This patch extends the geoip patch to take into account whether the TLD of
the sender matches the mail servers country of origin.
I would also advise anyone using geoip to update the free database file.
It can be done on a cronjob from the maxmind site.
debian stable policyd patched
--- policyd-weight.debian 2007-08-14 14:36:48.000000000 +0100
+++ policyd-weight.geoip_plus_mismatch 2007-08-14 14:38:34.000000000 +0100
@@ -73,6 +73,7 @@
use IO::Select;
use Config;
use POSIX;
+use Geo::IP;
use vars qw($csock $s $tcp_socket $sock $new_sock $old_mtime);
@@ -369,6 +370,9 @@
'abuse.rfc-ignorant.org', 0.1, 0, 'ABUSE_RFCI'
);
+my @geoip_score = ();
+
+
my $BL_ERROR_SKIP = 2; # skip a RBL if this RBL had this many
continuous
# errors
@@ -469,7 +473,7 @@
my @random_sender_score = (0.25, 0 );
my @rhsbl_penalty_score = (3.1, 0 );
my @enforce_dyndns_score = (3, 0 );
-
+my @geoip_mismatch_tld = (2, 0 );
my $VERBOSE = 0;
@@ -786,6 +790,7 @@
cache_query("stats");
exit;
}
+our $geoip = Geo::IP->new(GEOIP_STANDARD);
# ----------------------------------------------------------
# main
@@ -1485,6 +1490,13 @@
{
return ($my_REJECTMSG.' (multirecipient mail)');
}
+ mylog(info=>"sender domain: $from_domain ") if $DEBUG;
+ my $from_tld;
+ if($from_domain =~ /.*\.([a-zA-Z]{2,2})$/)
+ {
+ $from_tld = $1;
+ mylog(info=>"sender TLD: $from_tld ") if $DEBUG;
+ }
## cache check
if( ($CACHESIZE > 0) || ($POSCACHESIZE > 0) )
@@ -1901,7 +1913,56 @@
$rate += $score;
$helo_ok = 2;
}
+ ## GeoIP check
###############################################################
+
+ my $country = $geoip->country_code_by_addr("$ip");
+
+ if(defined($country))
+ {
+
+ for($i=0; $i < @geoip_score; $i += 4)
+ {
+ if($country eq $geoip_score[$i])
+ {
+ my $score = $geoip_score[$i+2];
+ if ($score != 0) {
+ $RET .= " IN_".$geoip_score[$i+3]."=" . $score;
+ $rate += $score;;
+ }
+ }
+ else
+ {
+ my $score = $geoip_score[$i+1];
+ if ($score != 0) {
+ $RET .= " NOT_IN_".$geoip_score[$i+3]."=" .
$score;
+ $rate += $score;;
+ }
+ }
+ }
+## GeoIP TLD inconsitencies and failover
#####################################
+ # only if a country tld was extracted compare it to the geoip detected
country.
+ if (length($from_tld) >1)
+ {
+ # reduce score if they match
+ if( lc($country) eq lc($from_tld) )
+ {
+ $rate += $geoip_mismatch_tld[0];
+ $RET .= " GEO_MATCH=" . $geoip_mismatch_tld[1];
+ }
+ else {
+ $rate += $geoip_mismatch_tld[1];
+ $RET .= " GEO_MISMATCH=" . $geoip_mismatch_tld[0];
+ }
+ }
+ }
+ else
+ {
+ # this never appears to be triggered
+ # was going to use it to failover to using the tld for the country
+ # geo lookup
+ mylog(info=>"geoip lookup failed") if $DEBUG;
+ }
## Reverse IP == dynhost check
###############################################
____________________________________________________________
Policyd-weight Mailinglist - http://www.policyd-weight.org/
