Hi All,
I've been tinkering with polw for a while now, here are my various patches
including the geoip work I got off the main site.
Sender and reverse spam token check (see .conf file)
Score senders on Geoip detected country
Compare TLD (where possible) and Geoip detected country for missmatch
'onspeed' dialup optimizer in dial up checks
Sender penalize for number in email address (non corporate check)
Modified random email address detection with 12 unbroken characters
This is designed for a corporate heavily whitelisted environment although
I've had no reports of fp yet...
g.
# ----------------------------------------------------------------
# policyd-weight configuration (defaults) Version 0.1.14 beta-5
# ----------------------------------------------------------------
$DEBUG = 1; # 1 or 0 - don't comment
$REJECTMSG = "550 Mail appeared to be SPAM or forged. Ask your
Mail/DNS-Administrator to correct HELO and DNS MX settings or to get removed
from DNSBLs";
$REJECTLEVEL = 0; # Mails with scores which exceed this
# REJECTLEVEL will be rejected
$DEFER_STRING = 'IN_SPAMCOP= BOGUS_MX=';
# A space separated case-sensitive list of
# strings on which if found in the $RET
# logging-string policyd-weight changes
# its action to $DEFER_ACTION in case
# of rejects.
# USE WITH CAUTION!
# DEFAULT: "IN_SPAMCOP= BOGUS_MX="
$DEFER_ACTION = '450'; # Possible values: DEFER_IF_PERMIT,
# DEFER_IF_REJECT,
# 4xx response codes. See also access(5)
# DEFAULT: 450
$DEFER_LEVEL = 5; # DEFER mail only up to this level
# scores greater than DEFER_LEVEL will be
# rejected
# DEFAULT: 5
$DNSERRMSG = '450 No DNS entries for your MTA, HELO and Domain.
Contact YOUR administrator';
$dnsbl_checks_only = 0; # 1: ON, 0: OFF (default)
$LOG_BAD_RBL_ONLY = 1; # 1: ON (default), 0: OFF
## DNSBL settings
@dnsbl_score = (
# HOST, HIT SCORE, MISS SCORE, LOG NAME
'pbl.spamhaus.org', 3.25, 0, 'DYN_PBL_SPAMHAUS',
'sbl-xbl.spamhaus.org', 4.35, -1.5, 'SBL_XBL_SPAMHAUS',
'bl.spamcop.net', 3.75, -1.5, 'SPAMCOP',
'dnsbl.njabl.org', 4.25, -1.5, 'BL_NJABL',
'list.dsbl.org', 4.35, 0, 'DSBL_ORG',
'ix.dnsbl.manitu.net', 4.35, 0, 'IX_MANITU'
);
$MAXDNSBLHITS = 2; # If Client IP is listed in MORE
# DNSBLS than this var, it gets
# REJECTed immediately
$MAXDNSBLSCORE = 8; # alternatively, if the score of
# DNSBLs is ABOVE this
# level, reject immediately
$MAXDNSBLMSG = '550 Your MTA is listed in too many DNSBLs';
