GeoMailSearch

From test.coolscript.org
Jump to navigation Jump to search

About[edit]

GeoMailSearch is a plugin for Spamassassin, build on Maxmind,it can block mail sender by ip,
ranges of ip, countries or ASN and even geo data by latitude and longtiude.
GeoMailSearch is build on the SA skeleton
GeoMailSearch is written in Perl and runs on Linux.

With GeoMailSearch you can:

  • Score for the email sender country
    • Optional Score for the sender time (Office Hour)

Advanced:

  • Score the email sender country (Array)
    • Optional Score the sender time (Office Hour)
  • Score the email ASN provider (Array)
    • Optional Score the ASN provider (Office Hour)
  • Score the email server Latitude/Longitude and define a radius around it (Array)
    • Optional Score the server Latitude/Longitude (Office Hour)



Requirements (Dependency Tree)[edit]

  • Linux
    • mySQL
    • Perl
    • Sendmail (or another, similar and functioning MTA)
      • Spamassassin
        • GeoMailSearch
          • Maxmind GeoIP Database


Installation[edit]

Files[edit]

Please get GeoMailSearch.pm (download link below) and copy it to the Perl/Spamassassin Plugin Directory, depending on your Linux distribution this might be:

/usr/share/perl5/Mail/SpamAssassin/Plugin/

then check the permissions and give it a try by looking for error mesages , there should be none when running:

root@myhost ~ # /usr/share/perl5/Mail/SpamAssassin/Plugin/GeoMailSearch.pl

Modules[edit]

It might be required to install some more perl modules. In case, this is the list of modules being used:

use strict;
package Mail::SpamAssassin::Plugin::GeoMailSearch;
use Mail::SpamAssassin::Plugin;
use Mail::SpamAssassin::Conf::Parser;
use POSIX;	
use DBI;
use HTTP::Date qw/str2time/;
use Math::Trig qw(deg2rad pi great_circle_distance);
use Net::Syslog;

SQL[edit]

This Plugin requires the geoip database on a mysql server, to load you may first create the database and then assign a user next.

Please use the template geoip.sql from the download archive and run it with mysql.
Create database:

mysql -u myuser -p < geoip.sql

Then create the user, for example geouser:

mysql -u myuser -p 
GRANT ALL PRIVILEGES ON geoip.* TO 'geouser'@'localhost' IDENTIFIED BY 'mypassword' WITH GRANT OPTION;

Note
There will be two places where the above account credentials are needed.
Sample:

  • /etc/spamassassin/yourconfig
  • /mypath/gms-loader.xml

Configuration[edit]

Basic[edit]

Spamassassin sample /etc/spamassassin/local.cf

Initialization[edit]

  • Initialization:
loadplugin     Mail::SpamAssassin::Plugin::GeoMailSearch
header         GeoMailSearch eval:check_geomailsearch()

Database Conection[edit]

  • Database connection
geomailsearch_sql_database geoip
geomailsearch_sql_server   127.0.0.1
geomailsearch_sql_user     username
geomailsearch_sql_pwd      pax-s-w-0r-d

Log Level[edit]

Log level sample:

geomailsearch_syslog    1

Available levels:

  • Level 0: No syslog
  • Level 1: Full
  • Level 2: Analyze

Basic Settings[edit]

Basic Country Settings

geomailsearch_score  1.0
geomailsearch_non_office_hours 20:00-07:00
geomailsearch_non_business_day 1 
geomailsearch_block_country  X1:X2:X3



Description:

local.cf
Name Required Value
geomailsearch_score Yes Scoring values for spamassassin
geomailsearch_non_office_hours Optional TimeDiff, hh:mm-hh:mm
The time range of the NON office hour
Sample hours between 18:00 until the next day 08:00
18:00-08:00
geomailsearch_non_business_day Optional Non business days (weekend)
If this value is set to 1 then the non office hours
gets overrules if the day is saturday or sunday.
geomailsearch_block_country Yes Array list of country codes separated by column
Sample for a single country code:
X1
Sample for a array of countries:
X1:X2:X3



Advanced[edit]

Advanced Country Score[edit]

Advanced Country Block works as array, each set of element is separated by a pipe .
Sample for 3 elements of rules:

geomailsearch_advanced_score_country X1:X2,0.5,20:00-07:00|X3:X4,0.6,19:00-20:00|X5,0.7

The above sample has 3 rules:

  • Rule1: X1:X2,0.5,20:00-07:00
  • Rule2: X3:X4,0.6,19:00-20:00
  • Rule3: X5,0.7


Each rule has 2 or 3 elements, first the country array, then the score and last a optional non office hour time range.

