Is there a way to integrate geoIP into hmailserver?

Use this forum if you have installed hMailServer and want to ask a question related to a production release of hMailServer. Before posting, please read the troubleshooting guide. A large part of all reported issues are already described in detail here.
Post Reply
DrmCa
Normal user
Normal user
Posts: 179
Joined: 2011-02-14 21:30

Is there a way to integrate geoIP into hmailserver?

Post by DrmCa » 2023-12-05 21:48

Getting tons (literally, TONS) of spam from Russia, of late. Must have something to do with their politics, I dunno.
Anyhow, I keep banning the sending IP networks on my firewall, and by now I have like good half of their ISPs on the list. Just kidding: I have like a few dozens of Russian ISPs in the DROP list but they keep coming.
There is no way to simply detect spam because they are never on any lists. They use all kinds of tricks to bypass filtering, by inserting spaces amidst letters of words, by Base64 encoding fields and body, by using graphic embeds, yada, yada, yada. The only thing common is that they come from a wide variety of Russian ISPs IP addresses. If I ban one IP, they soon begin to use the next one, and I have to ban the whole ISP's /24 subnet. Usually that cuts the head of the snake off.
Me thinks that geoIP should be able to cut that filth off. None of my users have legitimate senders out that way, so no big loss.
Did anyone try and how?

Or, is there a way to pre-approve senders? Like, if a brand new sender tries to send an email through my hmailserver, they receive a reply back that they have to send a specially formatted request, and only once my users get and process it then the sender becomes approved to send further emails?

User avatar
jim.bus
Senior user
Senior user
Posts: 1656
Joined: 2011-05-28 11:49
Location: US

Re: Is there a way to integrate geoIP into hmailserver?

Post by jim.bus » 2023-12-05 21:55

One of the volunteers on this Forum has I believe a GeoIP Banning script which he wrote.

However, one thought comes to mind regarding banning by Geo IP. What do you do with the SPAMMER who relays through a server in a different country or uses a VPN service which allows him/her to use an IP from another country?
If you think you understand quantum mechanics, you don't understand quantum mechanics.

DrmCa
Normal user
Normal user
Posts: 179
Joined: 2011-02-14 21:30

Re: Is there a way to integrate geoIP into hmailserver?

Post by DrmCa » 2023-12-05 22:01

jim.bus wrote:
2023-12-05 21:55
One of the volunteers on this Forum has I believe a GeoIP Banning script which he wrote.

However, one thought comes to mind regarding banning by Geo IP. What do you do with the SPAMMER who relays through a server in a different country or uses a VPN service which allows him/her to use an IP from another country?
I do not get noticeable influx of such. All I care is that which I described above. If they grow more creative I will find a way to nuke them (pun intended).
Actually, if they relay through a civilized country then I will use conventional weapons: abuse reports.

Tried to search for 'geoip' but the forum probably crashes after a long wait time.

User avatar
johang
Senior user
Senior user
Posts: 1171
Joined: 2008-09-01 09:20

Re: Is there a way to integrate geoIP into hmailserver?

Post by johang » 2023-12-05 22:35

DrmCa wrote:
2023-12-05 22:01
Tried to search for 'geoip' but the forum probably crashes after a long wait time.
forum search is botched..
try this :
https://www.google.se/search?q=hmailserver.com+geoip
lets cheat darwin out of his legacy, find a cure for cancer...

DrmCa
Normal user
Normal user
Posts: 179
Joined: 2011-02-14 21:30

Re: Is there a way to integrate geoIP into hmailserver?

Post by DrmCa » 2023-12-06 00:02

Awesome! I am gonna get the bastards.

gotspatel
Senior user
Senior user
Posts: 374
Joined: 2013-10-08 05:42
Location: INDIA

Re: Is there a way to integrate geoIP into hmailserver?