## RHSBL settings
@rhsbl_score = (
'multi.surbl.org', 4, 0, 'SURBL',
'rhsbl.ahbl.org', 4, 0, 'AHBL',
'dsn.rfc-ignorant.org', 3.5, 0, 'DSN_RFCI',
'postmaster.rfc-ignorant.org', 0.1, 0, 'PM_RFCI',
'abuse.rfc-ignorant.org', 0.1, 0, 'ABUSE_RFCI'
);
@sender_score = (
# TOKEN, HIT SCORE, MISS SCORE, LOG NAME
'profit', 7, 0, 'KNOWN_SPAM',
'postcard', 7, 0, 'KNOWN_SPAM',
'greeting', 7, 0, 'KNOWN_SPAM',
'pharm', 7, 0, 'KNOWN_SPAM',
'stock', 4, 0, 'KNOWN_SPAM',
'marketing', 3, 0, 'PRO_SPAM',
'marketeer', 3, 0, 'PRO_SPAM',
'business', 3, 0, 'BULK',
'legal', 3, 0, 'BULK',
'fun', 3, 0, 'BULK',
'club', 1, 0, 'BULK',
'campaign', 2, 0, 'BULK',
'sex', 0.5, 0, 'BULK',
'miss', 1, 0, 'BULK',
'save', 1, 0, 'BULK',
'college', 1, 0, 'BULK',
'personnel', 1, 0, 'FINANCE',
'money', 1, 0, 'FINANCE',
'cash', 1, 0, 'FINANCE',
'deals', 1, 0, 'FINANCE',
'promotion', 1, 0, 'FINANCE',
'lease', 2, 0, 'FINANCE',
'lending', 1, 0, 'FINANCE',
'account', 1, 0, 'FINANCE',
'bounce', 3, 0, 'SPOOF',
'yahoo', 3, 0, 'WEBMAIL',
'hotmail', 3, 0, 'WEBMAIL',
);
## GeoIP settings
@geoip_score = (
#ISO-3166 COUNTRY CODE, NO MATCH, MATCH, LOG NAME
"AF", 0, 10, "AFGHANISTAN",
"AX", 0, 10, "ALAND ISLANDS",
"AL", 0, 4, "ALBANIA",
"DZ", 0, 10, "ALGERIA",
"AS", 0, 10, "AMERICAN SAMOA",
"AD", 0, 4, "ANDORRA",
"AO", 0, 10, "ANGOLA",
"AI", 0, 10, "ANGUILLA",
"AQ", 0, 10, "ANTARCTICA",
"AG", 0, 10, "ANTIGUA AND BARBUDA",
"AR", 0, 4, "ARGENTINA",
"AM", 0, 10, "ARMENIA",
"AW", 0, 10, "ARUBA",
"AU", 0, 2, "AUSTRALIA",
"AT", 0, 2, "AUSTRIA",
"AZ", 0, 10, "AZERBAIJAN",
"BS", 0, 10, "BAHAMAS",
"BH", 0, 10, "BAHRAIN",
"BD", 0, 10, "BANGLADESH",
"BB", 0, 10, "BARBADOS",
"BY", 0, 10, "BELARUS",
"BE", 0, 0, "BELGIUM",
"BZ", 0, 10, "BELIZE",
"BJ", 0, 10, "BENIN",
"BM", 0, 10, "BERMUDA",
"BT", 0, 10, "BHUTAN",
"BO", 0, 10, "BOLIVIA",
"BA", 0, 6, "BOSNIA AND HERZEGOVINA",
"BW", 0, 10, "BOTSWANA",
"BV", 0, 10, "BOUVET ISLAND",
"BR", 0, 4, "BRAZIL",
"IO", 0, 10, "BRITISH INDIAN OCEAN
TERRITORY",
"BN", 0, 10, "BRUNEI DARUSSALAM",
"BG", 0, 6, "BULGARIA",
"BF", 0, 10, "BURKINA FASO",
"BI", 0, 10, "BURUNDI",
"KH", 0, 10, "CAMBODIA",
"CM", 0, 10, "CAMEROON",
"CA", 0, 0, "CANADA",
"CV", 0, 10, "CAPE VERDE",
"KY", 0, 10, "CAYMAN ISLANDS",
"CF", 0, 10, "CENTRAL AFRICAN REPUBLIC",
"TD", 0, 10, "CHAD",
"CL", 0, 10, "CHILE",
"CN", 0, 4, "CHINA",
"CX", 0, 10, "CHRISTMAS ISLAND",
"CC", 0, 10, "COCOS KEELING ISLANDS",
