# GEOIP QPSMTPD PLUGIN
# The GEOIP plugin lets us know where our mail server is receiving mail from.
# If we're receiving too much spam from a particular place, this will help track it down.
# We can then use that info to reject connections from that place taking the load off our server.
# MODIFY THE GEOIP PLUGIN
# Edit the GEOIP plugin.
vi /usr/share/qpsmtpd/plugins/ident/geoip
# Modify the plugin to make it look like the following:
use Geo::IP;
my $geoip = Geo::IP->new(GEOIP_STANDARD);
sub hook_connect {
my ($self) = @_;
my $country = $geoip->country_code_by_addr
($self->qp->connection->remote_ip);
$self->qp->connection->notes('geoip_country', $country);
$self->log(LOGNOTICE, "GeoIP Country: $country");
if ( $self->qp->config("badcountries") ) {
my @badcountries = $self->qp->config("badcountries");
for (@badcountries) {
my ($pattern, $response) = split /\s+/, $_, 2;
return (DENY, $response) if ($country eq $pattern);
}
}
return (DECLINED);
}
# INSTALL THE GEOIP
# We need the GEOIP package and the perl interface to the program but this isn't installed on SME.
# We'll have to grab the packages from yum.
# Yum has access to different public repositories where packages are available. GEOIP is in the EXTRAS repo.
# We'll enable the repo and install them.
yum --enablerepo=extras install perl-Geo-IP
# Yum does the magic and knows to install both the program and the interface.
# INSTALL THE GEOIP DATABASE
# We also need the GEOIP DATABASE. This database is updated monthly by a company called MaxMind.
# We'll have to download it every month or pay for their subscription service to be accurate.
# The database needs to be in a specific location or it won't work. We'll change to that location.
cd /
cd /var/lib/GeoIP
# Now we'll get the latest database. The database is also in the repositories but it's outdated.
# We'll grab the most recent directly from MaxMind.
wget
http://www.maxmind.com/download/geoip/database/GeoIP.dat.gz# The database is zipped. We'll have to unzip it.
gunzip GeoIP.dat.gz
# TEST THE GEOIP
# Now that the package and database are installed, we can test it.
geoiplookup 216.17.211.37
# It should return: GeoIP Country Edition: US, United States
# It gives us the country code (US) and the long name (United States)
# Let's test it again with a domain name.
geoiplookup contribs.org
# Same result. So we know it works with IP ADDRESSES or DOMAIN NAMES.
# Let's test it again around the world.
geoiplookup gormand.com.au
# It should return: GeoIP Country Edition: AU, Australia
geoiplookup e-smith.com
# It should return: GeoIP Country Edition: CA, Canada
geoiplookup swerts-knudsen.dk
# It should return: GeoIP Country Edition: DK, Denmark
# ENABLE THE GEOIP QPSMTPD PLUGIN
# The email receiving component of SME is called QPSMTPD.
# It's great because it allows us to turn plugins on or off or create our own when we need.
# The GEOIP plugin is already in SME but it's turned off. We'll create a template to turn it on. First create the directory.
mkdir -p /etc/e-smith/templates/var/service/qpsmtpd/config/peers/0
# Now let's add the template file.
vi /etc/e-smith/templates/var/service/qpsmtpd/config/peers/0/18check_geoip
# Insert the following:
{
return "# geoip disabled" unless (${qpsmtpd}{GeoIP} eq "enabled");
"ident/geoip";
}
# Add the value to the SME CADNHO db.
config setprop qpsmtpd GeoIP enabled
# Expand the template.
expand-template /var/service/qpsmtpd/config/peers/0
# Restart the qpsmtpd service.
service qpsmtpd restart
# GEOIP plugin should now do its work.
# Check the qpsmtpd logs and you'll see the countries from where mail is sent.
cat /var/log/qpsmtpd/current
# GREP THE LOGS FOR COUNTRIES
# We'll use a simple shell script to do the work then we'll run it.
# First create the the script.
vi geoipstats.sh
# Insert the following:
#!/bin/sh
# Read the qpsmtpd log file.
cat /var/log/qpsmtpd/* | \
# Read all of the countries and count them.
grep 'GeoIP Country:' |
sed -e 's/^.*\(..\)$/\1/' |
sort | uniq -c | sort -n
# Now run the script. It will show the number of messages sent by country code.
sh geoipstats.sh
# BLOCK BAD COUNTRIES
# Now we need to add a template to control the BADCOUNTRIES.
# First create the dir
mkdir -p /etc/e-smith/templates/var/service/qpsmtpd/config/badcountries
# Now let's add the template file.
vi /etc/e-smith/templates/var/service/qpsmtpd/config/badcountries/10badcountries
# Insert the following:
{
my @badcountries = split /[,:]/, ${qpsmtpd}{BadCountries} || '';
return "# No BadCountries are defined" unless (scalar @badcountries);
return join "\n", @badcountries;
}
# Add the value to the SME CADNHO db.
config setprop qpsmtpd BadCountries <country code>
# Expand the template.
expand-template /var/service/qpsmtpd/config/badcountries
# Restart the service
service qpsmtpd restart
# TODO
-add templates into the email-update event
-roll into rpm
-possibly map connections
-possibly grep mail results and push to graph3d
-possibly automatically choose website language depending on country code
9 Replies
2547 Views