Post by gotspatel » 2023-12-06 06:06

This works as expected, try this viewtopic.php?f=9&t=34496&start=60#p228954

Latest code HERE

:D

DrmCa
Normal user
Normal user
Posts: 179
Joined: 2011-02-14 21:30

Re: Is there a way to integrate geoIP into hmailserver?

Post by DrmCa » 2023-12-07 01:16

Great, thanks! It will be my project for the holidays, to integrate.

Is my DB log uploader helping you run HMS? I recall you were interested.

gotspatel
Senior user
Senior user
Posts: 374
Joined: 2013-10-08 05:42
Location: INDIA

Re: Is there a way to integrate geoIP into hmailserver?

Post by gotspatel » 2023-12-07 07:47

It works well but not using it lately. Auto Firewall BAN using @Palinka firewallban as of now

DrmCa
Normal user
Normal user
Posts: 179
Joined: 2011-02-14 21:30

Re: Is there a way to integrate geoIP into hmailserver?

Post by DrmCa » 2023-12-19 21:34

The volume of spam decreased, of late.
Reporting abuse to sendgrid, outlook and google helped cut down on their origins, they probably cracked down on the spammer by IP or somehow else.
Banning half a dozen /24 nets from Russia and a handful from Indonesia, India, Germany, Netherlands, and the UK also reduced the spam by a whole lot. The spammer probably has a hard time moving their operation from one ISP to another, for whatever reason.
If it resumes, I will likely spend the holidays implementing geoip, but for now it is all very quiet.

User avatar
SorenR
Senior user
Senior user
Posts: 6380
Joined: 2006-08-21 15:38
Location: Denmark

Re: Is there a way to integrate geoIP into hmailserver?

Post by SorenR » 2023-12-20 01:14

Mine picked up...

I ban access to port 465 and 993 from outside "The Danish Realm" and today my ban count went over 800. It's usually stable around 220.

They come in packs of avg. 8 ca. 1 hour apart. The telltale of a BOT network :mrgreen:

Code: Select all

3764		"2023-12-19 16:30:25.976"	"--- Connect ---	191.36.149.53   	465	                	vipturbo.com.br"
3764		"2023-12-19 16:30:26.101"	"GEO Blocked    	191.36.149.53   	465	BR"
3764		"2023-12-19 16:30:29.960"	"--- Connect ---	123.51.229.120  	465	"
3764		"2023-12-19 16:30:30.039"	"GEO Blocked    	123.51.229.120  	465	TW"
3764		"2023-12-19 16:30:37.535"	"--- Connect ---	166.155.95.83   	465	                	83.sub-166-155-95.myvzw.com"
3764		"2023-12-19 16:30:37.601"	"GEO Blocked    	166.155.95.83   	465	US"
3764		"2023-12-19 16:30:41.160"	"--- Connect ---	118.41.204.72   	465	"
3764		"2023-12-19 16:30:41.226"	"GEO Blocked    	118.41.204.72   	465	KR"
3764		"2023-12-19 16:30:47.269"	"--- Connect ---	122.179.130.147 	465	                	abts-mum-static-147.130.179.122.airtelbroadband.in"
3764		"2023-12-19 16:30:47.335"	"GEO Blocked    	122.179.130.147 	465	IN"
3764		"2023-12-19 16:31:00.050"	"--- Connect ---	111.70.48.3     	465	                	111-70-48-3.emome-ip.hinet.net"
3764		"2023-12-19 16:31:00.160"	"GEO Blocked    	111.70.48.3     	465	TW"
3764		"2023-12-19 16:31:02.535"	"--- Connect ---	41.176.154.22   	465	                	HOST-22-154.176.41.nile-online.net"
3764		"2023-12-19 16:31:02.675"	"GEO Blocked    	41.176.154.22   	465	EG"
3764		"2023-12-19 16:31:22.675"	"--- Connect ---	36.134.78.151   	465	"
3764		"2023-12-19 16:31:22.738"	"GEO Blocked    	36.134.78.151   	465	CN"
SørenR.

