Using GeoIP to block or allow country connections

This section contains scripts that hMailServer has contributed with. hMailServer 5 is needed to use these.
percepts
Senior user
Senior user
Posts: 5282
Joined: 2009-10-20 16:33
Location: Sceptred Isle

Re: Using GeoIP to block or allow country connections

Post by percepts » 2014-02-11 04:52

An alternative but external lookup:

A little script to get country code of IP and then you can do what you like with it.

Been playing and whilst this isn't the prefered (local database) method, some may find it useful.
Main benefit is that it doesn't require you to maintain a local DB of IP numbers. It uses the Maxmind GeoLite DB and presumably they look after the updates and will deal with Maxmind changing to GeoIP2.

Obviously depends on http://freegeoip.net being up and running and the speed of response but it seems quick to me.

Works for me but you may need to play with with permissions/firewall settings if you have problems with it going external for the lookup.

Where you call it from depends what you are going to do with the code.
If you are going to reject the connection then call it from OnClientConnect otherwise you can call if from OnAcceptMessage if you are going to use the Country code for other things.

If for some reason your version of Windows doesn't have MSXML2.XMLHTTP then you should have an equivalent, I think, and you'll have to research what it is.

the call to function is:

GetGeoip (oClient.IPAddress)

then IPCountry will contain the country of the given IP number if its found.
If the lookup fails the IPCountry will be boolean False.

Code: Select all

Sub GetGeoIP(IP)
 Dim IPCountry, GeoArray
 Dim o
 Set o = CreateObject("MSXML2.XMLHTTP")
 o.open "GET", "http://freegeoip.net/csv/"+IP, False
 o.timeout = 5000000
 o.send
 If (o.status = 200 ) Then 
  GeoArray = Split(o.responseText, ",", -1, 1)
  IPCountry = GeoArray(1)
  IPCountry = Replace (IPCountry, """", "")
 Else
  IPCountry = Null 
End If 
End Sub

percepts
Senior user
Senior user
Posts: 5282
Joined: 2009-10-20 16:33
Location: Sceptred Isle

Re: Using GeoIP to block or allow country connections

Post by percepts » 2014-02-11 05:26

Correction of above:

A little script to get country code of IP and then you can do what you like with it.

Been playing and whilst this isn't the prefered method, some may find it useful.
Main benefit is that it doesn't require you to maintain a local DB of IP numbers. It uses the Maxmind GeoLite DB and presumably they look after the updates and will deal with Maxmind changing to GeoIP2.

Obviously depends on http://freegeoip.net being up and running and the speed of response but it seems quick to me.

Works for me but you may need to play with with permissions/firewall settings if you have problems with it going external for the lookup.

Where you call it from depends what you are going to do with the code.
If you are going to reject the connection then call it from OnClientConnect otherwise you can call if from OnAcceptMessage if you are going to use the Country code for other things.

If for some reason your version of Windows doesn't have MSXML2.XMLHTTP then you should have an equivalent, I think, and you'll have to research what it is.

the call to function is:

GetGeoip (oClient.IPAddress)

then IPCountry will contain the country of the given IP number if its found.
If the lookup fails or times out then IPCountry will be Boolean False.

Code: Select all

Sub GetGeoIP(IP)
 Dim IPCountry, GeoArray
 Dim o
 Set o = CreateObject("MSXML2.XMLHTTP")
 o.open "GET", "http://freegeoip.net/csv/"+IP, False
 o.send
 If (o.status = 200 ) Then 
  GeoArray = Split(o.responseText, ",", -1, 1)
  IPCountry = GeoArray(1)
  IPCountry = Replace (IPCountry, """", "")
 Else
  IPCountry = False 
End If 
End Sub

swrue
New user
New user
Posts: 2
Joined: 2014-02-23 00:46

Re: Using GeoIP to block or allow country connections

Post by swrue » 2014-02-23 00:55

Hi Percepts,
thank you for your continuous help and providing improvements.
Personally I like the external lookup to avoid the effort of download and manual implementation.
Unfortunately I'm not familiar of all required steps to implement the external lookup solution.
It would be great if you could explain what is necessary to do from beginning till external lookup works.

Thank you in advance for support. It is highly appreciated.

