Topic: Abilitare plugin RelayCountry in spamassassin

[Nestore]

Vorrei modificare local.cf in modo da inserire country_db_type STRING e country_db_path STRING per dichiarare opzioni del plugin RelayCountry.
Ma non capisco bene come fare il custom template.. oppure usare user_prefs..

Qualcuno può aiutarmi?

Grazie mille

[Nestore]

Ok direi che ci sono riuscito:

^{mkdir -p /etc/e-smith/templates-custom/etc/mail/spamassassin/local.cf
cd /etc/e-smith/templates-custom/etc/mail/spamassassin/local.cf
echo "country_db_type GeoIP2" >> RelayCountry
signal-event email-update}


Ora l' istruzione rimane in local.cf

Inoltre ho decommentato in /etc/mail/spamassassin/init.pre

^{loadplugin Mail::SpamAssassin::Plugin::RelayCountry}

ridato
^{signal-event email-update}

Provato anche a rivviare il server, ma i metadati X-Relay-Countries... che mi aspettavo non appaiono nell' headers delle mail...

Altre info utili:

/usr/bin/spamassassin -V

^{SpamAssassin version 3.4.6
running on Perl version 5.16.3}


Inoltre GeoIP l' ho abilitato con:

^{db configuration setprop geoip LicenseKey "MIA LICENZA" AccountID "MIO ACCOUNT ID"
expand-template  /etc/GeoIP.conf
signal-event geoip-update}

[ReetP]

Inoltre GeoIP l' ho abilitato con:

Have you installed the geoip contrib?

https://wiki.koozali.org/GeoIP

You may also want to look at geoip_xt to blanket ban some countries.

https://wiki.koozali.org/Xt_geoip

[Nestore]

Have you installed the geoip contrib?

https://wiki.koozali.org/GeoIP

You may also want to look at geoip_xt to blanket ban some countries.

https://wiki.koozali.org/Xt_geoip

ok I'll try with Xt_geoip,

Does this require removal of existing geoip?

[ReetP]

I think you will find Xt_geoip depends on smserver-geoip. No need to remove it.

[Nestore]

I think you will find Xt_geoip depends on smserver-geoip. No need to remove it.

yet if I leave smeserver-geoip I get ERROR_UNLOADED_MODULE on the server manager, if I remove smeserver-geoip I don't get the error, but in any case I can't see the work of the RELAYCOUNTRY plugin which I would like to enable instead...

Other ideas?

[Nestore]

I did it....

reading better here: https://cwiki.apache.org/confluence/display/spamassassin/RelayCountryPlugin

I installed the CPAN module by reading here: https://www.danami.com/clients/knowledgebase/181/How-can-I-fix-the-error-Required-perl-module-is-not-installed-GEOIP2DatabaseReader- on-the-plugin-settings-page.html?language=italian

and I inserted the local.cf via templates-custom:

^{add_header all Relay-Country _RELAYCOUNTRY_}

Now I finally get in the mail headers "X-Spam-Realy-Country:......."

[ReetP]

So you read entirely the wrong thing and installed something you did not require?

With smeserver-geoip the GeoIP2 module was already installed? Did you ever bother to check that?

Right here, at the top of the page:

https://wiki.koozali.org/GeoIP

This product includes GeoLite2 data

You can see it here on standard SME with smeserver-geoip installed:

/usr/share/perl5/vendor_perl/GeoIP2

So instead you have now installed a whole pile of stuff that your server did not need, including tools to build modules which means any user, or hacker with access, could build their and install their own modules on your server.

I'll leave you to figure out how to update the modules regularly and how to remove it all. Remember to mention what you have done the next time you ask for help as you now have a non standard SME which may make life harder to fix in the future.

If you removed smeserver-geoip you have removed the automatic update mechanism for the GeoIP databases as well. The module you installed may have added something to crontab, but that is templated and will get overwritten on the next update.

You added code to init.pre which will get overwritten on your next update of spamassassin.

Finally you have a system that doesn't actually DO anything much at all. A user won't be checking headers. It may put [SPAM] in the subject depending on your settings but I found it wasn't very good, and probably for a lot of mail that isn't actually spam.

As for how you should probably have done it. (I think this method with .pre is OK but you should check)

Ensure you have smeserver-geoip installed correctly which has the correct modules for GeoIP2.