Woke is Marxism advancing through Maoist cultural revolution.

palinka
Senior user
Senior user
Posts: 4684
Joined: 2017-09-12 17:57

Re: Is there a way to integrate geoIP into hmailserver?

Post by palinka » 2023-12-20 07:56

One day you're a target, then the next day I'm a target. They come. They go. Seems to be pretty random.

Daily rejections (for any reason).

Screenshot 2023-12-20 065309.png
Screenshot 2023-12-20 065309.png (12.92 KiB) Viewed 8645 times

Santa's map. Only dark red gets presents. The rest are on the naughty list. Wait a minute... Some of them have been very naughty... :lol:

Screenshot 2023-12-20 065708.png
Screenshot 2023-12-20 065708.png (85.69 KiB) Viewed 8644 times

Finland has been extra good thanks to the spamassassin mailing list, so they get extra chocolate.

Screenshot 2023-12-20 070139.png
Screenshot 2023-12-20 070139.png (58.11 KiB) Viewed 8644 times

glenluo
Senior user
Senior user
Posts: 359
Joined: 2011-07-03 12:10

Re: Is there a way to integrate geoIP into hmailserver?

Post by glenluo » 2023-12-23 11:41

I have collected 23851 IPs at my hmail,the file is as attached,all these IPs are never accepted.
You can easily use FSO to read txt file and block it at OnClientConnect(oClient) or OnHELO(oClient)

I am using 5.6.9-2641.64 from below link.
viewtopic.php?f=10&t=30193&start=420#p249893

OnClientConnect(oClient) and OnHELO(oClient) are very useful function,before I used hMailServer 5.6.8 - Build 2574 and I blocked it at OnSMTPData(oClient, oMessage)
Attachments
Autoban.zip
(86.3 KiB) Downloaded 125 times

DrmCa
Normal user
Normal user
Posts: 179
Joined: 2011-02-14 21:30

Re: Is there a way to integrate geoIP into hmailserver?

Post by DrmCa » 2024-02-15 01:21

A quick update.
Having banned about 15 networks mostly in Russia, Netherlands, Germany, UK, and Indonesia, I cut down on spam dramatically.
My users now get very few spam emails, and India and US suddenly appeared among source networks.
Having said that, it seems that there are simply providers who cater to spammers, and once their networks are banned the spam declines.

outlook.com now creates most problems for me because I am not allowed to ban it, and forwarding to abuse@outlook.com is practically futile. Since MS s above the law, I am out of ideas as to how to deal with them.

User avatar
SorenR
Senior user
Senior user
Posts: 6380
Joined: 2006-08-21 15:38
Location: Denmark

Re: Is there a way to integrate geoIP into hmailserver?

Post by SorenR » 2024-02-15 02:05

DrmCa wrote:
2024-02-15 01:21
outlook.com now creates most problems for me because I am not allowed to ban it, and forwarding to abuse@outlook.com is practically futile. Since MS s above the law, I am out of ideas as to how to deal with them.
SpamAssassin !

Three of my sons friends use Hotmail/Outlook and by training SpamAssassin rigorously over a period of 6 months I have now eliminated ALL (repeat ALL) hotmail/outlook SPAM. I have NO special whitelist entries outside some shops that simply cannot help themselves writing spammy text ;-)

I receive a lot of emails from valid senders/companies hosted on outlook servers with no issues and yet, 99,99 of all emails from hotmail/outlook with nude pictures of ... ahem ... some may say; sexy females of all sizes ... are effectively blocked. Really, when you have seen one, you have seen them all :roll:

Over time my "blacklist" has been reduced to 16 FQDN's/TLD's including ".shop|.top|.xyz|.today|.buzz".

Mind you that I ONLY allow AUTH from the Danish Realm (Denmark, Faroe Islands, Greenland). Travellers need to use my webmail!
SørenR.

