How can I score mail relayed though certain countries higher or lower in Warden?

Administrators can score mail relayed though certain countries higher or lower using the RelayCountry plugin.

Sign up for a Maxmind API key

First sign up for your free MaxMind API key and download the MaxMind databases if you haven't done so already. See here for more information.

Add Countries to the RelayCountry plugin

  1. Go to Warden -> Settings -> Plugin Settings -> RelayCountry and select the countries you want to score higher to Bad relay countries.
  2. If you want to just score the selected countries higher leave the Bad relay score at 3.25. If you want all mail from these countries to be flagged as spam then set the Bad relay score to 10.0
  3. Press the Update button to save the page.

RelayCountry

How to Test that the RelayCountry plugin is Working

You can enable verbose mode in Amavis to test if the RelayCountry plugin is working properly. See here for more information. You will see a relaycountry entry when clicking on the plus icon in the message log after Amavis is in verbose mode:

relaycountry=RU

In this example the relay country is RU being sent from Russia.

How to lookup the Country for an IP Address within Warden

After the Maxmind databases have been downloaded you can lookup the Country for an IP address by clicking on the client addr in the message log and selecting information from the popup menu.

Country Lookup

Verify Your New Rules are Working

If verbose mode is enabled in Amavis then you should see a rule named RELAYCOUNTRY_BAD in the list of rules that were matched by the message. See here for more information.

Adding the X-Spam-Relay-Countries Header to Message Headers

If you want the X-Spam-Relay-Country header added to all messages then add the following line to the SpamAssassin config file /etc/mail/spamassassin/local.cf within the ifplugin Mail::SpamAssassin::Plugin::RelayCountry section:

add_header all Relay-Countries _RELAYCOUNTRY_

Then on Centos/RHEL/CloudLinux/AlmaLinux edit the file /etc/amavisd/warden.conf or on Debian/Ubuntu edit the file /etc/amavis/conf.d/99-warden and add the following line (before the 1; # ensure a defined return line).

$allowed_added_header_fields{lc('X-Spam-Relay-Countries')} = 1;

Restart Amavis

// Centos/RHEL/CloudLinux/AlmaLinux
systemctl restart amavisd

// Debian Ubuntu
systemctl restart amavis

Now the X-Spam-Relay-Country header should be present on all messages processed my Amavis.

Viewing Which Countries Relay the Most Spam

1. Admins can go to Warden -> Reports -> and select the Spam - Client Addr Country report to get a list of organizations that are sending the most spam.
2. Admins can go to Warden -> Reports -> and select the Clean - Client Addr Country report to get a list of organizations that are sending mail that is being classified as clean. Sometimes you might see spam that is coming from an organization but it is being flagged as clean by Amavis so you can add the country to the list of Bad relay countries so that it gets properly classified as spam.

Spam - Client Addr Country

  • relaycountry, country, X-Relay-Countries
  • 0 Bu dökümanı faydalı bulan kullanıcılar:
Bu cevap yeterince yardımcı oldu mu?

İlgili diğer dökümanlar

How can I change the interface language of the extension?

You can change the interface language under Settings -> Application Settings -> Locale...

How can I disable admin email notifications in Amavis?

Amavis has different default options for controlling where virus, spam, banned file attachments,...

How can I whitelist or blacklist a mail server from greylisting?

To Whitelist a Mail Server From Greylisting Navigate to Warden -> Settings ->...

How can I enable third party anti-virus signatures within Warden to improve the ClamAV detection rate?

Warden supports enabling third party anti-virus signatures to improve the detection rate. These...

How can I setup a local caching DNS resolver to speed up DNS queries used by Amavis?

Run the following command to check if local DNS caching is enabled: host -tTXT...