"CO", 0, 10, "COLOMBIA",
"KM", 0, 10, "COMOROS",
"CG", 0, 10, "CONGO",
"CD", 0, 10, "CONGO THE DEMOCRATIC REPUBLIC
OF THE",
"CK", 0, 10, "COOK ISLANDS",
"CR", 0, 10, "COSTA RICA",
"CI", 0, 10, "COTE DIVOIRE",
"HR", 0, 0, "CROATIA",
"CU", 0, 0, "CUBA",
"CY", 0, 2, "CYPRUS",
"CZ", 0, 0, "CZECH REPUBLIC",
"DK", 0, 2, "DENMARK",
"DJ", 0, 10, "DJIBOUTI",
"DM", 0, 10, "DOMINICA",
"DO", 0, 10, "DOMINICAN REPUBLIC",
"EC", 0, 10, "ECUADOR",
"EG", 0, 10, "EGYPT",
"SV", 0, 10, "EL SALVADOR",
"GQ", 0, 10, "EQUATORIAL GUINEA",
"ER", 0, 10, "ERITREA",
"EE", 0, 10, "ESTONIA",
"ET", 0, 10, "ETHIOPIA",
"FK", 0, 10, "FALKLAND ISLANDS MALVINAS",
"FO", 0, 10, "FAROE ISLANDS",
"FJ", 0, 10, "FIJI",
"FI", 0, 2, "FINLAND",
"FR", 0, 2, "FRANCE",
"GF", 0, 10, "FRENCH GUIANA",
"PF", 0, 10, "FRENCH POLYNESIA",
"TF", 0, 10, "FRENCH SOUTHERN TERRITORIES",
"GA", 0, 10, "GABON",
"GM", 0, 10, "GAMBIA",
"GE", 0, 10, "GEORGIA",
"DE", 0, 2, "GERMANY",
"GH", 0, 10, "GHANA",
"GI", 0, 0, "GIBRALTAR",
"GR", 0, 4, "GREECE",
"GL", 0, 10, "GREENLAND",
"GD", 0, 10, "GRENADA",
"GP", 0, 10, "GUADELOUPE",
"GU", 0, 10, "GUAM",
"GT", 0, 10, "GUATEMALA",
"GG", 0, 0, "GUERNSEY",
"GN", 0, 10, "GUINEA",
"GW", 0, 10, "GUINEABISSAU",
"GY", 0, 10, "GUYANA",
"HT", 0, 10, "HAITI",
"HM", 0, 10, "HEARD ISLAND AND MCDONALD
ISLANDS",
"VA", 0, 5, "HOLY SEE VATICAN CITY STATE",
"HN", 0, 10, "HONDURAS",
"HK", 0, 4, "HONG KONG",
"HU", 0, 0, "HUNGARY",
"IS", 0, 0, "ICELAND",
"IN", 0, 2, "INDIA",
"ID", 0, 10, "INDONESIA",
"IR", 0, 10, "IRAN ISLAMIC REPUBLIC OF",
"IQ", 0, 10, "IRAQ",
"IE", 0, 0, "IRELAND",
"IM", 0, 0, "ISLE OF MAN",
"IL", 0, 3, "ISRAEL",
"IT", 0, 4, "ITALY",
"JM", 0, 10, "JAMAICA",
"JP", 0, 3, "JAPAN",
"JE", 0, 0, "JERSEY",
"JO", 0, 4, "JORDAN",
"KZ", 0, 10, "KAZAKHSTAN",
"KE", 0, 10, "KENYA",
"KI", 0, 6, "KIRIBATI",
"KP", 0, 7, "KOREA, DEMOCRATIC PEOPLES
REPUBLIC OF",
"KR", 0, 7, "KOREA, REPUBLIC OF",
"KW", 0, 10, "KUWAIT",
"KG", 0, 10, "KYRGYZSTAN",
"LA", 0, 10, "LAO PEOPLES DEMOCRATIC
REPUBLIC",
"LV", 0, 5, "LATVIA",
"LB", 0, 10, "LEBANON",
"LS", 0, 10, "LESOTHO",
"LR", 0, 10, "LIBERIA",
"LY", 0, 10, "LIBYAN ARAB JAMAHIRIYA",
"LI", 0, 5, "LIECHTENSTEIN",
"LT", 0, 10, "LITHUANIA",
"LU", 0, 3, "LUXEMBOURG",
"MO", 0, 10, "MACAO",
"MK", 0, 6, "MACEDONIA",
"MG", 0, 10, "MADAGASCAR",
"MW", 0, 10, "MALAWI",
"MY", 0, 10, "MALAYSIA",
"MV", 0, 10, "MALDIVES",
"ML", 0, 10, "MALI",
