Is there a way to integrate geoIP into hmailserver?
Is there a way to integrate geoIP into hmailserver?
Getting tons (literally, TONS) of spam from Russia, of late. Must have something to do with their politics, I dunno.
Anyhow, I keep banning the sending IP networks on my firewall, and by now I have like good half of their ISPs on the list. Just kidding: I have like a few dozens of Russian ISPs in the DROP list but they keep coming.
There is no way to simply detect spam because they are never on any lists. They use all kinds of tricks to bypass filtering, by inserting spaces amidst letters of words, by Base64 encoding fields and body, by using graphic embeds, yada, yada, yada. The only thing common is that they come from a wide variety of Russian ISPs IP addresses. If I ban one IP, they soon begin to use the next one, and I have to ban the whole ISP's /24 subnet. Usually that cuts the head of the snake off.
Me thinks that geoIP should be able to cut that filth off. None of my users have legitimate senders out that way, so no big loss.
Did anyone try and how?
Or, is there a way to pre-approve senders? Like, if a brand new sender tries to send an email through my hmailserver, they receive a reply back that they have to send a specially formatted request, and only once my users get and process it then the sender becomes approved to send further emails?
Anyhow, I keep banning the sending IP networks on my firewall, and by now I have like good half of their ISPs on the list. Just kidding: I have like a few dozens of Russian ISPs in the DROP list but they keep coming.
There is no way to simply detect spam because they are never on any lists. They use all kinds of tricks to bypass filtering, by inserting spaces amidst letters of words, by Base64 encoding fields and body, by using graphic embeds, yada, yada, yada. The only thing common is that they come from a wide variety of Russian ISPs IP addresses. If I ban one IP, they soon begin to use the next one, and I have to ban the whole ISP's /24 subnet. Usually that cuts the head of the snake off.
Me thinks that geoIP should be able to cut that filth off. None of my users have legitimate senders out that way, so no big loss.
Did anyone try and how?
Or, is there a way to pre-approve senders? Like, if a brand new sender tries to send an email through my hmailserver, they receive a reply back that they have to send a specially formatted request, and only once my users get and process it then the sender becomes approved to send further emails?
Re: Is there a way to integrate geoIP into hmailserver?
One of the volunteers on this Forum has I believe a GeoIP Banning script which he wrote.
However, one thought comes to mind regarding banning by Geo IP. What do you do with the SPAMMER who relays through a server in a different country or uses a VPN service which allows him/her to use an IP from another country?
However, one thought comes to mind regarding banning by Geo IP. What do you do with the SPAMMER who relays through a server in a different country or uses a VPN service which allows him/her to use an IP from another country?
If you think you understand quantum mechanics, you don't understand quantum mechanics.
Re: Is there a way to integrate geoIP into hmailserver?
I do not get noticeable influx of such. All I care is that which I described above. If they grow more creative I will find a way to nuke them (pun intended).jim.bus wrote: ↑2023-12-05 21:55One of the volunteers on this Forum has I believe a GeoIP Banning script which he wrote.
However, one thought comes to mind regarding banning by Geo IP. What do you do with the SPAMMER who relays through a server in a different country or uses a VPN service which allows him/her to use an IP from another country?
Actually, if they relay through a civilized country then I will use conventional weapons: abuse reports.
Tried to search for 'geoip' but the forum probably crashes after a long wait time.
Re: Is there a way to integrate geoIP into hmailserver?
lets cheat darwin out of his legacy, find a cure for cancer...
Re: Is there a way to integrate geoIP into hmailserver?
Awesome! I am gonna get the bastards.
Re: Is there a way to integrate geoIP into hmailserver?
Great, thanks! It will be my project for the holidays, to integrate.
Is my DB log uploader helping you run HMS? I recall you were interested.
Is my DB log uploader helping you run HMS? I recall you were interested.
Re: Is there a way to integrate geoIP into hmailserver?
It works well but not using it lately. Auto Firewall BAN using @Palinka firewallban as of now
Re: Is there a way to integrate geoIP into hmailserver?
The volume of spam decreased, of late.
Reporting abuse to sendgrid, outlook and google helped cut down on their origins, they probably cracked down on the spammer by IP or somehow else.
Banning half a dozen /24 nets from Russia and a handful from Indonesia, India, Germany, Netherlands, and the UK also reduced the spam by a whole lot. The spammer probably has a hard time moving their operation from one ISP to another, for whatever reason.
