On Mon, 2009-11-09 at 17:12 +0000, RW wrote: > On Mon, 09 Nov 2009 15:09:18 +0000 > "rich...@buzzhost.co.uk" <rich...@buzzhost.co.uk> wrote: > > > <snip> > > Running those through my SA gets the biggest hit for the second > > example with the Indian link in the body. But that's a custom rule > > kindly given to me by of one of the good people on this list. > > > > I'm more concerned with this: > > > > X-Originating-IP: [189.69.146.53] > > > > In Brazil yet my relay module does not seem to be biting on it. > > The list of country codes in the X-Spam-Relay-Countries header > corresponds to the list of untrusted relays - which is taken from the > received headers.
Thanks RW - You've probably forgotten more about SA than I'll ever know, so I appreciate your time in responding. It would be infinitely useful for me to match strings like: X-Originating-IP: [189.69.146.53] to country and block upon the result of that test. Basically I would happy with X-Originating-IP: [....] being in the UK, USA and parts of Europe, but I would like to kill any that come from Brazil, Columbia, China etc. I'm getting confused as to if I can do this with SA - I think I'm clear that the Relay Countries won't look at this kind of header(?), and that checking them against blocklists is not appropriate as by nature they will probably be in the PBL. But is there a way to grab these by geographic location and block? I see this often with Hotmail spam and whilst I would love to just block hotmail period, that would be a BOFH move that would not go down well :-)