"MT", 0, 10, "MALTA",
"MH", 0, 10, "MARSHALL ISLANDS",
"MQ", 0, 10, "MARTINIQUE",
"MR", 0, 10, "MAURITANIA",
"MU", 0, 10, "MAURITIUS",
"YT", 0, 10, "MAYOTTE",
"MX", 0, 4, "MEXICO",
"FM", 0, 10, "MICRONESIA, FEDERATED STATES
OF",
"MD", 0, 6, "MOLDOVA",
"MC", 0, 3, "MONACO",
"MN", 0, 10, "MONGOLIA",
"ME", 0, 10, "MONTENEGRO",
"MS", 0, 0, "MONTSERRAT",
"MA", 0, 10, "MOROCCO",
"MZ", 0, 10, "MOZAMBIQUE",
"MM", 0, 10, "MYANMAR",
"NA", 0, 10, "NAMIBIA",
"NR", 0, 10, "NAURU",
"NP", 0, 10, "NEPAL",
"NL", 0, 2, "NETHERLANDS",
"AN", 0, 2, "NETHERLANDS ANTILLES",
"NC", 0, 1, "NEW CALEDONIA",
"NZ", 0, 5, "NEW ZEALAND",
"NI", 0, 10, "NICARAGUA",
"NE", 0, 10, "NIGER",
"NG", 0, 10, "NIGERIA",
"NU", 0, 10, "NIUE",
"NF", 0, 10, "NORFOLK ISLAND",
"MP", 0, 10, "NORTHERN MARIANA ISLANDS",
"NO", 0, 3, "NORWAY",
"OM", 0, 10, "OMAN",
"PK", 0, 10, "PAKISTAN",
"PW", 0, 10, "PALAU",
"PS", 0, 10, "PALESTINIAN TERRITORY
OCCUPIED",
"PA", 0, 10, "PANAMA",
"PG", 0, 10, "PAPUA NEW GUINEA",
"PY", 0, 10, "PARAGUAY",
"PE", 0, 10, "PERU",
"PH", 0, 10, "PHILIPPINES",
"PN", 0, 10, "PITCAIRN",
"PL", 0, 6, "POLAND",
"PT", 0, 3, "PORTUGAL",
"PR", 0, 10, "PUERTO RICO",
"QA", 0, 10, "QATAR",
"RE", 0, 10, "RfUNION",
"RO", 0, 6, "ROMANIA",
"RU", 0, 4, "RUSSIAN FEDERATION",
"RW", 0, 10, "RWANDA",
"SH", 0, 10, "SAINT HELENA",
"KN", 0, 10, "SAINT KITTS AND NEVIS",
"LC", 0, 10, "SAINT LUCIA",
"PM", 0, 10, "SAINT PIERRE AND MIQUELON",
"VC", 0, 10, "SAINT VINCENT AND THE
GRENADINES",
"WS", 0, 10, "SAMOA",
"SM", 0, 10, "SAN MARINO",
"ST", 0, 10, "SAO TOME AND PRINCIPE",
"SA", 0, 4, "SAUDI ARABIA",
"SN", 0, 10, "SENEGAL",
"RS", 0, 6, "SERBIA",
"SC", 0, 10, "SEYCHELLES",
"SL", 0, 5, "SIERRA LEONE",
"SG", 0, 4, "SINGAPORE",
"SK", 0, 10, "SLOVAKIA",
"SI", 0, 10, "SLOVENIA",
"SB", 0, 10, "SOLOMON ISLANDS",
"SO", 0, 10, "SOMALIA",
"ZA", 0, 6, "SOUTH AFRICA",
"GS", 0, 10, "SOUTH GEORGIA AND THE
SOUTHSANDWICH ISLANDS",
"ES", 0, 4, "SPAIN",
"LK", 0, 10, "SRI LANKA",
"SD", 0, 10, "SUDAN",
"SR", 0, 10, "SURINAME",
"SJ", 0, 10, "SVALBARD AND JAN MAYEN",
"SZ", 0, 10, "SWAZILAND",
"SE", 0, 3, "SWEDEN",
"CH", 0, 3, "SWITZERLAND",
"SY", 0, 10, "SYRIAN ARAB REPUBLIC",
"TW", 0, 10, "TAIWAN, PROVINCE OF CHINA",
"TJ", 0, 10, "TAJIKISTAN",
"TZ", 0, 10, "TANZANIA UNITED REPUBLIC OF",
"TH", 0, 10, "THAILAND",
"TL", 0, 10, "TIMOR-LESTE",
"TG", 0, 10, "TOGO",
"TK", 0, 10, "TOKELAU",
"TO", 0, 10, "TONGA",
"TT", 0, 10, "TRINIDAD AND TOBAGO",
