Postfwd plugin for blocking international spam botnets based on geographical location of IP addresses used to login to postfix via sasl.
Add IPv6 support for GeoIP2 databases.
This is a feature that was requested and meant to be included for a long time, but the revision of code was always postponed.
This release is tagged as 2.0.0
because IPv6 support in this plugin requires some breaking changes. The database must be dropped and recreated (or left to be created by plugin) because IPv6 addresses are longer than IPv4 addresses and the ip_address
column had size of varchar(16)
. With this change the column will be expanded to 45 characters.
Note: Dropping the database is nothing major in this project as it only serves as cache. Altering the database schema or doing migrations would complicate the code.
There is one new dependency - Data::Validate::IP
- that will make the IP address validation easier and more consistent than using regexes. It will test for valid IPv4 or IPv6 address, but also test if IP address is public. Since GeoIP databases can work only with public addresses, the GeoIP would throw error on other than public address anyway. This will reduce load on GeoIP.
If you forget to drop database, you will see error such as this in log:
[postfwd3/policy][10][LOG warning]: warning: DBD::mysql::st execute failed: Data too long for column 'ip_address' at row 1 at /etc/postfwd/postfwd-anti-spam.plugin line 411.?
postfwd::anti-spam-plugin ERROR[10]: Data too long for column 'ip_address' at row 1
Support for GeoIP database version 1 was dropped in this release. There are 4 reasons for this:
ip_address
in database schema from 16 to 45 characters.Data::Validate::IP
.None
GeoIP2 Feature.
cpanfile
.app.geoip_db_path
.POSTFWD_ANTISPAM_MAIN_CONFIG_PATH
.This stable release contains IP whitelisting feature (Reported as bug and requested by @csazku in https://github.com/Vnet-as/postfwd-anti-geoip-spam-plugin/issues/50) and one new CPAN dependency - Net::Subnet
.
See Changelog and README for more information.
Version 1.30 - Postfwd3 support, Integration Testing
This release uses new postfwd docker tag 2.00
, which uses new postfwd3
script.
Postfwd3 changed plugin interface and therefore this release is not compatible with postfwd1
and postfwd2
. If you want to use older postfwd versions, use tag v1.21
.
Postfwd3 uses Alpine Linux for docker, so the dockerfile had to be rewritten.
To better work with GeoIP database, there is new configuration option geoip_db_path
, which defaults to /usr/local/share/GeoIP/GeoIP.dat
.
There is small change to logging, number of countries and unique IPs is logged on each request loop.
A lot of rework was done in tests
directory. There is docker-compose with postgresql. Also shell script, which automatically runs docker-compose for both supported databases and does integration test with sample requests and verification through logs.
Plugin item now exports request{client_uniq_ip_login_count}
and request{client_uniq_country_login_count}
instead of result*
.
This release only fixes rendering of README in DockerHub.
This stable release has changes mainly in linting, readability and testability, but also contains several bugfixes.
Docker base image was updated from 1.37 to 1.39.
.perlcriticrc
for static code and linting purposes.geoip-database
into Docker image and added note in README.tests/dev-request.sh
and instructions in README.volume
to bind
.postfwd2
in Dockerfile.lint.pl
was removed and replaced by more general/portable file
.perlcriticrc
.This stable version introduces docker image based on official postfwd docker image and other minor changes.
All work was done by @Lirt ([email protected]), docker review was done by @kirecek ([email protected]).
This plugin now uses versioning and releases, to keep track of stable versions and bring more reliability.
Full description of changes is located in CHANGELOG.md
.
Changes:
docker-compose
template./etc/postfix/anti-spam.conf
. You can use following environment variables to change it:
env perl
shebang.<DATE> <PROGRAM> <LOG_LEVEL> <MESSAGE>
.First working stable solution of plugin.
Contains: