You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@spamassassin.apache.org by Scott Ostrander <SO...@printronix.com> on 2013/03/05 20:22:04 UTC

X-Relay-Countries on 3.3.2 vs 3.4

On system A (SA 3.4)  I am getting RELAY_COUNTRY_XX
Same email on system B (SA 3.2.2) I get RELAY_COUNTRY_ES correctly resolved.

System A is
Centos6 
SA 3.4.0-r1435395 
perl-Geo-IP-1.38-6
perl-IP-Country-2.27-1 With updated cc.gif and ip.gif from http://mailfud.org/ip-country-fast/
System A is working on other emails giving me X-Spam-Relay-Country: US **

System B is
Centos5
SA 3.3.2
perl-IP-Country-2.27-1 With updated cc.gif and ip.gif from http://mailfud.org/ip-country-fast/

My understanding is that SA 3.4 it will use GeoIP first if found.
Is there a need to update GeoIP like perl-IP-Country?  If so how?
Any other insights on how to get SA 3.4 to resolve this Relay-Country?

The email with this issue is at  http://pastebin.com/vFfEuY3A

Thanks,
Scott Ostrander

Re: X-Relay-Countries on 3.3.2 vs 3.4

Posted by Mark Martinec <Ma...@ijs.si>.

On Wednesday March 6 2013 01:06:22 Scott Ostrander wrote:
> cd  /usr/share/GeoIP
> wget -N 
http://geolite.maxmind.com/download/geoip/database/GeoLiteCountry/GeoIP.dat.gz
> gunzip  GeoIP.dat.gz

Not to forget to download its IPv6 counterpart:

  http://geolite.maxmind.com/download/geoip/database/GeoIPv6.dat.gz

Even if not running an IPv6 MTA, there may be IPv6 addresses
in Received header fields.  The GeoIP (with SA 3.4) handles both
address families.

  Mark

RE: X-Relay-Countries on 3.3.2 vs 3.4

Posted by Scott Ostrander <SO...@printronix.com>.

> -----Original Message-----
> Sent: Tuesday, March 05, 2013 3:13 PM
> To: Scott Ostrander; Benny Pedersen; spamassassin
> Subject: Re: X-Relay-Countries on 3.3.2 vs 3.4
> > 
> >
> > Is there a way to upgrade GeoIP ?
> I think you have to grab files from http://dev.maxmind.com/geoip/geolite
> 
> Maxmind says they update them on the first Tuesday of each month.
> 
> The RPM on mageia 2 has a crontab entry in /etc/cron/monthly that runs on
> the first day of the month, meaning that the data will be 3-7 weeks old.
> It appears to grab GeoIP.dat, GeoIPv6.dat, and GeoLiteCity.dat
> 

Yes, the DB update to GeoIP worked. 
SA 3.4 with Geo::IP now gives the correct answer.

To check from the command line I used: (which failed before the DB update)
/usr/bin/geoiplookup   146.255.100.187
	GeoIP Country Edition: ES, Spain
 
To update the DB on CentOS I did the following:

cd  /usr/share/GeoIP
wget -N http://geolite.maxmind.com/download/geoip/database/GeoLiteCountry/GeoIP.dat.gz
gunzip  GeoIP.dat.gz

Thanks for the help,
Scott Ostrander

Re: X-Relay-Countries on 3.3.2 vs 3.4

Posted by Benny Pedersen <me...@junc.eu>.

Lutz Petersen skrev den 2013-03-05 21:44:

> Simple question: If there is a need for locate the ip - why not use 
> the
> well maintained countries.nerd.dk ?

one dns lookup pr sender recieved ip ?

i like to keep this trafic local, and nerd.dk have rsync shareing last 
time i did it, but did not like to keep this self maintained rules :)

Re: X-Relay-Countries on 3.3.2 vs 3.4

Posted by Lutz Petersen <lp...@shlink.de>.

> > ip::country::fast is depricated alone since its not update with new ips, it still
> > works if your still have ipv4 mailserver and self do updates with dbmscript
> 
> On system A (SA 3.4) I removed Geo::IP and it now correctly resolves the Relay-Country as ES
> Looks like I will have to keep manually updating IP::Country::Fast   ;(


Simple question: If there is a need for locate the ip - why not use the
well maintained countries.nerd.dk ?

RE: X-Relay-Countries on 3.3.2 vs 3.4

Posted by Benny Pedersen <me...@junc.eu>.

Scott Ostrander skrev den 2013-03-05 21:40:

> On system A (SA 3.4) I removed Geo::IP and it now correctly resolves
> the Relay-Country as ES
> Looks like I will have to keep manually updating IP::Country::Fast   
> ;(

[I] dev-libs/geoip
      Available versions:  1.4.8-r1 1.4.8-r2 ~1.4.8-r3 {{city ipv6 
perl-geoipupdate static-libs}}
      Installed versions:  1.4.8-r2(01:12:07 
26-01-2013)(perl-geoipupdate -ipv6 -static-libs)
      Homepage:            http://www.maxmind.com/app/ip-location
      Description:         easily lookup countries by IP addresses, even 
when Reverse DNS entries don't exist

this is what i use with gentoo, it contains an perl script for updates 
:)

RE: X-Relay-Countries on 3.3.2 vs 3.4

Posted by Scott Ostrander <SO...@printronix.com>.