"TN", 0, 10, "TUNISIA",
"TR", 0, 10, "TURKEY",
"TM", 0, 10, "TURKMENISTAN",
"TC", 0, 10, "TURKS AND CAICOS ISLANDS",
"TV", 0, 10, "TUVALU",
"UG", 0, 10, "UGANDA",
"UA", 0, 10, "UKRAINE",
"AE", 0, 3, "UNITED ARAB EMIRATES",
"GB", 0, 0, "UNITED KINGDOM",
"US", 0, 0, "UNITED STATES",
"UM", 0, 0, "UNITED STATES MINOR OUTLYING
ISLANDS",
"UY", 0, 10, "URUGUAY",
"UZ", 0, 10, "UZBEKISTAN",
"VU", 0, 10, "VANUATU",
"VE", 0, 10, "VENEZUELA",
"VN", 0, 4, "VIETNAM",
"VG", 0, 10, "VIRGIN ISLANDS, BRITISH",
"VI", 0, 10, "VIRGIN ISLANDS US",
"WF", 0, 10, "WALLIS AND FUTUNA",
"EH", 0, 10, "WESTERN SAHARA",
"YE", 0, 10, "YEMEN",
"ZM", 0, 10, "ZAMBIA",
"ZW", 0, 10, "ZIMBABWE",
# add as much as you need, adjust the score accordingly
# codes:
#http://www.iso.org/iso/fr/prods-services/iso3166ma/02iso-3166-code-lists/list-en1.html
# country spam ratings
#http://www.spamshield.org/maps/spamworld-withdefault.html
);
$BL_ERROR_SKIP = 2; # skip a RBL if this RBL had this many continuous
# errors
$BL_SKIP_RELEASE = 10; # skip a RBL for that many times
## cache stuff
$LOCKPATH = '/tmp/.policyd-weight/'; # must be a directory (add
# trailing slash)
$SPATH = $LOCKPATH.'/polw.sock'; # socket path for the cache
# daemon.
$MAXIDLECACHE = 60; # how many seconds the cache may be idle
# before starting maintenance routines
# NOTE: standard maintenance jobs happen
# regardless of this setting.
$MAINTENANCE_LEVEL = 5; # after this number of requests do following
# maintenance jobs:
# checking for config changes
# negative (i.e. SPAM) result cache settings ##################################
$CACHESIZE = 2000; # set to 0 to disable caching for spam results.
# To this level the cache will be cleaned.
$CACHEMAXSIZE = 4000; # at this number of entries cleanup takes place
$CACHEREJECTMSG = '550 temporarily blocked because of previous errors';
$NTTL = 1; # after NTTL retries the cache entry is deleted
$NTIME = 30; # client MUST NOT retry within this seconds in order
# to decrease TTL counter
# positve (i.,e. HAM) result cache settings ###################################
# $POSCACHESIZE = 1000; # set to 0 to disable caching of HAM. To this
number
# of entries the cache will be cleaned
#GW#
$POSCACHESIZE = 0; # set to 0 to disable caching of HAM. To this number
$POSCACHEMAXSIZE = 2000; # at this number of entries cleanup takes place
$POSCACHEMSG = 'using cached result';
