Re: geoip patch extension

Tue, 14 Aug 2007 06:45:50 -0700 


On Tue, 14 Aug 2007, Giles Westwood i wrote:



This patch extends the geoip patch to take into account whether the TLD of
the sender matches the mail servers country of origin.

I would also advise anyone using geoip to update the free database file.
It can be done on a cronjob from the maxmind site.

debian stable policyd patched

--- policyd-weight.debian       2007-08-14 14:36:48.000000000 +0100
+++ policyd-weight.geoip_plus_mismatch  2007-08-14 14:38:34.000000000 +0100
@@ -73,6 +73,7 @@
use IO::Select;
use Config;
use POSIX;
+use Geo::IP;

use vars qw($csock $s $tcp_socket $sock $new_sock $old_mtime);

@@ -369,6 +370,9 @@
    'abuse.rfc-ignorant.org',      0.1,      0,        'ABUSE_RFCI'
);

+my @geoip_score = ();
+
+
my $BL_ERROR_SKIP     = 2;  # skip a RBL if this RBL had this many
continuous
                            # errors

@@ -469,7 +473,7 @@
my @random_sender_score              = (0.25,       0    );
my @rhsbl_penalty_score              = (3.1,        0    );
my @enforce_dyndns_score             = (3,          0    );
-
+my @geoip_mismatch_tld              = (2,          0    );

my $VERBOSE = 0;

@@ -786,6 +790,7 @@
    cache_query("stats");
    exit;
}
+our $geoip = Geo::IP->new(GEOIP_STANDARD);

# ----------------------------------------------------------
#                 main
@@ -1485,6 +1490,13 @@
    {
        return ($my_REJECTMSG.' (multirecipient mail)');
    }
+    mylog(info=>"sender domain: $from_domain ") if $DEBUG;
+    my $from_tld;
+    if($from_domain =~  /.*\.([a-zA-Z]{2,2})$/)
+    {
+       $from_tld = $1;
+       mylog(info=>"sender TLD: $from_tld ") if $DEBUG;
+    }

## cache check
    if( ($CACHESIZE > 0) || ($POSCACHESIZE > 0) )
@@ -1901,7 +1913,56 @@
        $rate    += $score;
        $helo_ok  = 2;
    }
+ ## GeoIP check
###############################################################
+
+     my $country = $geoip->country_code_by_addr("$ip");
+
+     if(defined($country))
+     {
+
+         for($i=0; $i < @geoip_score; $i += 4)
+         {
+             if($country eq $geoip_score[$i])
+             {
+              my $score = $geoip_score[$i+2];
+                 if ($score != 0) {
+                     $RET      .= " IN_".$geoip_score[$i+3]."=" . $score;
+                     $rate     += $score;;
+                 }
+            }
+             else
+             {
+              my $score = $geoip_score[$i+1];
+                 if ($score != 0) {
+                     $RET      .= " NOT_IN_".$geoip_score[$i+3]."=" .
$score;
+                     $rate     += $score;;
+                 }
+             }
+         }
+## GeoIP TLD inconsitencies and failover
#####################################

+       # only if a country tld was extracted compare it to the geoip detected
country.
+       if (length($from_tld) >1)
+       {
+               # reduce score if they match
+               if( lc($country) eq lc($from_tld) )
+               {
+                       $rate += $geoip_mismatch_tld[0];
+                       $RET    .= " GEO_MATCH=" . $geoip_mismatch_tld[1];
+               }
+               else {
+                       $rate += $geoip_mismatch_tld[1];
+                       $RET    .= " GEO_MISMATCH=" . $geoip_mismatch_tld[0];
+               }
+       }
+     }
+     else
+     {
+     # this never appears to be triggered
+     # was going to use it to failover to using the tld for the country
+     # geo lookup
+     mylog(info=>"geoip lookup failed") if $DEBUG;
+     }

## Reverse IP == dynhost check
###############################################




____________________________________________________________
Policyd-weight Mailinglist - http://www.policyd-weight.org/




Wow this could prove quite useful; however, are there instances where an 
IP could be in the US but uses a non standard TLD?



____________________________________________________________
Policyd-weight Mailinglist - http://www.policyd-weight.org/






















					Reply via email to