Woke is Marxism advancing through Maoist cultural revolution.

palinka
Senior user
Senior user
Posts: 4684
Joined: 2017-09-12 17:57

Re: Is there a way to integrate geoIP into hmailserver?

Post by palinka » 2024-02-15 15:34

Most of my spam in the last couple of months has come through outlook.com. A LOT. But for some reason its quieted down a lot in the last week or so.

glenluo
Senior user
Senior user
Posts: 359
Joined: 2011-07-03 12:10

Re: Is there a way to integrate geoIP into hmailserver?

Post by glenluo » 2024-02-17 07:42

palinka wrote:
2024-02-15 15:34
Most of my spam in the last couple of months has come through outlook.com. A LOT. But for some reason its quieted down a lot in the last week or so.
All emails from @outlook.xx and @hotmail.com all sent to junk unless whitelist.
As we get too many scam from outlook.xx OR @hotmail.com

DrmCa
Normal user
Normal user
Posts: 179
Joined: 2011-02-14 21:30

Re: Is there a way to integrate geoIP into hmailserver?

Post by DrmCa » 2024-02-27 20:23

A huge spike in outlook.com spam, of late. Probably because the rest of shady origins are already blocked.
I looked into SpamAssassin but am not really looking forward to maintaining another service. Already have to manage too many as it is.

DrmCa
Normal user
Normal user
Posts: 179
Joined: 2011-02-14 21:30

Re: Is there a way to integrate geoIP into hmailserver?

Post by DrmCa » 2024-09-03 20:41

Just ranting:
Aren't Germany and Netherlands supposed to be our allies? If they really are then why do they represent the bulk of spam and bruteforcing activities? No other countries make up so much of my block rules. It almost feels like we should cut their Internet.

User avatar
RvdH
Senior user
Senior user
Posts: 3485
Joined: 2008-06-27 14:42
Location: The Netherlands

Re: Is there a way to integrate geoIP into hmailserver?

Post by RvdH » 2024-09-04 08:53

Serious answer: Infrastructure
And it is relatively cheap in Germany and the Netherlands to hire a (virtual) server, combine that with questionable policies that neglect abuse reports and allow their services to be abused, i in particular name Hetzner, Leaseweb (de/nl)
CIDR to RegEx: d-fault.nl/cidrtoregex
DNS Lookup: d-fault.nl/dnstools
DKIM Generator: d-fault.nl/dkimgenerator
DNSBL Lookup: d-fault.nl/dnsbllookup
GEOIP Lookup: d-fault.nl/geoiplookup

User avatar
SorenR
Senior user
Senior user
Posts: 6380
Joined: 2006-08-21 15:38
Location: Denmark

Re: Is there a way to integrate geoIP into hmailserver?

Post by SorenR » 2024-09-04 11:32

DrmCa wrote:
2024-09-03 20:41
Just ranting:
Aren't Germany and Netherlands supposed to be our allies? If they really are then why do they represent the bulk of spam and bruteforcing activities? No other countries make up so much of my block rules. It almost feels like we should cut their Internet.
Germany is quite down the list and the Netherlands is not even in top 25... USA and China however occupy the top of the list ;-)

USA really do not surprise me... On a personal level, my family is Danish (Vikings - with very few fucks to give). My son recently got into a relationship with a New York girl studying in Denmark, unfortunately she did not understand the ultimatum of "either we are serious about it - or we forget it!"...

Oh the drama from the bitch.

All I can say is that apparently american girls do NOT handle rejection very well - and Danish men do NOT respond well to being "controlled by Karens".

We are very much the "equal partnership, own up to your actions or you are history!" types.

She actually reported him to the police on a charge of stalking for delivering a letter - she kept blocking/unblocking him on all SoMe's, sending weird messages and calling him to shout at him... He just wanted it to stop!

My son went and talked to the local Police and the report on file (all information is stored country wide in Denmark) stated that the Police told her firmly to forget it and go talk it out with my son ;-) But, as he stated; "When hell freezes over."