$PTTL = 60; # after PTTL requests the HAM entry must
# succeed one time the RBL checks again
$PTIME = '3h'; # after $PTIME in HAM Cache the client
# must pass one time the RBL checks again.
# Values must be nonfractal. Accepted
# time-units: s, m, h, d
$TEMP_PTIME = '1d'; # The client must pass this time the RBL
# checks in order to be listed as hard-HAM
# After this time the client will pass
# immediately for PTTL within PTIME
## DNS settings
$DNS_RETRIES = 2; # Retries for ONE DNS-Lookup
$DNS_RETRY_IVAL = 2; # Retry-interval for ONE DNS-Lookup
$MAXDNSERR = 3; # max error count for unresponded queries
# in a complete policy query
$MAXDNSERRMSG = 'passed - too many local DNS-errors';
$PUDP = 0; # persistent udp connection for DNS queries.
# broken in Net::DNS version 0.51. Works with
# Net::DNS 0.53; DEFAULT: off
$USE_NET_DNS = 0; # Force the usage of Net::DNS for RBL lookups.
# Normally policyd-weight tries to use a faster
# RBL lookup routine instead of Net::DNS
$IPC_TIMEOUT = 2; # timeout for receiving from cache instance
# scores for checks, WARNING: they may manipulate eachother
# or be factors for other scores.
# HIT score, MISS Score
@client_ip_eq_helo_score = (1.5, -1.25 );
@helo_score = (1.5, -2 );
@helo_from_mx_eq_ip_score = (1.5, -3.1 );
@helo_numeric_score = (1.5, 0 );
@from_match_regex_verified_helo = (1, -2 );
@from_match_regex_unverified_helo = (1.6, -1.5 );
@from_match_regex_failed_helo = (2.5, 0 );
@helo_seems_dialup = (1.5, 0 );
@failed_helo_seems_dialup = (2, 0 );
@helo_ip_in_client_subnet = (0, -2.5 );
@helo_ip_in_cl16_subnet = (0, -0.41 );
@client_seems_dialup_score = (3.75, 0 );
@from_multiparted = (1.09, 0 );
@from_anon = (1.17, 0 );
@bogus_mx_score = (2.1, 0 );
@random_sender_score = (0.5, 0 );
@rhsbl_penalty_score = (3.1, 0 );
@enforce_dyndns_score = (3, 0 );
@geoip_mismatch_tld = (2, 0 );
@number_in_sender_score = (3, 0 );
$VERBOSE = 1;
$ADD_X_HEADER = 1; # Switch on or off an additional
# X-policyd-weight: header
# DEFAULT: on
$DEFAULT_RESPONSE = 'DUNNO default'; # Fallback response in case
# the weighted check didn't
# return any response (should never
# appear).
#
# Syslogging options for verbose mode and for fatal errors.
# NOTE: comment out the $syslog_socktype line if syslogging does not
# work on your system.
#
$syslog_socktype = 'unix'; # inet, unix, stream, console
$syslog_facility = "mail";
$syslog_options = "pid";
$syslog_priority = "info";
$syslog_ident = "postfix/policyd-weight";