Code: [Select]

nano /etc/mail/spamassassin/my_custom_smeserver.pre

Paste:

Code: [Select]

loadplugin Mail::SpamAssassin::Plugin::RelayCountry
geodb_module GeoIP2

Then:

Code: [Select]

mkdir /etc/e-smith/templates-custom/etc/mail/spamassassin/local.cf/
nano /etc/e-smith/templates-custom/etc/mail/spamassassin/local.cf/82geoiprelay

Paste:

Code: [Select]

# Mark GeoIP Relay Countries

ifplugin Mail::SpamAssassin::Plugin::RelayCountry

# We can add this header as RELAYCOUNTRY is a tag in RelayCountry.pm
add_header all Relay-Country _RELAYCOUNTRY_

# If we template properly we could use qpsmptd BadCountries here

header RELAYCOUNTRY_BAD X-Relay-Countries =~ /(CN|RU|UA|RO|VN|US)/
describe RELAYCOUNTRY_BAD Relayed through spammy country at some point
score RELAYCOUNTRY_BAD 2.0

header RELAYCOUNTRY_GOOD X-Relay-Countries =~ /^(DE|AT|CH|FR)/
describe RELAYCOUNTRY_GOOD First untrusted GW is DE, AT,CH or FR
score RELAYCOUNTRY_GOOD -0.5

endif
# Mail::SpamAssassin::Plugin::RelayCountry

Finally:

Code: [Select]

signal-event email-update


Simple as that.

You should now get the relevant headers, though as I realised when I did this myself some while ago, a hard GeoIP block via XT_Geoip & smeserver-geoip is much more effective.

This will stop a lot but YMMV.

Code: [Select]

BadCountries=CN,IN,RU,BR,KR,RO,LT,AR,TW,VN,JP,HK,ID,PH,BD,CZ,BO,TH,MX,MD,IL,CO,BG,SG,RS,PL,IR,UA,EE,AE,CA,BY,NG,TR,AW,AM
xt_geoip has some nice simple reporting to help you.

(Yes, it has taken me a while to dig out my notes and check this works, but I also have a job to do that takes up most of my day. You just weren't that patient enough)

As my best mate says. "It's a wise man that has second thoughts first"

Good luck.

[Nestore]

ReetP

Thank you for making me aware of the risks I run by having installed tools to build modules. I didn't know this as I was ignorant, but I have already done a rollback via yum history and brought the situation back to the origins, furthermore I see that the CPAN module installed continues to do its job, because I continue to see the metadata that I was interested in RelayCountry.

Probably all those dependencies were only needed to give the command "cpanm GeoIP2::Database::Reader" but then I was able to uninstall everything and it continues to work..

I know that in the eyes of an expert I appear like a chocolatier, but I'm not used to asking for help and more used to solving problems independently by taking my own risks... however I have a robust backup system that can help me even in the event of disaster..

My setup isn't exactly standard mail server and I need to analyze the steps between the various servers to make decisions. I understood that GeioIP with even the help of XT is very effective and convenient for deciding what to do with the server that contacts me to send me the mail, but I have to make my decisions based on the steps that the email has taken previously..

[ReetP]

Thank you for making me aware of the risks I run by having installed tools to build modules. I didn't know this as I was ignorant, but I have already done a rollback via yum history and brought the situation back to the origins, furthermore I see that the CPAN module installed continues to do its job, because I continue to see the metadata that I was interested in RelayCountry.

Act in haste, repent at leisure. If you don't know, then why do it?

This is becoming a real XY problem. https://xyproblem.info/

So if it still works then it can't be 'back to normal' - logically. You have removed the build tools, but not the module/s as there are likely a lot due to dependencies. You now have no way to update any of the modules. If you had just done as requested and answered questions rather than telling us about your attempts to solve your issue then you would not be in this position.

Have you researched 'removing CPAN installed module' or 'cpan uninstall module' ?

https://www.perl.com/article/3/2013/3/27/How-to-cleanly-uninstall-a-Perl-module/

But that may not clear it all out as you don't know exactly what was installed, or upgraded, and I have no idea what it does about dependencies.

Probably all those dependencies were only needed to give the command "cpanm GeoIP2::Database::Reader" but then I was able to uninstall everything and it continues to work..

Yes - see above. There are a lot of dependencies. And you have no updates for the GeoIP databases at the minute so they will go out of date in due course rendering your efforts pretty pointless.

I know that in the eyes of an expert I appear like a chocolatier, but I'm not used to asking for help and more used to solving problems independently by taking my own risks... however I have a robust backup system that can help me even in the event of disaster..

I am no 'expert' but have a vague idea of what is going on. But you did ask for help so it would have been sensible to understand how to ask questions, and see if you got an answer, before going off piste.

Also using a test server rather breaking your production version is usually a good idea.

You have now documented a bit of a mess which I can't particularly help to clean up.

My setup isn't exactly standard mail server and I need to analyze the steps between the various servers to make decisions.

What's 'not standard' ? You need to explain your problems and objectives rather than your attempts at a solution.

See the XY problem above and also :

https://forums.koozali.org/index.php/topic,54724.0.html

I understood that GeioIP with even the help of XT is very effective and convenient for deciding what to do with the server that contacts me to send me the mail, but I have to make my decisions based on the steps that the email has taken previously..

As above, you still haven't said why or what benefit understanding potential relay countries would have. As per the XY Problem you may be trying to fix the wrong problem.