Don't know exactly what her expectations were regarding the Danish police... However, a police officer in USA is in training for 7 months... A police officer in Denmark is in training for 3 1/2 year... And since her dad apparently is an ex-cop working as a private investigator, I can only guess :roll:
SørenR.

Woke is Marxism advancing through Maoist cultural revolution.

palinka
Senior user
Senior user
Posts: 4684
Joined: 2017-09-12 17:57

Re: Is there a way to integrate geoIP into hmailserver?

Post by palinka » 2024-09-04 20:38

SorenR wrote:
2024-09-04 11:32
Don't know exactly what her expectations were regarding the Danish police... However, a police officer in USA is in training for 7 months... A police officer in Denmark is in training for 3 1/2 year... And since her dad apparently is an ex-cop working as a private investigator, I can only guess :roll:
To be fair, on-the-job training for cops in the US is far more rigorous than nearly any country in the world. Its not exactly something to be proud of, though, despite their acquired skills and knowledge.

User avatar
SorenR
Senior user
Senior user
Posts: 6380
Joined: 2006-08-21 15:38
Location: Denmark

Re: Is there a way to integrate geoIP into hmailserver?

Post by SorenR » 2024-09-04 23:54

palinka wrote:
2024-09-04 20:38
SorenR wrote:
2024-09-04 11:32
Don't know exactly what her expectations were regarding the Danish police... However, a police officer in USA is in training for 7 months... A police officer in Denmark is in training for 3 1/2 year... And since her dad apparently is an ex-cop working as a private investigator, I can only guess :roll:
To be fair, on-the-job training for cops in the US is far more rigorous than nearly any country in the world. Its not exactly something to be proud of, though, despite their acquired skills and knowledge.
Nah.... https://www.bbc.com/news/world-us-canada-56834733
The report looked at police training requirements in more than 100 countries and found that the US had among the lowest, in terms of average hours required.

Also, many other countries require officers to have a university degree - or equivalent - before joining the police, but in the US most forces just require the equivalent of a high-school diploma.

In England and Wales, it has recently become mandatory for officers to have an academic degree.

Maria Haberfeld, professor of police science at the John Jay College of Criminal Justice, says: "Some police forces in Europe have police university, where training lasts for three years - for me the standouts are Norway and Finland."

Finland has one the highest gun-ownership rates in Europe, with around 32 civilian firearms per 100 people - but incidents of police shooting civilians are extremely rare.
By the way...
US officers receive 652 hours of training on average, compared with the 3,500 hours needed to obtain a plumbing licence or 3,000 hours to be authorised to provide cosmetic treatments — professions that do not entail carrying weapons and making life-and-death decisions.
SørenR.

Woke is Marxism advancing through Maoist cultural revolution.

User avatar
jim.bus
Senior user
Senior user
Posts: 1656
Joined: 2011-05-28 11:49
Location: US

Re: Is there a way to integrate geoIP into hmailserver?

Post by jim.bus » 2024-09-05 00:13

SorenR wrote:
2024-09-04 23:54
palinka wrote:
2024-09-04 20:38
SorenR wrote:
2024-09-04 11:32
Don't know exactly what her expectations were regarding the Danish police... However, a police officer in USA is in training for 7 months... A police officer in Denmark is in training for 3 1/2 year... And since her dad apparently is an ex-cop working as a private investigator, I can only guess :roll:
To be fair, on-the-job training for cops in the US is far more rigorous than nearly any country in the world. Its not exactly something to be proud of, though, despite their acquired skills and knowledge.
Nah.... https://www.bbc.com/news/world-us-canada-56834733
The report looked at police training requirements in more than 100 countries and found that the US had among the lowest, in terms of average hours required.

Also, many other countries require officers to have a university degree - or equivalent - before joining the police, but in the US most forces just require the equivalent of a high-school diploma.