If it resumes, I will likely spend the holidays implementing geoip, but for now it is all very quiet.
Reporting abuse to sendgrid, outlook and google helped cut down on their origins, they probably cracked down on the spammer by IP or somehow else.
Banning half a dozen /24 nets from Russia and a handful from Indonesia, India, Germany, Netherlands, and the UK also reduced the spam by a whole lot. The spammer probably has a hard time moving their operation from one ISP to another, for whatever reason.
If it resumes, I will likely spend the holidays implementing geoip, but for now it is all very quiet.
Re: Is there a way to integrate geoIP into hmailserver?
Mine picked up...
I ban access to port 465 and 993 from outside "The Danish Realm" and today my ban count went over 800. It's usually stable around 220.
They come in packs of avg. 8 ca. 1 hour apart. The telltale of a BOT network
I ban access to port 465 and 993 from outside "The Danish Realm" and today my ban count went over 800. It's usually stable around 220.
They come in packs of avg. 8 ca. 1 hour apart. The telltale of a BOT network
Code: Select all
3764 "2023-12-19 16:30:25.976" "--- Connect --- 191.36.149.53 465 vipturbo.com.br"
3764 "2023-12-19 16:30:26.101" "GEO Blocked 191.36.149.53 465 BR"
3764 "2023-12-19 16:30:29.960" "--- Connect --- 123.51.229.120 465 "
3764 "2023-12-19 16:30:30.039" "GEO Blocked 123.51.229.120 465 TW"
3764 "2023-12-19 16:30:37.535" "--- Connect --- 166.155.95.83 465 83.sub-166-155-95.myvzw.com"
3764 "2023-12-19 16:30:37.601" "GEO Blocked 166.155.95.83 465 US"
3764 "2023-12-19 16:30:41.160" "--- Connect --- 118.41.204.72 465 "
3764 "2023-12-19 16:30:41.226" "GEO Blocked 118.41.204.72 465 KR"
3764 "2023-12-19 16:30:47.269" "--- Connect --- 122.179.130.147 465 abts-mum-static-147.130.179.122.airtelbroadband.in"
3764 "2023-12-19 16:30:47.335" "GEO Blocked 122.179.130.147 465 IN"
3764 "2023-12-19 16:31:00.050" "--- Connect --- 111.70.48.3 465 111-70-48-3.emome-ip.hinet.net"
3764 "2023-12-19 16:31:00.160" "GEO Blocked 111.70.48.3 465 TW"
3764 "2023-12-19 16:31:02.535" "--- Connect --- 41.176.154.22 465 HOST-22-154.176.41.nile-online.net"
3764 "2023-12-19 16:31:02.675" "GEO Blocked 41.176.154.22 465 EG"
3764 "2023-12-19 16:31:22.675" "--- Connect --- 36.134.78.151 465 "
3764 "2023-12-19 16:31:22.738" "GEO Blocked 36.134.78.151 465 CN"
SørenR.
Woke is Marxism advancing through Maoist cultural revolution.
Woke is Marxism advancing through Maoist cultural revolution.
Re: Is there a way to integrate geoIP into hmailserver?
One day you're a target, then the next day I'm a target. They come. They go. Seems to be pretty random.
Daily rejections (for any reason).
Santa's map. Only dark red gets presents. The rest are on the naughty list. Wait a minute... Some of them have been very naughty...
Finland has been extra good thanks to the spamassassin mailing list, so they get extra chocolate.
Daily rejections (for any reason).
Santa's map. Only dark red gets presents. The rest are on the naughty list. Wait a minute... Some of them have been very naughty...
Finland has been extra good thanks to the spamassassin mailing list, so they get extra chocolate.
Re: Is there a way to integrate geoIP into hmailserver?
I have collected 23851 IPs at my hmail,the file is as attached,all these IPs are never accepted.
You can easily use FSO to read txt file and block it at OnClientConnect(oClient) or OnHELO(oClient)
I am using 5.6.9-2641.64 from below link.
viewtopic.php?f=10&t=30193&start=420#p249893
OnClientConnect(oClient) and OnHELO(oClient) are very useful function,before I used hMailServer 5.6.8 - Build 2574 and I blocked it at OnSMTPData(oClient, oMessage)
You can easily use FSO to read txt file and block it at OnClientConnect(oClient) or OnHELO(oClient)
I am using 5.6.9-2641.64 from below link.
viewtopic.php?f=10&t=30193&start=420#p249893
OnClientConnect(oClient) and OnHELO(oClient) are very useful function,before I used hMailServer 5.6.8 - Build 2574 and I blocked it at OnSMTPData(oClient, oMessage)
- Attachments
-
- Autoban.zip
- (86.3 KiB) Downloaded 125 times
Re: Is there a way to integrate geoIP into hmailserver?
