Re: [exim] Using GeoIP to block spammers - anyone?

Top Page
Delete this message
Reply to this message
Author: Mark Morley
Date:  
To: Odhiambo G. Washington, exim-users
Subject: Re: [exim] Using GeoIP to block spammers - anyone?
> I have hit google hard and found two projects that were geared towards
> introducing the complexities (yes) of using GeoIP within Exim.
>
> http://botanicus.net/dw/exim-python/exim-4.60py1.html
> http://pookey.co.uk/exim-geoip.xml
>
> One seems recent enough, but both seem like they are un-maintained.
> I am running Exim 4.62 on all my servers.
>
> Is there anyone out there using another variant of GeoIP blocking with
> Exim that they'd be willing to share with the community (me ;))?


We use GeoIP here. We don't block mail based on it directly, but we do use
it to control certain other tests in the ACL. I also add a set of X-GeoIP-*
headers to each incoming message so that customers can filter on them if they
choose, plus I include this info in the reject logs for statistical purposes.

In my connect acl I have this rule:

warn set acl_c6 = ${readsocket {/tmp/geoipd.socket} {$sender_host_address} {5s} {} {unknown} }

This connects to a UNIX socket on the localhost, gives it the IP address, and
gets back a single line that contains all the GeoIP data. For example, if the IP
address was "199.175.106.1" (one of ours), acl_c6 would be set to this value:

CA|CAN|Canada|BC|Victoria|v8w2l1|48.433300|-123.349998|0|0

That's the 2 character country code, the three character country code, country name,
region (state/province), city name, postal code, latitude, longitude, metro code,
and area code. Not all values are known to the GeoIP database. If the IP isn't in
GeoIP at all then the value is simply "unknown".

Later on in the final stages of the acls I extract each field and add it as a separate
header like this:

warn add_header = X-GeoIP-Code: ${extract {1} {|} {$GEOIP}}
warn add_header = X-GeoIP-Country: ${extract {3} {|} {$GEOIP}}
... and so on

Key to this is a small daemon that I wrote that listens for input on the socket,
performs the GeoIP lookup, and returns the results. This is a single little C
file that needs to be compiled and linked against the GeoIP library. I can make
this available if anyone wants it.

Mark

--
Mark Morley
Owner / Administrator
Islandnet.com