On Sat, Oct 31, 2009 at 02:13:45PM +0000, rich...@buzzhost.co.uk wrote:
> On Sat, 2009-10-31 at 13:58 +0000, RW wrote:
> > On Sat, 31 Oct 2009 07:59:24 +0000
> > "rich...@buzzhost.co.uk" <rich...@buzzhost.co.uk> wrote:
> > > A couple of observations;
> > > 123.160.198.207 - is on the PBL {deep in the heart of China} so is
> > > possible to extend the network tests to look for fairly constant
> > > custom headers with the originating IP?
> >
> >
> > Why would that be a sign of spam?
> It's not, necessarily - when I think about it. All clients that hook up
> to Hotmail are most likely going to be in the PBL being probably
> dynamic. So the plan is flawed!
>
> That said, if I could press the 'I would like' button, it would be nice
> to geo-lookup this IP and be able to score it higher if it's from China,
> Brazil, Argentina, Columbia etc... That, of course, is in an ideal
> world.
Uh, SpamAssassin parses X-Originating-IP and friends just fine. Of course
PBL isn't going to hit it, since it's an lastexternal rule.
Likewise the RelayCountry plugin does what you want:
http://wiki.apache.org/spamassassin/RelayCountryPlugin
header FROM_XX_ATLEAST_2_HOPS_AWAY X-Relay-Countries =~ /.. .. (?:CN|BR)$/
