Unable to determine your country

spamassassin Bogon IP addresses plugin

A recent bogon research projects has showed that almost 5% of all the SPAM email contain an bogon IP address in the headers. To detect this, a plugin for spamassassin has been written. This plugin will scan emails for bogon IP addresses in the "received from" headers. This will improve the spam detection when using spamassassin. It can also be used to do further research regarding bogon ip addresses and spam.

Below is the source code for the spamassassin plugin. There are 2 files:
1. /etc/spamassassin/bogonreceivedline.cf
2. /etc/spamassassin/bogonreceivedline.pm

* the exact path maybe different depending on your spamassassin installation This plugin is written by Bas Toonk (bas--at--toonk.nl) and Andree Toonk (andree--at--toonk.nl)

warning
Note: I used the bogons list from http://www.cymru.com/Documents/bogon-bn-nonagg.txt If you use the spamassassin bogons plugin, make sure you download the newest version of this list periodically!!





BOGONRECEIVEDLINE.CF

loadplugin	BogonReceivedLine bogonreceivedline.pm
header 		BOGONRECEIVEDLINE eval:bogonreceivedline()
describe 	BOGONRECEIVEDLINE Check for begon ip header lines
tflags 		BOGONRECEIVEDLINE net
score 		BOGONRECEIVEDLINE 1

BOGONRECEIVEDLINE.PM

package BogonReceivedLine;

use strict;
use Mail::SpamAssassin;
use Mail::SpamAssassin::Plugin;
use Net::Netmask;
our @ISA = qw(Mail::SpamAssassin::Plugin);

sub new {
	my ($class, $mailsa) = @_;
	$class = ref($class) || $class;
	my $self = $class->SUPER::new($mailsa);
	bless ($self, $class);
	$self->register_eval_rule("bogonreceivedline");
	return $self;
}

sub bogonreceivedline {
	my ($self, $permsgstatus) = @_;
	my $hits = 0;
	my $received = $permsgstatus->get("Received");

	my @recs = split('\n',$received);
	for (@recs) {
		my $ip;
		if ($_ =~ /.+\[(\d+\.\d+\.\d+\.\d+)\]\)/) {
			$ip = $1;
			if(defined(findNetblock($ip))) {
				my $localhost = Net::Netmask->new("127.0.0.1");
				if (!$localhost->match($ip)) {
					#print STDERR "$ip\t" . findNetblock($ip) . "\n";
					$hits = 1;
				}
			}
		}
		#print STDERR "ERROR: $_\n";
	}

	return 1 if $hits;
	return 0;
}

my @prefixes;
# download http://www.cymru.com/Documents/bogon-bn-nonagg.txt
# make sure to remove RFC1918 space from the bogon list!!!
open(MYINPUTFILE, ") {
	my($line) = $_;
	chomp($line);
	push(@prefixes, $line);
	#$hash{$line};
}
close(MYINPUTFILE);

for my $b (@prefixes) {
	my $x = new Net::Netmask ($b);
	$x->storeNetblock();
}

1;

your IP address is 23.22.136.56 Andree Toonk.           Last Modified: 10/01/2009