  • Element1: Counry code, separated by column
  • Element2: Score
  • Element3: Optional non office hour time range

The above sample has the following effective rules:

local.cf
Country Score Non office hour time range
X1 0.5 20:00-07:00
X2 0.5 20:00-07:00
X3 0.6 19:00-20:00
X4 0.6 19:00-20:00
X5 0.7 None


Advanced ASN Score[edit]

Advanced ASN Block works as array, each set of element is separated by a pipe .
Sample for 3 elements of rules:

geomailsearch_advanced_score_asn  AS0000:AS0001,0.5,18:00-08:00|AS0003:AS0004,0.6,19:00-08:00|AS0005,0.7


The above sample has 3 rules:

  • Rule1: AS0001:AS0002,0.5,18:00-08:00
  • Rule2: AS0003:AS0004,0.6,19:00-08:00
  • Rule3: AS0005,0.7


Each rule has 2 or 3 elements, first the asn array, then the score and last a optional non office hour time range.

  • Element1: AS Number, separated by column
  • Element2: Score
  • Element3: Optional non office hour time range

The above sample has the following effective rules:

local.cf
AS Number Score Non office hour time range
AS0001 0.5 18:00-08:00
AS0002 0.5 18:00-08:00
AS0003 0.6 19:00-08:00
AS0004 0.6 19:00-08:00
AS0005 0.7 None

Advanced GEO Score[edit]

Advanced GEO Block works as array, each set of element is separated by a pipe .
Sample for 2 elements of rules:

geomailsearch_radius_score 90.0,0.01,200,0.5,18:00-23:00|-90.0,0.01,300,0.6


The above sample has 2 rules:

  • Rule1: 90.0,0.01,200,0.5,18:00-23:00
  • Rule2: -90.0,0.01,300,0.6


Each rule has 4 or 5 elements, first the geo data (latitude/longitude) array, then the search radius followed by the score and last a optional non office hour time range.

  • Element1: Latitude
  • Element2: Longitude
  • Element4: Radius (KM)
  • Element4: Score
  • Element5: Optional non office hour range

The above sample has the following effective rules:

local.cf
Latitude Longitude Radius Score Optional non office hour range Info
90.0 0.01 200 0.5 18:00-08:00 This is the South Pole :-)
-90.0 0.01 300 0.6 None This is the North Pole :-)

Configure Syslog[edit]

If you use syslog then please make sure your rsyslog daemon has udp logging enabled on 127.0.0.1

  • /etc/rsyslog.conf
$ModLoad imudp
$UDPServerRun 514

GMS-LOADER[edit]

The GeoMailSearch loader takes care of downloading the recent maxmind database, it alos insert the data into the mysql server.
The GMS loader is using a xml configuration file for the settings.

Sample

<?xml version="1.0"?>
<CONFIG>
<HTTP_Maintain
 IPLIST="1"
 ASNLIST="1"
 CITYLIST="0"
 />   
 <HTTP_Download
  IPLIST="http://geolite.maxmind.com/download/geoip/database/GeoLiteCity_CSV/GeoLiteCity-latest.zip"
  ASNLIST="http://download.maxmind.com/download/geoip/database/asnum/GeoIPASNum2.zip"
  CITYLIST="http://download.maxmind.com/download/worldcities/worldcitiespop.txt.gz"
 />   
 <GeoDatabase
	Database = "geoip"
	Server = "localhost"
	Username = "geouser"
	Password = "xxxx"
 />
 <System
	SyslogIP="127.0.0.1"
	DeleteTempDataOnStartup="1"
	DeleteTempDataOnExit="1"
 />
</CONFIG>


HTTP_Maintain
Attribute Value Description
IPLIST Boolean Download and maintain the ip list
ASNLIST Boolean Download and maintain the ASN list
CITYLIST Boolean Download and maintain the City list

Note Downloading the City List is nthat much often required, maybe once a year.

HTTP_Download
Attribute Value Description
IPLIST Boolean URL to the list
ASNLIST Boolean URL to the list
CITYLIST Boolean URL to the list


GeoDatabase
Attribute Description
Database mysql database
Server mysql server name
Username mysql username
Password mysql password


System
Attribute Description
SyslogIP ip address of your syslog server, leave empty to disable
DeleteTempDataOnStartup delete temporary download data at startup
DeleteTempDataOnExit delete temporary download data at startup




GMS-LOADER CRON[edit]

Cron sample:

#m  h dom  mon dow   command
 0  1 5    *   *     (cd /usr/local/gms-loader/; ./gms-loader.pl)



Download GMS[edit]


Download the script

Error creating thumbnail: File missing