Adding ASN info

Carmichael, Alistair Alistair.Carmichael at virginmedia.co.uk
Tue May 20 13:35:33 IST 2008


A thought although not directly based on ASN but it would be possible to
reject certain client's connection based on country of origin using the
postfix MTA with mysql support. You could have one table housing the
geoip database and another with country codes and actions against that,
add something like: 
mysql://etc/postfix/countrycheck.cf
to postfix in the smtpd_client_restrictions and use a slightly more
complex query which could look like:
SELECT action FROM geoip_country LEFT JOIN countryblock ON
geoip_country.iso_country_code=countryblock.code WHERE begin_num <
INET_ATON('<IP ADDR>') AND end_num > INET_ATON('<IP ADDR>')
Of course in this example my second table is called countryblock and has
columns "code" and "action"
This isn't a system I by any means use on my mail servers but I do use a
similar system to stop spam bots signing up to a web forum I look after
using a similar technique.



-----Original Message-----
From: mailscanner-bounces at lists.mailscanner.info
[mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Steve
Freegard
Sent: 20 May 2008 12:09
To: MailScanner discussion
Subject: Re: Adding ASN info

Hugo van der Kooij wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Hi,
> 
> Has anyone done any work on adding ASN info to a message in the way
this
> procmail filter does it? I would prefer to do this in postfix but a
> custom call in MailScanner before SA is called upon would do as well.
> 
> http://linuxmafia.com/~karsten/Download/procmail-asn-header
> 
> It sounds like a fun idea to let the ASN info become part of the
> Bayesian selection. And we might add a decision to block all messages
> from certain countries. All I ever got from Nigeria are messages with
> wacky deals.
> 

SpamAssassin can do this natively if you want to Bayes to consider the
ASN:

http://spamassassin.apache.org/full/3.2.x/doc/Mail_SpamAssassin_Plugin_A
SN.html


 From MailWatch v2:

sub ip_to_asn {
  my $ip = shift;
  my $revip = join(".", reverse split(/\./,$ip));

  use Net::DNS;
  my $res = Net::DNS::Resolver->new;
  my $query = $res->search("$revip.asn.routeviews.org","TXT");

  if($query) {
   my @answer = $query->answer;
   my $asn = $answer[0]{char_str_list}[0];
   return $asn;
  }
  return '4294967295';
}

You could hack this into MailScanner's Message.pm then in 'sub new{' 
after the variables are initialized add:

$global::MS->{mta}->AddHeader($this, 'X-MailScanner-ASN:', 
ip_to_asn($this->{clientip}));

And that would do the equivalent to your procmail script.

However - I wouldn't recommend either way as routeviews.org has been 
known to slow and/or offline at times and it will adversely affect your 
scanning and delivery times (I disabled this function in MWv2 for this 
reason).

If you really need this and have RAM to spare, then rsync the zone file 
and serve it locally (BIND format only however; it's not possible to use

rbldnsd).

Cheers,
Steve.
-- 
MailScanner mailing list
mailscanner at lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website! 


------------------------------------------------------------------------------
Save Paper - Do you really need to print this e-mail?

Visit www.virginmedia.com for more information, and more fun.

This email and any attachments are or may be confidential and legally privileged and are sent solely for the attention of the addressee(s). If you have received this email in error, please delete it from your system: its use, disclosure or copying is unauthorised. Statements and opinions expressed in this email may not represent those of Virgin Media. Any representations or commitments in this email are subject to contract. Please note that we are migrating our email addresses to a company wide address of "@virginmedia.co.uk". If you are sending to a Telewest or ntl email address your email will be re-directed. 

Registered office: 160 Great Portland Street, London W1W 5QA. Registered in England and Wales with number 2591237


==============================================================================



More information about the MailScanner mailing list