A quick update.
Having banned about 15 networks mostly in Russia, Netherlands, Germany, UK, and Indonesia, I cut down on spam dramatically.
My users now get very few spam emails, and India and US suddenly appeared among source networks.
Having said that, it seems that there are simply providers who cater to spammers, and once their networks are banned the spam declines.
outlook.com now creates most problems for me because I am not allowed to ban it, and forwarding to abuse@outlook.com is practically futile. Since MS s above the law, I am out of ideas as to how to deal with them.
Having banned about 15 networks mostly in Russia, Netherlands, Germany, UK, and Indonesia, I cut down on spam dramatically.
My users now get very few spam emails, and India and US suddenly appeared among source networks.
Having said that, it seems that there are simply providers who cater to spammers, and once their networks are banned the spam declines.
outlook.com now creates most problems for me because I am not allowed to ban it, and forwarding to abuse@outlook.com is practically futile. Since MS s above the law, I am out of ideas as to how to deal with them.
Re: Is there a way to integrate geoIP into hmailserver?
SpamAssassin !DrmCa wrote: ↑2024-02-15 01:21outlook.com now creates most problems for me because I am not allowed to ban it, and forwarding to abuse@outlook.com is practically futile. Since MS s above the law, I am out of ideas as to how to deal with them.
Three of my sons friends use Hotmail/Outlook and by training SpamAssassin rigorously over a period of 6 months I have now eliminated ALL (repeat ALL) hotmail/outlook SPAM. I have NO special whitelist entries outside some shops that simply cannot help themselves writing spammy text
I receive a lot of emails from valid senders/companies hosted on outlook servers with no issues and yet, 99,99 of all emails from hotmail/outlook with nude pictures of ... ahem ... some may say; sexy females of all sizes ... are effectively blocked. Really, when you have seen one, you have seen them all
Over time my "blacklist" has been reduced to 16 FQDN's/TLD's including ".shop|.top|.xyz|.today|.buzz".
Mind you that I ONLY allow AUTH from the Danish Realm (Denmark, Faroe Islands, Greenland). Travellers need to use my webmail!
SørenR.
Woke is Marxism advancing through Maoist cultural revolution.
Woke is Marxism advancing through Maoist cultural revolution.
Re: Is there a way to integrate geoIP into hmailserver?
Most of my spam in the last couple of months has come through outlook.com. A LOT. But for some reason its quieted down a lot in the last week or so.
Re: Is there a way to integrate geoIP into hmailserver?
All emails from @outlook.xx and @hotmail.com all sent to junk unless whitelist.
As we get too many scam from outlook.xx OR @hotmail.com
Re: Is there a way to integrate geoIP into hmailserver?
A huge spike in outlook.com spam, of late. Probably because the rest of shady origins are already blocked.
I looked into SpamAssassin but am not really looking forward to maintaining another service. Already have to manage too many as it is.
I looked into SpamAssassin but am not really looking forward to maintaining another service. Already have to manage too many as it is.
Re: Is there a way to integrate geoIP into hmailserver?
Just ranting:
Aren't Germany and Netherlands supposed to be our allies? If they really are then why do they represent the bulk of spam and bruteforcing activities? No other countries make up so much of my block rules. It almost feels like we should cut their Internet.
Aren't Germany and Netherlands supposed to be our allies? If they really are then why do they represent the bulk of spam and bruteforcing activities? No other countries make up so much of my block rules. It almost feels like we should cut their Internet.
Re: Is there a way to integrate geoIP into hmailserver?