Best regards,
swrue

percepts
Senior user
Senior user
Posts: 5282
Joined: 2009-10-20 16:33
Location: Sceptred Isle

Re: Using GeoIP to block or allow country connections

Post by percepts » 2014-02-23 03:20

Replace your OnClientConnect sub in eventhandlers.vbs with following code.
add or remove any country codes you want to allow through. All other countries will be rejected.
country LH = local host and LN = Lan and both should be retained in following code

Read first post of this topic for fuller explanation

Note: I have not tested below code.

Code: Select all

Sub OnClientConnect(oClient)
 Result.Value = 1
 
 Dim GeoArray, country, countryname

 If (oClient.IPAddress = "xxx.xxx.xxx.xxx") Then  ' Put your hmailserver IP in here
  country = "GB"                                    ' put your country code in here
  countryname = "United Kingdom"         ' put your country name in here  
 Else
  Dim o
  Set o = CreateObject("MSXML2.XMLHTTP")
  o.open "GET", "http://freegeoip.net/csv/"+oClient.IPAddress, False
  o.send
  If (o.status = 200 ) Then 
   GeoArray = Split(o.responseText, ",", -1, 1)
   country = GeoArray(1)
   country = Replace (country, """", "")
   countryname = GeoArray(2)
   countryname = Replace (countryname, """", "")
  Else
   country = ""
   countryname = "freegeoip.net lookup failed"    
  End If 
 End If 
 
 If (country = "LH" ) Then  ' Localhost
  Result.Value = 0
 End if    
 If (country = "LN" ) Then  ' Local Lan
  Result.Value = 0
 End if
  If (country = "DE" ) Then  ' Germany
   Result.Value = 0
  End if
  If (country = "FR" ) Then  ' France
   Result.Value = 0
  End if
  If (country = "GB" ) Then  ' Great Britain
   Result.Value = 0
  End if
  If (country = "NL" ) Then  ' Netherlands
   Result.Value = 0
  End if
  If (country = "US" ) Then  ' USA
   Result.Value = 0
  End if

 If (Result.Value = 1 ) Then  ' Rejected
  EventLog.Write("Geo-IP rejected:"+Chr(34)+vbTab+oClient.IPAddress+vbTab+Chr(34)+country+" "+countryname)
 End if

End Sub

swrue
New user
New user
Posts: 2
Joined: 2014-02-23 00:46

Re: Using GeoIP to block or allow country connections

Post by swrue » 2014-02-23 19:53

Thank you, percepts.
I think your script element works fine. I've tested email from my home country and from a foreign country.
Home country passed and foreign country hasn't passed.

Best Regards,
swrue

percepts
Senior user
Senior user
Posts: 5282
Joined: 2009-10-20 16:33
Location: Sceptred Isle

Re: Using GeoIP to block or allow country connections

Post by percepts » 2014-02-23 20:33

note that country DE is home to hmailserver.com so if you want to get any hmail forums email you must either expilicitly allow country code DE or hmailserver.com IP number.

User avatar
jimimaseye
Moderator
Moderator
Posts: 9085
Joined: 2011-09-08 17:48

Re: Using GeoIP to block or allow country connections

Post by jimimaseye » 2014-10-19 13:49

I simply use

zz.countries.nerd.dk

as a host in my DNS Blacklist (antispam settings) and then quote the return codes I want blocking. (see: countries.nerd.dk for more details)

EG,

return code: "127.0.0.158|127.0.2.131|127.0.2.198"
blocks TW, RU, and ZA sources. (Make sure the value of a match is high enough for your settings to qualify as a reject). You can put in whatever message you want as a rejection too. This is alright if you want just a few countries blocked but I imagine its not so practical to set up 270 return codes if you only want to accept from the U.S :-)
5.7 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

WebShopDesigners
New user
New user
Posts: 3
Joined: 2015-04-25 21:38

Re: Using GeoIP to block or allow country connections

Post by WebShopDesigners » 2015-04-25 21:43

I used your idea. I have adjusted your idea so that this can be used immediately.