> -----Original Message-----
> Sent: Tuesday, March 05, 2013 12:37 PM
> To: users@spamassassin.apache.org
> Subject: RE: X-Relay-Countries on 3.3.2 vs 3.4
> 
> Scott Ostrander skrev den 2013-03-05 21:15:
> 
> plase fix your reply template, replyed sender email should not be in body
> content
> 
> > However system A (3.4) also has GeoIP installed as suggested at
> > http://wiki.apache.org/spamassassin/RelayCountryPlugin
> >
> > Is there a way to upgrade GeoIP ?
> > Or should I just remove Geo::IP as it appears that it  is not keeping
> > up with the updates like IP::Country::Fast
> 
> this will be backwards if you keep the latest
> 
> ip::country::fast is depricated alone since its not update with new ips, it still
> works if your still have ipv4 mailserver and self do updates with dbmscript


On system A (SA 3.4) I removed Geo::IP and it now correctly resolves the Relay-Country as ES
Looks like I will have to keep manually updating IP::Country::Fast   ;(

Scott Ostrander

RE: X-Relay-Countries on 3.3.2 vs 3.4

Posted by Benny Pedersen <me...@junc.eu>.

Scott Ostrander skrev den 2013-03-05 21:15:
>> From: Benny Pedersen [mailto:me@junc.eu]

plase fix your reply template, replyed sender email should not be in 
body content

> However system A (3.4) also has GeoIP installed as suggested at
> http://wiki.apache.org/spamassassin/RelayCountryPlugin
>
> Is there a way to upgrade GeoIP ?
> Or should I just remove Geo::IP as it appears that it  is not keeping
> up with the updates like IP::Country::Fast

this will be backwards if you keep the latest

ip::country::fast is depricated alone since its not update with new 
ips, it still works if your still have ipv4 mailserver and self do 
updates with dbmscript

Re: X-Relay-Countries on 3.3.2 vs 3.4

Posted by Daniel McDonald <da...@austinenergy.com>.

On 3/5/13 2:15 PM, "Scott Ostrander" <SO...@printronix.com> wrote:

> 
>> From: Benny Pedersen [mailto:me@junc.eu]
>> 
>> Scott Ostrander skrev den 2013-03-05 20:22:
>>> On system A (SA 3.4)  I am getting RELAY_COUNTRY_XX Same email on
>>> system B (SA 3.2.2) I get RELAY_COUNTRY_ES correctly resolved.
>> 
>> ip2cc 2.104.223.10
>> 
>> if not found you need updates
>> 
>> XX is imho ip is not in use
> 
> On both systems I get:
> # Ip2cc 146.255.100.187
> Country: ES (Spain)
> 
> However system A (3.4) also has GeoIP installed as suggested at
> http://wiki.apache.org/spamassassin/RelayCountryPlugin
> 
> Is there a way to upgrade GeoIP ?
I think you have to grab files from http://dev.maxmind.com/geoip/geolite

Maxmind says they update them on the first Tuesday of each month.

The RPM on mageia 2 has a crontab entry in /etc/cron/monthly that runs on
the first day of the month, meaning that the data will be 3-7 weeks old.
It appears to grab GeoIP.dat, GeoIPv6.dat, and GeoLiteCity.dat

> Or should I just remove Geo::IP as it appears that it  is not keeping up with
> the updates like IP::Country::Fast

RE: X-Relay-Countries on 3.3.2 vs 3.4

Posted by Scott Ostrander <SO...@printronix.com>.

> From: Benny Pedersen [mailto:me@junc.eu] 
> 
> Scott Ostrander skrev den 2013-03-05 20:22:
> > On system A (SA 3.4)  I am getting RELAY_COUNTRY_XX Same email on 
> > system B (SA 3.2.2) I get RELAY_COUNTRY_ES correctly resolved.
> 
> ip2cc 2.104.223.10
> 
> if not found you need updates
> 
> XX is imho ip is not in use

On both systems I get:
# Ip2cc 146.255.100.187
	Country: ES (Spain)

However system A (3.4) also has GeoIP installed as suggested at  http://wiki.apache.org/spamassassin/RelayCountryPlugin

Is there a way to upgrade GeoIP ?
Or should I just remove Geo::IP as it appears that it  is not keeping up with the updates like IP::Country::Fast

Re: X-Relay-Countries on 3.3.2 vs 3.4

Posted by Benny Pedersen <me...@junc.eu>.

Scott Ostrander skrev den 2013-03-05 20:22:
> On system A (SA 3.4)  I am getting RELAY_COUNTRY_XX
> Same email on system B (SA 3.2.2) I get RELAY_COUNTRY_ES correctly 
> resolved.

ip2cc 2.104.223.10

if not found you need updates

XX is imho ip is not in use