#
# Process Options
#
$USER = "polw"; # User must be a username, no UID
$GROUP = ""; # specify GROUP if necessary
# DEFAULT: empty, will be initialized as
# $USER
$MAX_PROC = 50; # Upper limit if child processes
$MIN_PROC = 3; # keep that minimum processes alive
$TCP_PORT = 12525; # The TCP port on which policyd-weight
# listens for policy requests from postfix
$BIND_ADDRESS = '127.0.0.1'; # IP-Address on which policyd-weight will
# listen for requests.
# You may only list ONE IP here, if you want
# to listen on all IPs you need to say 'all'
# here. Default is '127.0.0.1'.
# You need to restart policyd-weight if you
# change this.
$SOMAXCONN = 1024; # Maximum of client connections
# policyd-weight accepts
# Default: 1024
$CHILDIDLE = 240; # how many seconds a child may be idle before
# it dies.
$PIDFILE = "/var/run/policyd-weight.pid";
--- policyd-weight-devel 2007-09-19 11:28:24.000000000 +0100
+++ policyd-weight-gw 2007-09-24 23:51:57.397890366 +0100
@@ -25,7 +25,7 @@
# AUTHOR: [EMAIL PROTECTED]
# DATE: Wed Sep 19 12:21:50 CEST 2007
# NAME: policyd-weight
-# VERSION: 0.1.14 beta-10
+# VERSION: 0.1.14 beta-10-gw
# URL: http://www.policyd-weight.org/
@@ -74,11 +74,11 @@
use Config;
use POSIX;
use Carp qw(cluck longmess);
-
+use Geo::IP;
use vars qw($csock $s $tcp_socket $sock $new_sock $old_mtime);
-our $VERSION = "0.1.14 beta-10";
+our $VERSION = "0.1.14 beta-10-gw";
our $CVERSION = 5; # cache interface version
our $CMD_DEBUG = 0; # -d switch
our $KILL; # -k switch
@@ -161,9 +161,9 @@
{
my $del;
open(POLW, "<$0") || die "open: $0: $!\n";
- print "#
----------------------------------------------------------------\n";
- print "# policyd-weight configuration (defaults) Version $VERSION
\n";
- print "#
----------------------------------------------------------------\n";
+ print "#
----------------------------------------------------------------\n";
+ print "# policyd-weight configuration (defaults) Version $VERSION \n";
+ print "#
----------------------------------------------------------------\n";
while (<POLW>)
{
if (/^#--BEGIN_CONFDEF/)
@@ -375,6 +375,15 @@
'ix.dnsbl.manitu.net', 4.35, 0, 'IX_MANITU'
);
+my @geoip_score = ();
+
+
+my @sender_score = (
+# TOKEN, HIT SCORE, MISS SCORE, LOG NAME
+# 'sometoken', 1, 0, 'KNOWN_SPAM',
+);
+
+
my $MAXDNSBLHITS = 2; # If Client IP is listed in MORE
# DNSBLS than this var, it gets
# REJECTed immediately
@@ -499,7 +508,8 @@
my @random_sender_score = (0.25, 0 );
my @rhsbl_penalty_score = (3.1, 0 );
my @enforce_dyndns_score = (3, 0 );
-
+my @geoip_mismatch_tld = (2, 0 );
+my @number_in_sender_score = (2, 0 );
my $VERBOSE = 0;
@@ -884,6 +894,9 @@
exit;
}
+our $geoip = Geo::IP->new(GEOIP_STANDARD);
+
+
# ----------------------------------------------------------
# main
# ----------------------------------------------------------
@@ -1751,6 +1764,20 @@
return ($my_REJECTMSG.' (multirecipient mail)' );
}
+#TLD variable creation used in geoip country comparisons
+ mylog(info=>"sender domain: $from_domain ") if $DEBUG;
+ my $from_tld;
+ if($from_domain =~ /.*\.([a-zA-Z]{2,2})$/)
+ {
+ $from_tld = $1;
+ mylog(info=>"initial TLD: $from_tld ") if $DEBUG;
+ #todo convert any tlds that dont match to their iso codes
+ if ($from_tld =="uk"){$from_tld = "GB"}
+ }
+ #can't find a tld that can be used for country matching
+ else {$from_tld = 0}
+
+
## cache check
if( ($CACHESIZE > 0) || ($POSCACHESIZE > 0) )
{
@@ -2193,6 +2220,80 @@
$helo_ok = 2;
}
+## GeoIP check ###############################################################
+
+ my $country = $geoip->country_code_by_addr("$ip");
+
+ if(defined($country))
+ {
+
+ for($i=0; $i < @geoip_score; $i += 4)
+ {
+ if($country eq $geoip_score[$i])
+ {
+ my $score = $geoip_score[$i+2];
+ if ($score != 0)
+ {
+ $RET .= " IN_".$geoip_score[$i+3]."=" . $score;
+ $rate += $score;;
+ }
+ }
+ else
+ {
+ my $score = $geoip_score[$i+1];
+ if ($score != 0)
+ {
+ $RET .= " NOT_IN_".$geoip_score[$i+3]."=" . $score;
+ $rate += $score;;
+ }
+ }
+ }
+## GeoIP TLD inconsitencies and failover #####################################
+
+ # only if a country tld was extracted compare it to the geoip detected
country.
