add the following line to the SpamAssassin config file /etc/mail/spamassassin/local.cf within the ifplugin Mail::SpamAssassin::Plugin::ASN section:

For SpamAssassin 3.4.X:

add_header all ASN _ASN_ _ASNCIDR_

For SpamAssassin 4.0.X (The _ASNCIDR_ tag is not available if using the local MaxMind databases so we omit it):

add_header all ASN _ASN_

Then on Centos/RHEL/CloudLinux/AlmaLinux edit the file /etc/amavisd/warden.conf or on Debian/Ubuntu edit the file /etc/amavis/conf.d/99-warden and add the following line (before the 1; # ensure a defined return line).

$allowed_added_header_fields{lc('X-Spam-ASN')} = 1;

Restart Amavis

// Centos/RHEL/CloudLinux/AlmaLinux
systemctl restart amavisd

// Debian Ubuntu
systemctl restart amavis

Now the X-ASN header should be present on all messages processed my Amavis.

Viewing Which Organizations that Send the Most Spam

1. Admins can go to Warden -> Reports -> and select the Spam - Client Addr ASN report to get a list of organizations that are sending the most spam.
2. Admins can go to Warden -> Reports -> and select the Clean - Client Addr ASN report to get a list of organizations that are sending mail that is being classified as clean. Sometimes you might see spam that is coming from an organization but it is being flagged as clean by Amavis so you can add an X-ASN rule for it to score it higher so that it gets properly classified as spam.

Spam - Client Addr - ASN

  • ASN, rules, X-ASN
  • 0 Utilizadores acharam útil
Esta resposta foi útil?

Artigos Relacionados

How can I change the interface language of the extension?

You can change the interface language under Settings -> Application Settings -> Locale...

How can I disable admin email notifications in Amavis?

Amavis has different default options for controlling where virus, spam, banned file attachments,...

How can I whitelist or blacklist a mail server from greylisting?

To Whitelist a Mail Server From Greylisting Navigate to Warden -> Settings ->...

How can I enable third party anti-virus signatures within Warden to improve the ClamAV detection rate?

Warden supports enabling third party anti-virus signatures to improve the detection rate. These...

How can I setup a local caching DNS resolver to speed up DNS queries used by Amavis?

Run the following command to check if local DNS caching is enabled: host -tTXT...