Serious answer: Infrastructure
And it is relatively cheap in Germany and the Netherlands to hire a (virtual) server, combine that with questionable policies that neglect abuse reports and allow their services to be abused, i in particular name Hetzner, Leaseweb (de/nl)
And it is relatively cheap in Germany and the Netherlands to hire a (virtual) server, combine that with questionable policies that neglect abuse reports and allow their services to be abused, i in particular name Hetzner, Leaseweb (de/nl)
CIDR to RegEx: d-fault.nl/cidrtoregex
DNS Lookup: d-fault.nl/dnstools
DKIM Generator: d-fault.nl/dkimgenerator
DNSBL Lookup: d-fault.nl/dnsbllookup
GEOIP Lookup: d-fault.nl/geoiplookup
DNS Lookup: d-fault.nl/dnstools
DKIM Generator: d-fault.nl/dkimgenerator
DNSBL Lookup: d-fault.nl/dnsbllookup
GEOIP Lookup: d-fault.nl/geoiplookup
Re: Is there a way to integrate geoIP into hmailserver?
Germany is quite down the list and the Netherlands is not even in top 25... USA and China however occupy the top of the list
USA really do not surprise me... On a personal level, my family is Danish (Vikings - with very few fucks to give). My son recently got into a relationship with a New York girl studying in Denmark, unfortunately she did not understand the ultimatum of "either we are serious about it - or we forget it!"...
Oh the drama from the bitch.
All I can say is that apparently american girls do NOT handle rejection very well - and Danish men do NOT respond well to being "controlled by Karens".
We are very much the "equal partnership, own up to your actions or you are history!" types.
She actually reported him to the police on a charge of stalking for delivering a letter - she kept blocking/unblocking him on all SoMe's, sending weird messages and calling him to shout at him... He just wanted it to stop!
My son went and talked to the local Police and the report on file (all information is stored country wide in Denmark) stated that the Police told her firmly to forget it and go talk it out with my son But, as he stated; "When hell freezes over."
Don't know exactly what her expectations were regarding the Danish police... However, a police officer in USA is in training for 7 months... A police officer in Denmark is in training for 3 1/2 year... And since her dad apparently is an ex-cop working as a private investigator, I can only guess
SørenR.
Woke is Marxism advancing through Maoist cultural revolution.
Woke is Marxism advancing through Maoist cultural revolution.
Re: Is there a way to integrate geoIP into hmailserver?
To be fair, on-the-job training for cops in the US is far more rigorous than nearly any country in the world. Its not exactly something to be proud of, though, despite their acquired skills and knowledge.SorenR wrote: ↑2024-09-04 11:32Don't know exactly what her expectations were regarding the Danish police... However, a police officer in USA is in training for 7 months... A police officer in Denmark is in training for 3 1/2 year... And since her dad apparently is an ex-cop working as a private investigator, I can only guess
Re: Is there a way to integrate geoIP into hmailserver?
Nah.... https://www.bbc.com/news/world-us-canada-56834733palinka wrote: ↑2024-09-04 20:38To be fair, on-the-job training for cops in the US is far more rigorous than nearly any country in the world. Its not exactly something to be proud of, though, despite their acquired skills and knowledge.SorenR wrote: ↑2024-09-04 11:32Don't know exactly what her expectations were regarding the Danish police... However, a police officer in USA is in training for 7 months... A police officer in Denmark is in training for 3 1/2 year... And since her dad apparently is an ex-cop working as a private investigator, I can only guess
By the way...The report looked at police training requirements in more than 100 countries and found that the US had among the lowest, in terms of average hours required.
Also, many other countries require officers to have a university degree - or equivalent - before joining the police, but in the US most forces just require the equivalent of a high-school diploma.
In England and Wales, it has recently become mandatory for officers to have an academic degree.
Maria Haberfeld, professor of police science at the John Jay College of Criminal Justice, says: "Some police forces in Europe have police university, where training lasts for three years - for me the standouts are Norway and Finland."
Finland has one the highest gun-ownership rates in Europe, with around 32 civilian firearms per 100 people - but incidents of police shooting civilians are extremely rare.
US officers receive 652 hours of training on average, compared with the 3,500 hours needed to obtain a plumbing licence or 3,000 hours to be authorised to provide cosmetic treatments — professions that do not entail carrying weapons and making life-and-death decisions.
SørenR.
Woke is Marxism advancing through Maoist cultural revolution.
Woke is Marxism advancing through Maoist cultural revolution.
Re: Is there a way to integrate geoIP into hmailserver?