+ if (length($from_tld) >1)
+ {
+ # modify score if the two values are consistent or not
+ mylog(info=>" geoip lc($country) tld lc($from_tld) ") if $DEBUG;
+ if( lc($country) eq lc($from_tld) )
+ {
+ $rate += $geoip_mismatch_tld[0];
+ $RET .= " GEO_MATCH=" . $geoip_mismatch_tld[1];
+ }
+ else
+ {
+ $rate += $geoip_mismatch_tld[1];
+ $RET .= " GEO_MISMATCH=" . $geoip_mismatch_tld[0];
+ }
+ }
+ }
+ # If geoIP lookup fails then failover to defining country from the tld if
possible
+
+ elsif (length($from_tld) >1)
+ {
+ for($i=0; $i < @geoip_score; $i += 4)
+ {
+ if($from_tld eq $geoip_score[$i])
+ {
+ my $score = $geoip_score[$i+2];
+ if ($score != 0)
+ {
+ $RET .= " IN_".$geoip_score[$i+3]."=" . $score;
+ $rate += $score;;
+ }
+ }
+ else
+ {
+ my $score = $geoip_score[$i+1];
+ if ($score != 0)
+ {
+ $RET .= " NOT_IN_".$geoip_score[$i+3]."=" . $score;
+ $rate += $score;;
+ }
+ }
+ }
+ mylog(info=>"geoip lookup failed so using sender tld instead") if $DEBUG;
+ }
## Reverse IP == dynhost check ###############################################
@@ -2237,6 +2338,34 @@
}
}
+## Sender and reverse spam token check
#############################################
+
+ for($i=0; $i < @sender_score; $i += 4)
+ {
+ if($from_domain =~ /.*$sender_score[$i].*/)
+ {
+ my $token_score = $sender_score[$i+1];
+ $RET .= " TYPE_".$sender_score[$i+3]."=" . $token_score;
+ $rate += $token_score;;
+ mylog(info=>"from_domain matched token");
+ }
+ else
+ {
+ foreach my $revhost (@reverse_ips)
+ {
+ if($revhost =~ /.*$sender_score[$i].*/)
+ {
+ my $token_score = $sender_score[$i+1];
+ $RET .= " TYPE_".$sender_score[$i+3]."=" .
$token_score;
+ $rate += $token_score;;
+ mylog(info=>"reverse_dns matched token");
+ }
+ }
+ }
+ }
+
+
+
## Reverse IP == HELO check ###################################################
$found = 0;
my $rev_processed = 0;
@@ -2346,6 +2475,9 @@
(
$helo =~ /[a-z\.\-\_]+\d{1,3}[-._]\d{1,3}[-._]\d{1,3}[-._]\d{1,3}/i
# that's an ugly regex! watch this!
+ ) ||
+ (
+ $helo =~ /onspeed/i #dialup optimization company
)
)
)
@@ -2557,7 +2689,9 @@
($rate < $REJECTLEVEL) &&
(
($orig_from =~ /[bcdfgjklmnpqrtvwxz]{5,}.*\@/i) ||
- ($orig_from =~ /[aeiou]{4,}.*\@/i)
+ ($orig_from =~ /[aeiou]{4,}.*\@/i) ||
+ # punish long usernames with no separators
+ ($orig_from =~ /[a-z]{12,}.*\@/)
)
)
{
@@ -2571,6 +2705,22 @@
$rhsbl_penalty = $rhsbl_penalty_score[0] * $random_sender_score[0];
}
+## Penalize email address' that contain numbers ###############################
+## Blunt tool to separate non-corporate emailers
+
+ if(
+ ($rate < $REJECTLEVEL) &&
+ (
+ ($orig_from =~ /[0-9].*\@/)
+ )
+ )
+ {
+ my $score = $number_in_sender_score[0];
+ $RET .= ' NUMBER_SENDER=' . $score;
+ $rate += $score;
+ }
+
+
## rhsbl check ################################################################
my $in_rhsbl;
my $RHSBLMSG = '';