[Bug 4236] Check continent of envelope sender against continent of IP

[bugzilla-daemon]

http://bugzilla.spamassassin.org/show_bug.cgi?id=4236





------- Additional Comments From [EMAIL PROTECTED]  2005-05-11 21:12 -------
New mass-check attempt.  My results: 

Section 3 -- Frequencies Log
(First numeric frequencies, followed by percentage frequencies)

OVERALL%   SPAM%     HAM%     S/O    RANK  SCORE  NAME
 280511   109315   171196    0.390   0.00   0.00  (all messages)
   1083     1048       35    0.979   1.00   6.00  SPAMMY_FOREIGN_LACNIC
   8585     8521       64    0.995   1.00  10.00  SPAMMY_FOREIGN_RIPE
    589      569       20    0.978   0.67   8.00  SPAMMY_FOREIGN_AOL
   1042      949       93    0.941   0.00   8.00  SPAMMY_FOREIGN_APNIC

OVERALL%   SPAM%     HAM%     S/O    RANK   SCORE  NAME
 280511   109315   171196    0.390   0.00    0.00  (all messages)
100.000  38.9700  61.0300    0.390   0.00    0.00  (all messages as %)
  0.386   0.9587   0.0204    0.979   1.00    6.00  SPAMMY_FOREIGN_LACNIC
  3.060   7.7949   0.0374    0.995   1.00   10.00  SPAMMY_FOREIGN_RIPE
  0.210   0.5205   0.0117    0.978   0.67    8.00  SPAMMY_FOREIGN_AOL
  0.371   0.8681   0.0543    0.941   0.00    8.00  SPAMMY_FOREIGN_APNIC

SPAMMY_FOREIGN_RIPE looks particularly useful here. 

{{{
header    __RCVD_APNIC   Received =~
/(\[|\()(58|59|60|61|202|203|210|211|218|219|220|221|222)\.\d+\.\d+\.\d+.+ by /
header    __RCVD_RIPE   Received =~
/(\[|\()(62|80|81|82|83|84||85|86|87|88|193|194|195|212|213|217)\.\d+\.\d+\.\d+.+
by /
header    __RCVD_LACNIC   Received =~ /(\[|\()20(0|1)\.\d+\.\d+\.\d+.+ by /
meta      __RCVD_FOREIGN   (__RCVD_APNIC || __RCVD_RIPE || __RCVD_LACNIC)

# Check for some domains which shouldn't send from foreign continents
header    __FROM_AOL   From =~ /[EMAIL PROTECTED]/i
meta      SPAMMY_FOREIGN_AOL   (__RCVD_FOREIGN && __FROM_AOL)
score     SPAMMY_FOREIGN_AOL   8
describe  SPAMMY_FOREIGN_AOL   Claims to be from AOL but is foreign

header    __FROM_RIPE   From:addr =~
/\.(at|ba|ch|cz|de|dk|eg|es|fi|fr|gr|hr|hu|ie|il|is|it|lt|lu|lv|ma|nl|no|pl|pt|ro|ru|se|sk|ua|uk|za)>?$/i
meta      SPAMMY_FOREIGN_RIPE   (__FROM_RIPE && (__RCVD_APNIC || __RCVD_LACNIC))
score     SPAMMY_FOREIGN_RIPE   10
describe  SPAMMY_FOREIGN_RIPE   Claims to be from RIPE but is not

header    __FROM_APNIC   From:addr =~ /\.(au|cn|in|jp|kr|nz|ph|pk|sg|th)>?$/i
meta      SPAMMY_FOREIGN_APNIC   (__FROM_APNIC && (__RCVD_RIPE || 
__RCVD_LACNIC))
score     SPAMMY_FOREIGN_APNIC   8
describe  SPAMMY_FOREIGN_APNIC   Claims to be from APNIC but is not

header    __FROM_LACNIC   From:addr =~ /\.(ar|br|cl|co|mx|pe|ve)>?$/i
meta      SPAMMY_FOREIGN_LACNIC   (__FROM_LACNIC && (__RCVD_RIPE || 
__RCVD_APNIC))
score     SPAMMY_FOREIGN_LACNIC   6
describe  SPAMMY_FOREIGN_LACNIC   Claims to be from LACNIC but is not

}}}

NEEDSMC




------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.