Prevent your hmailserver with Windows Firewall to block Semalt, Fraud countries, hackers, spam and more...
I have a Windows server with hmailserver and is focused on the European and US/Canadian market.
Every day my server is attacked by hackers and spammers mostly from fraud countries.
Now you can easily protect your Windows server with this very simple script against it.
You can block a country and/or countries/continents with it.
Most fraud countries are on the list and you can add more or remove them.
You can use this script for Windows 7, 8 and 8.1 systems.
Download the RAR file (protect_your_server.rar) from:
http://stackoverflow.com/questions/2986 ... m-and-more
Insert here also your comments and/or new ideas, please
I hope that I can make a lot of people happy with this script! :D

Best regards,
Rolf
Attachments
Protect_your_server.rar
protect_your_server.rar
(1.18 MiB) Downloaded 252 times

User avatar
jimimaseye
Moderator
Moderator
Posts: 9085
Joined: 2011-09-08 17:48

Re: Using GeoIP to block or allow country connections

Post by jimimaseye » 2015-04-26 12:05

Having read your installation script, it talks about renaming the default system CSCRIPT and WSCRIPT programs : this will cause problems for oither system scripts already setup on our server being called (eg, "CSRIPT.exe myown.vbs" etc, effectively breaking my system from running anything I already have set up calling these programs). Also, to be clear are you saying that to use this the users must 'install' as per the bat file of that script and have the program running at startup of system? And at what point is the 'OnClientConnect' sub section called as it is not listed in our eventshandler and see no reference to copying it over there.

Can you confirm?
5.7 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

WebShopDesigners
New user
New user
Posts: 3
Joined: 2015-04-25 21:38

Re: Using GeoIP to block or allow country connections

Post by WebShopDesigners » 2015-04-26 13:59

I think what you can do is:
In stead of Rename cscript.exe into csadmin.exe
> COPY cscript.exe into csadmin.exe
> COPY wscript.exe into wsadmin.exe
and then try my script again....
OR
rename in my scripts csadmin.exe into cscript.exe and then try again...

User avatar
jimimaseye
Moderator
Moderator
Posts: 9085
Joined: 2011-09-08 17:48

Re: Using GeoIP to block or allow country connections

Post by jimimaseye » 2015-04-26 15:53

Could you also advise on the 'OnClientConnect' question too? Ta.
5.7 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829


User avatar
jimimaseye
Moderator
Moderator
Posts: 9085
Joined: 2011-09-08 17:48

Re: Using GeoIP to block or allow country connections

Post by jimimaseye » 2015-04-26 21:52

Yesm I understand the 'OnClientConnect' concept, the issue is that you have it in a separate VBS script and it ISNT in the 'eventshandler.vbs' file that hmailserver referes to. So how is yours being called by hmailserver it is isnt in hmailserver's script? (Or am I missing something)?
5.7 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

User avatar
RvdH
Senior user
Senior user
Posts: 1466
Joined: 2008-06-27 14:42
Location: Netherlands

Re: Using GeoIP to block or allow country connections

Post by RvdH » 2015-07-23 15:01

SpamAssassin example using 'countries.nerd.dk'
describe BL_COUNTRY_VN_1 Mail client in Vietnam
header BL_COUNTRY_VN_1 eval:check_rbl('vietnam', 'vn.countries.nerd.dk')
score BL_COUNTRY_VN_1 2.0 # please adjust the score value
tflags BL_COUNTRY_VN_1 net

describe BL_COUNTRY_IN_1 Mail client in India
header BL_COUNTRY_IN_1 eval:check_rbl('India', 'in.countries.nerd.dk')
score BL_COUNTRY_IN_1 2.0 # please adjust the score value
tflags BL_COUNTRY_IN_1 net

describe BL_COUNTRY_RU_1 Mail client in Russia
header BL_COUNTRY_RU_1 eval:check_rbl('Russia', 'ru.countries.nerd.dk')
score BL_COUNTRY_RU_1 2.0# please adjust the score value
tflags BL_COUNTRY_RU_1 net

describe BL_COUNTRY_BR_1 Mail client in Brasil
header BL_COUNTRY_BR_1 eval:check_rbl('Brasil', 'br.countries.nerd.dk')
score BL_COUNTRY_BR_1 2.0 # please adjust the score value
tflags BL_COUNTRY_BR_1 net

describe BL_COUNTRY_CN_1 Mail client in China
header BL_COUNTRY_CN_1 eval:check_rbl('China', 'cn.countries.nerd.dk')
score BL_COUNTRY_CN_1 2.0 # please adjust the score value
tflags BL_COUNTRY_CN_1 net
CIDR to RegEx: d-fault.nl/CIDRtoRegEx
DNS Lookup: d-fault.nl/DNSTools
DNSBL Lookup: d-fault.nl/DNSBLLookup
GEOIP Lookup: d-fault.nl/GeoipLookup

Post Reply