Mail::SpamAssassin::Contrib::Plugin::IPFilter - Blocks bad MTA behavior using IPTables.
To try this out, add this or uncomment this line in init.pre:
LoadPlugin     Mail::SpamAssassin::Contrib::Plugin::IPFilter
Configuration defaults:
iptables_support 6
iptables_bin $PATH/iptables
ip6tables_bin $PATH/ip6tables
filter_name spamipfilter
db_type	redis
db_host 127.0.0.1
db_port 6387
db_user	 ''
db_auth	 ''
db_name sa_ipfilter
trigger_score 6
trigger_messages 3
trigger_sensitivity 4
average_score_for_rule 7
expire_rule_seconds 172800
seconds_between_messages 30
seconds_to_decay_penalty 300
expires_multiplier_penalty 1.5
cache_decay_days 60
blacklist_score 30
log_dir /var/log
common_hosts gmail.com, google.com, yahoo.com, hotmail.com, live.com
admin_email ''
admin_message Your message to $recipient from $email was blocked and
  your IP address $ip blacklisted due to excessive unsolicited bulk
  email. To reinstate your ability to send email to $recipient please
  reply to $admin using a different off-network email, including the
  body of this message, with a request for reinstatement.
verbose 0
Mail::SpamAssassin::Contrib::Plugin::IPFilter blacklists unsolicited bulk email senders using IPTables. It will blacklist the sender IP using the smallest network possible, up to /24, when UCE originates from multiple hosts on the same network. Depending on the diversity and frequency of spam received on a server, it may take a couple of days to become effective. Thereafter, the cache state will decay to prevent spammers from burning IP blocks.
Responsible, well-known email hosts (common_hosts) are given special treatment to avoid blacklisting their networks and the score is increased for external filtering of UCE originating from those hosts. The plugin may be configured to email the blacklisted sender a warning for remediation.
A crontab entry is created for maintenance. IPV6 support is experimental. Future versions may include a collaborative blacklist.
The following options may be used in site-wide (local.cf) configuration files to customize operation, and must be prefixed by ipfilter_:
filter_name
  The name of the chain that Mail::SpamAssassin::Contrib::Plugin::IPFilter will create to block spammers. [a-zA-Z0-9_.]
  
iptables_support
    iptables support. 0 = disable iptables. 4 = support ipv4 only. 6 = support ipv4 and ipv6.
  
iptables_bin
    The path to the iptables binary on your system.
  
ip6tables_bin
    The path to the ip6tables binary on your system.
  
db_type
    The type of storage to use (mysql/redis).
  
db_host
    The IPv4 address of your database server.
  
db_port
    The port that the database server is listening on.
  
db_user
    The database user, if applicable.
  
db_auth
    The database password, if applicable.
  
db_name
    The database name (mysql) or the prefix for keys (redis) created and used by Mail::SpamAssassin::Contrib::Plugin::IPFilter. ^[a-zA-Z0-9_.]$
  
log_dir
    The directory to use for apache style logs reflecting spam messages for export to analytics. Informational messages are still logged via SpamAssassin.
  
average_score_for_rule
    The average spam score for a host required to trigger a rule after trigger_messages.
  
seconds_between_messages
    After how long should messages with the same envelope to/from be considered.
  
cache_decay_days
    After how long will entries in the cache decay, assuming no spam messages are seen. Note that the cache will decay according to: cumulative_spam_score_for_host * exp(-3*lastspam_delta/cache_decay_secs)
  
expire_rule_seconds
    After how long will a block rule expire.
  
expires_multiplier_penalty
    A factor used to penalize hosts with longer rule expiration based on the spam of score of the message resulting in a rule, relative to the average spam score required to set the rule.
  
seconds_to_decay_penalty
    A frequency indicator used to tune penalization for a given host based on how many spam messages were seen for that host over a time period.
  
trigger_score
    The score for which Mail::SpamAssassin::Contrib::Plugin::IPFilter will process a spam message. This should be greater than the SpamAssassin required_score.
  
trigger_messages
    The minimum number of spam messages from a given host before a rule is triggered.
  
trigger_sensitivity
    A quantity used to tune penalization for a given host based on how many spam messages were seen for that host.
  
common_hosts
    Hosts which should not be blacklisted via IPTables rule, and fall back to SpamAssassin blacklist.
  
blacklist_score
    A score to add to message headers of blacklisted senders originating from common_hosts.
  
admin_email
    The email address to send blacklist warnings from. If left unconfigured, no warnings will be sent.
  
admin_message
    The warning message that will be sent. Parameters $user, $domain, $ip, $email, $recipient and $admin may be used for templatization.
  
whitelist
    Any email address or ip address to whitelist. Email addresses may be specified as foo@example.com or just @example.com to match the whole domain, and IPs may be specified as 1.2.3.4 or just 1.2.3. to match the class C address space.
  
verbose
    Log additional information via Mail::SpamAssassin::Logger
© 2016 Tamer Rizk, Inficron Inc. All rights reserved.
This package is free software, distributed under the New BSD License.