NAME

Mail::Exim::ACL::Geolocation - Map IP addresses to country codes

VERSION

version 1.004

SYNOPSIS

acl_check_rcpt:

  warn
    domains = +local_domains : +relay_to_domains
    set acl_m_country_code = ${perl{country_code}{$sender_host_address}}
    add_header = X-Sender-Host-Country: $acl_m_country_code

DESCRIPTION

A Perl module for the Exim mailer that maps IP addresses to two-letter country codes such as "DE", "FR" and "US". SpamAssassin can use these country codes to filter junk email.

SUBROUTINES/METHODS

country_code

my $country_code = country_code($ip_address);

Maps an IP address to a country. Returns the country code or the undefined value.

DIAGNOSTICS

None.

CONFIGURATION AND ENVIRONMENT

Exim

Create a file such as /etc/exim/exim.pl. Add the following Perl code.

use Mail::Exim::ACL::Geolocation qw(country_code);

Edit Exim's configuration file. Enable Perl in the main section.

perl_startup = do '/etc/exim/exim.pl'
perl_taintmode = yes

Get the sending host's country code in the RCPT ACL. Add the country code to the message header.

acl_check_rcpt:

  warn
    domains = +local_domains : +relay_to_domains
    set acl_m_country_code = ${perl{country_code}{$sender_host_address}}
    add_header = X-Sender-Host-Country: $acl_m_country_code

SpamAssassin

Add a rule to your SpamAssassin configuration that increases the spam score if the message is sent from a country that you usually don't get email from.

bayes_ignore_header X-Sender-Host-Country

header UNCOMMON_COUNTRY X-Sender-Host-Country !~ /^(?:DE|FR|US)/ [if-unset: US]
describe UNCOMMON_COUNTRY Message is sent from uncommon country
tflags UNCOMMON_COUNTRY noautolearn
score UNCOMMON_COUNTRY 0.1

See https://en.wikipedia.org/wiki/ISO_3166-2 for a list of two-letter country codes. A useful list for businesses with contacts in Western Europe and North America is:

(?:AT|BE|CA|CH|DE|DK|ES|EU|FI|FR|GB|IE|IS|IT|LU|NL|NO|PT|SE|US)

Combine your new rule with other rules.

meta SUSPICIOUS_BULKMAIL UNCOMMON_COUNTRY && (DCC_CHECK || RAZOR2_CHECK)
describe SUSPICIOUS_BULKMAIL Bulk email from uncommon country
tflags SUSPICIOUS_BULKMAIL net
score SUSPICIOUS_BULKMAIL 1.5

DEPENDENCIES

Requires the Perl module IP::Geolocation::MMDB from CPAN and the modules Exporter and List::Util, which are distributed with Perl.

Requires an IP to country database in the MaxMind DB file format from MaxMind or DP-IP.com. The module searches the directories /var/lib/GeoIP, /usr/local/share/GeoIP, /usr/share/GeoIP and /opt/share/GeoIP for one of the following database files:

GeoIP2-Country.mmdb
GeoIP2-City.mmdb
dbip-country.mmdb
dbip-city.mmdb
dbip-location.mmdb
GeoLite2-Country.mmdb
GeoLite2-City.mmdb
dbip-country-lite.mmdb
dbip-city-lite.mmdb

INCOMPATIBILITIES

None.

BUGS AND LIMITATIONS

None known.

AUTHOR

Andreas Vögele <voegelas@cpan.org>

LICENSE AND COPYRIGHT

This module is free software; you can redistribute it and/or modify it under the same terms as Perl itself.

To install Mail::Exim::ACL::Geolocation, copy and paste the appropriate command in to your terminal.

cpanm

cpanm Mail::Exim::ACL::Geolocation

CPAN shell

perl -MCPAN -e shell
install Mail::Exim::ACL::Geolocation

For more information on module installation, please visit the detailed CPAN module installation guide.

	Global
`s`	Focus search bar
`?`	Bring up this help dialog

	GitHub
`g` `p`	Go to pull requests
`g` `i`	go to github issues (only if github is preferred repository)

	POD
`g` `a`	Go to author
`g` `c`	Go to changes
`g` `i`	Go to issues
`g` `d`	Go to dist
`g` `r`	Go to repository/SCM
`g` `s`	Go to source
`g` `b`	Go to file browse

	Search terms
module: (e.g. module:Plugin)
distribution: (e.g. distribution:Dancer auth)
author: (e.g. author:SONGMU Redis)
version: (e.g. version:1.00)