I also had a phone experience with a supposed US City Police Supervisor. I called to inform them a motorcycle officer who violated multiple Vehicle Code laws while positioning himself to watch an intersection for drivers violating Vehicle Code Laws. He rode his motorcycle on the wrong side of the street in the pedestrian crosswalk which was one violation, then proceeded to cross over the pedestrian island and go up the wrong way on the Right Turn Lane and then made a U-Turn to position himself to watch the intersection. This was a second violation.SorenR wrote: ↑2024-09-04 23:54Nah.... https://www.bbc.com/news/world-us-canada-56834733palinka wrote: ↑2024-09-04 20:38To be fair, on-the-job training for cops in the US is far more rigorous than nearly any country in the world. Its not exactly something to be proud of, though, despite their acquired skills and knowledge.SorenR wrote: ↑2024-09-04 11:32Don't know exactly what her expectations were regarding the Danish police... However, a police officer in USA is in training for 7 months... A police officer in Denmark is in training for 3 1/2 year... And since her dad apparently is an ex-cop working as a private investigator, I can only guess
By the way...The report looked at police training requirements in more than 100 countries and found that the US had among the lowest, in terms of average hours required.
Also, many other countries require officers to have a university degree - or equivalent - before joining the police, but in the US most forces just require the equivalent of a high-school diploma.
In England and Wales, it has recently become mandatory for officers to have an academic degree.
Maria Haberfeld, professor of police science at the John Jay College of Criminal Justice, says: "Some police forces in Europe have police university, where training lasts for three years - for me the standouts are Norway and Finland."
Finland has one the highest gun-ownership rates in Europe, with around 32 civilian firearms per 100 people - but incidents of police shooting civilians are extremely rare.
US officers receive 652 hours of training on average, compared with the 3,500 hours needed to obtain a plumbing licence or 3,000 hours to be authorised to provide cosmetic treatments — professions that do not entail carrying weapons and making life-and-death decisions.
I called the city police department and asked for a supervisor and got someone claiming to be a supervisor. I wasn't trying to get the motorcycle officer reprimanded but just to counsel him on proper way to do things. The supervisor proceeded to tell me that the Exempt License plates on the officer's motorcycle meant that the officer was exempt from the Vehicle Code Laws. I informed him that I believed it only meant the vehicle (motorcycle) was Exempt from Taxes and Fees. The supervisor obviously realized I had caught him in a LIE and tried to say that 'Oh, now that I mentioned it, he seemed to recall that now'. This was obviously an example where the police was trying to assume powers that they DO NOT HAVE and they think they can fool the citizenry with their lies if they act like they know what they are talking about.
If you think you understand quantum mechanics, you don't understand quantum mechanics.
Re: Is there a way to integrate geoIP into hmailserver?
You don't understand what on-the-job training is?SorenR wrote: ↑2024-09-04 23:54Nah.... https://www.bbc.com/news/world-us-canada-56834733palinka wrote: ↑2024-09-04 20:38To be fair, on-the-job training for cops in the US is far more rigorous than nearly any country in the world. Its not exactly something to be proud of, though, despite their acquired skills and knowledge.SorenR wrote: ↑2024-09-04 11:32Don't know exactly what her expectations were regarding the Danish police... However, a police officer in USA is in training for 7 months... A police officer in Denmark is in training for 3 1/2 year... And since her dad apparently is an ex-cop working as a private investigator, I can only guess
By the way...The report looked at police training requirements in more than 100 countries and found that the US had among the lowest, in terms of average hours required.
Also, many other countries require officers to have a university degree - or equivalent - before joining the police, but in the US most forces just require the equivalent of a high-school diploma.
In England and Wales, it has recently become mandatory for officers to have an academic degree.
Maria Haberfeld, professor of police science at the John Jay College of Criminal Justice, says: "Some police forces in Europe have police university, where training lasts for three years - for me the standouts are Norway and Finland."
Finland has one the highest gun-ownership rates in Europe, with around 32 civilian firearms per 100 people - but incidents of police shooting civilians are extremely rare.
US officers receive 652 hours of training on average, compared with the 3,500 hours needed to obtain a plumbing licence or 3,000 hours to be authorised to provide cosmetic treatments — professions that do not entail carrying weapons and making life-and-death decisions.
Put the 3rd year NYPD rookie in Finland and the 0th year Finnish rookie in NYC and see how each of them fare. If you don't think that's fair, then try 6th/2nd year swap. There's a lot more to being a cop than handing out citations.
And if you think I'm some kind of cop lover, I'm not. I'm just pointing out that which is observably true.