In England and Wales, it has recently become mandatory for officers to have an academic degree.

Maria Haberfeld, professor of police science at the John Jay College of Criminal Justice, says: "Some police forces in Europe have police university, where training lasts for three years - for me the standouts are Norway and Finland."

Finland has one the highest gun-ownership rates in Europe, with around 32 civilian firearms per 100 people - but incidents of police shooting civilians are extremely rare.
By the way...
US officers receive 652 hours of training on average, compared with the 3,500 hours needed to obtain a plumbing licence or 3,000 hours to be authorised to provide cosmetic treatments — professions that do not entail carrying weapons and making life-and-death decisions.
I also had a phone experience with a supposed US City Police Supervisor. I called to inform them a motorcycle officer who violated multiple Vehicle Code laws while positioning himself to watch an intersection for drivers violating Vehicle Code Laws. He rode his motorcycle on the wrong side of the street in the pedestrian crosswalk which was one violation, then proceeded to cross over the pedestrian island and go up the wrong way on the Right Turn Lane and then made a U-Turn to position himself to watch the intersection. This was a second violation.

I called the city police department and asked for a supervisor and got someone claiming to be a supervisor. I wasn't trying to get the motorcycle officer reprimanded but just to counsel him on proper way to do things. The supervisor proceeded to tell me that the Exempt License plates on the officer's motorcycle meant that the officer was exempt from the Vehicle Code Laws. I informed him that I believed it only meant the vehicle (motorcycle) was Exempt from Taxes and Fees. The supervisor obviously realized I had caught him in a LIE and tried to say that 'Oh, now that I mentioned it, he seemed to recall that now'. This was obviously an example where the police was trying to assume powers that they DO NOT HAVE and they think they can fool the citizenry with their lies if they act like they know what they are talking about.
If you think you understand quantum mechanics, you don't understand quantum mechanics.

palinka
Senior user
Senior user
Posts: 4684
Joined: 2017-09-12 17:57

Re: Is there a way to integrate geoIP into hmailserver?

Post by palinka » 2024-09-05 06:53

SorenR wrote:
2024-09-04 23:54
palinka wrote:
2024-09-04 20:38
SorenR wrote:
2024-09-04 11:32
Don't know exactly what her expectations were regarding the Danish police... However, a police officer in USA is in training for 7 months... A police officer in Denmark is in training for 3 1/2 year... And since her dad apparently is an ex-cop working as a private investigator, I can only guess :roll:
To be fair, on-the-job training for cops in the US is far more rigorous than nearly any country in the world. Its not exactly something to be proud of, though, despite their acquired skills and knowledge.
Nah.... https://www.bbc.com/news/world-us-canada-56834733
The report looked at police training requirements in more than 100 countries and found that the US had among the lowest, in terms of average hours required.

Also, many other countries require officers to have a university degree - or equivalent - before joining the police, but in the US most forces just require the equivalent of a high-school diploma.

In England and Wales, it has recently become mandatory for officers to have an academic degree.

Maria Haberfeld, professor of police science at the John Jay College of Criminal Justice, says: "Some police forces in Europe have police university, where training lasts for three years - for me the standouts are Norway and Finland."

Finland has one the highest gun-ownership rates in Europe, with around 32 civilian firearms per 100 people - but incidents of police shooting civilians are extremely rare.
By the way...
US officers receive 652 hours of training on average, compared with the 3,500 hours needed to obtain a plumbing licence or 3,000 hours to be authorised to provide cosmetic treatments — professions that do not entail carrying weapons and making life-and-death decisions.
You don't understand what on-the-job training is?

Put the 3rd year NYPD rookie in Finland and the 0th year Finnish rookie in NYC and see how each of them fare. If you don't think that's fair, then try 6th/2nd year swap. There's a lot more to being a cop than handing out citations.

And if you think I'm some kind of cop lover, I'm not. I'm just pointing out that which is observably true.

Post Reply