Skip to content

haraka/haraka-plugin-geoip

Repository files navigation

Build Status Code Climate NPM

geoip

provide geographic information about mail senders.

SYNOPSIS

Use MaxMind's GeoIP databases to report geographic information about senders.

This Haraka plugin supports two geoip modules:

Plugin geoip module
haraka-plugin-geoip maxmind
haraka-plugin-geoip-lite geoip-lite

INSTALL (lite)

Install the npm geoip-lite module and update the DBs:

npm install -g geoip-lite
cd node_modules/geoip-lite && npm run-script updatedb license_key=YOUR_LICENSE_KEY

INSTALL (maxmind)

The maxmind module requires the manual download of the GeoIP databases. The npm module maxmind-geolite-mirror will download the files for you and also keep them up-to-date if you run it periodically.

mkdir -p /usr/local/share/GeoIP
npm install -g maxmind-geolite-mirror
/usr/local/bin/maxmind-geolite-mirror

DESCRIPTION

GeoIP results are stored in connection.notes.geoip and the haraka-results object at connection.results.get(geoip). The following information is typically available:

continent: NA,
country:   US,

If the GeoIP city database is available, the following may also be available:

region:   CA,
city:     San Francisco,
ll:       [37.7484, -122.4156],
distance: 1539    // in kilometers
range:    [ 3479299040, 3479299071 ],

This module also adds entries like this to your logs:

[geoip] US
[geoip] US, WA
[geoip] US, WA, Seattle
[geoip] US, WA, Seattle, 1319km

Calculating the distance requires the public IP of this mail server. See config.distance.

CONFIG

  • distance

Performs geodesic distance calculations. Calculates the distance "as the crow flies" from the remote mail server.

This calculation requires a 'from' IP address. This will typically be the public IP of your mail server. If Haraka is bound to a private IP, net_utils will attempt to determine your public IP using STUN. If that doesn't work, edit config/smtp.ini and set public_ip.

  • show.city

show city data in logs and headers. City data is less accurate than country.

  • show.region in logs and headers. Regional data are US states, Canadian provinces and such.

Set a connection result to true if the distance exceeds this many kilometers.

  • too_far=4000

SPAM PREDICTION WITH DISTANCE

Spatio-temporal Network-level Automatic Reputation Engine

"For ham, 90% of the messages travel about 4,000 km or less. On the
other hand, for spam, only 28% of messages stay within this range."

Observations in 2014-2016 suggest that geodesic distance continues to be highly correlated with spam.

LIMITATIONS

The distance calculations are more concerned with being fast than accurate. The MaxMind location data is collected from whois and is of limited accuracy. MaxMind offers more accurate data for a fee.

For distance calculations, the earth is considered a perfect sphere. In reality, it is not. Accuracy should be within 1%.

SEE ALSO