Skip to content

Commit

Permalink
import
Browse files Browse the repository at this point in the history
  • Loading branch information
msimerson committed Oct 6, 2016
1 parent 38d44e7 commit 131a89c
Show file tree
Hide file tree
Showing 8 changed files with 940 additions and 0 deletions.
19 changes: 19 additions & 0 deletions .eslintrc
Original file line number Diff line number Diff line change
@@ -0,0 +1,19 @@
{
"env": {
"node": true
},
"rules": {
"dot-notation": 2,
"indent": [2, 2, {"SwitchCase": 1}],
"one-var": [2, "never"],
"no-trailing-spaces": [2, { "skipBlankLines": false }],
"keyword-spacing": [2, {
"after": true,
"overrides": {},
}],
"no-delete-var": 2,
"no-label-var": 2,
"no-shadow": 2,
"no-unused-vars": [ 1, { "args": "none" }]
}
}
18 changes: 18 additions & 0 deletions .travis.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
language: node_js
node_js:
- "4"
- "6"

before_script:
- npm install -g grunt-cli

script:
- npm run lint
- npm test

after_success:
- npm install istanbul codecov
- npm run coverage
- ./node_modules/.bin/codecov

sudo: false
112 changes: 112 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,112 @@

# geoip

provide geographic information about mail senders.

# SYNOPSIS

Use MaxMind's GeoIP databases to report geographic information about senders. This plugin has support for both the [maxmind](https://github.com/runk/node-maxmind) and [geoip-lite](https://github.com/bluesmoon/node-geoip) node modules.

# INSTALL

Install the npm geoip module you prefer:

npm install maxmind
or
npm install -g geoip-lite

If both are installed, maxmind will be preferred as it's faster and also provides ASN data. The maxmind module requires manual download of the GeoIP databases. The npm module `maxmind-geolite-mirror` will download the files and keep them up-to-date if you run it periodically.

```bash
mkdir -p /usr/local/share/GeoIP
npm install -g maxmind-geolite-mirror
/usr/local/bin/maxmind-geolite-mirror
```

# DESCRIPTION

GeoIP results are stored in connection.notes.geoip and connection.[results](https://github.com/haraka/Haraka/blob/master/docs/Results.md).connect.geoip. The following information is typically available:

continent: NA,
country: US,

If the GeoIP city database is available, the following may also be available:

region: CA,
city: San Francisco,
ll: [37.7484, -122.4156],
distance: 1539 // in kilometers
range: [ 3479299040, 3479299071 ],

`connect.geoip` also adds entries like this to your logs:

[connect.geoip] US
[connect.geoip] US, WA
[connect.geoip] US, WA, Seattle
[connect.geoip] US, WA, Seattle, 1319km

Calculating the distance requires the public IP of this mail server. This may
be the IP that Haraka is bound to. If not, make sure that `utils.get_public_ip`
can figure it out (via STUN or in `smtp.ini`).

# CONFIG

- distance

Perform the geodesic distance calculations. Calculates the distance "as the
crow flies" from the remote mail server.

This calculation requires a 'from' IP address. This will typically be the
public IP of your mail server. If Haraka is bound to a private IP, net\_utils
will attempt to determine your public IP. If that doesn't work, edit
config/smtp.ini and set `public_ip`.

- show\_city

show city data in logs and headers. City data is less accurate than country.

- show\_region in logs and headers. Regional data are US states, Canadian
provinces and such.

Set a connection result to true if the distance exceeds this many kilometers.

- too\_far=4000

- [asn]report_as

Permits reporting the ASN as another plugin (such as connect.asn).

# SPAM PREDICTION WITH DISTANCE

[Spatio-temporal Network-level Automatic Reputation Engine](http://www.cc.gatech.edu/~feamster/papers/snare-usenix09.pdf)

"For ham, 90% of the messages travel about 4,000 km or less. On the
other hand, for spam, only 28% of messages stay within this range."

Observations in 2014 suggest that geodesic distance continues to be an
excellent predictor of spam.


# LIMITATIONS

The distance calculations are more concerned with being fast than
accurate. The MaxMind location data is collected from whois and is of
limited accuracy. MaxMind offers more accurate data for a fee.

For distance calculations, the earth is considered a perfect sphere. In
reality, it is not. Accuracy should be within 1%.

This plugin does not update the GeoIP databases. You may want to.


# SEE ALSO

MaxMind: http://www.maxmind.com/

Databases: http://geolite.maxmind.com/download/geoip/database


# TODO

Keep an eye on node-geoip and see if they add ASN support. This would be an
alternative to connect.asn which uses a DNS lookup to retrieve the ASN.
28 changes: 28 additions & 0 deletions config/connect.geoip.ini
Original file line number Diff line number Diff line change
@@ -0,0 +1,28 @@

; dbdir: the directory GeoIP DB files live in. This is only used by
; the maxmind geoip provider.
;dbdir=/usr/local/share/GeoIP

; public_ip: the public IP address of *this* mail server
; if your mail server is not bound to a public IP, you'll have to provide
; this for distance calculations to work.
;public_ip=208.100.177.123

; show_city: show city data in logs and headers
; note: city data is less accurate than country
;show_city=true

; show_region: show regional data (US states, CA provinces, etc..)
;show_region=true

; enable distance calculations. If you don't use the distance, leave it
; disabled to save a few CPU cycles.
;calc_distance=false

; if calculating distance, an additional 'too_far' key in the geoip
; connection note can be set to true if the distance exceeds the limit (in
; kilometers). A suggested use for that data is the karma plugin.
;too_far=4000

;[asn]
;report_as=connect.asn
Loading

0 comments on commit 131a89c

Please sign in to comment.