Tadek’s Blog

I found out that MaxMInd provides a [GeoLiteCity](http://www.maxmind.com/app/geolitecity) – a free(!) database for geolocating of IP addresses. You get to download a binary database (24MB) (monthly updated) and GPL libraries to perform lookups. They offer libraries for serveral languages including PHP, Perl, Python and Ruby.

I must say I am __really__ impressed, a company offering such a database for free with really high quality tools (e.g., the bindings use auto{make|conf} tools and are really easy to install).

Where’s the catch? Well, they say that the database offers 60% accuracy – the commercial database ($370 plus $90 a month) offers 75% accuracy, plus more detailed info (ISP, postcode, area codes, etc). Anyways, it’s more than enough for my website statistics. Now displaying my visitors using GoogleMaps is a one evening work

Here’s a sample output of my DSL IP address and my server:

./geoiplookup 217.162.130.229
GeoIP Country Edition: CH, Switzerland
GeoIP City Edition, Rev 1: CH, 25, Langnau, (null), 47.283298, 8.533300, 0, 0
GeoIP City Edition, Rev 0: CH, 25, Langnau, (null), 47.283298, 8.533300

./geoiplookup tadek.pietraszek.org
GeoIP Country Edition: DE, Germany
GeoIP City Edition, Rev 1: DE, 02, Gunzenhausen, (null), 49.099998, 10.750000, 0, 0
GeoIP City Edition, Rev 0: DE, 02, Gunzenhausen, (null), 49.099998, 10.750000

Well done, guys and a really good marketing idea.

After having thought about it for at least half a year and having researched the topic thoroughly for a good weekend, I finally got to implementing anti-spam and anti-virus measures on my server. It turned out to be more complex than I had initially thought (as always), but it seems to be working now.

To give a bit more background, I am running Postfix with Courier-IMAP and PostgreSQL as database backend. E-mail accounts reside in a virtual folder and have no corresponding Unix accounts.

I decided to use maildrop (I discussed Postfix and procmail issues [here](http://tadek.pietraszek.org/blog/2006/02/05/postfix-virtual-mailboxes-and-procmail-filtering/)) and followed [this tutorial](http://www.xs4all.nl/~jaspersl/howto/), with the following exceptions:

* I had to backport a few packages to sarge (wrote about it [here](http://tadek.pietraszek.org/blog/2006/02/05/backporting-debian-packages-sid-sarge-experiences-with-pbuilder/)).
* I found out by trial and error that two packages `courier-maildrop` and `maildrop` have the same program working differently (essentially, maildrop from the maildrop package works, the other one doesn’t!)
* I added a custom clamAV source to my `sources.list` files:

deb http://ftp2.de.debian.org/debian-volatile sarge/volatile main
* I wrote my own `/etc/maildroprc`

The idea is to have e-mail moved automatically to a folder containing spam if (and only if) such a folder exists. What I came up with is the following

#This is the folder into which spam messages are delivered
SPAMFOLDER="$DEFAULT/.caughtspam/"

#run the message through SpamAssassin
exception {
    xfilter "/usr/bin/spamc -u $LOGNAME"
}

# if the message is marked as spam AND SPAMFOLDER exists - deliver there
#I have no idea how to check it other than executing [ -d ] in a shell
SPAMFOLDEROK=`[ -d $SPAMFOLDER ]; echo $?`
if ( /^X-Spam-Flag:.*YES/ && $SPAMFOLDEROK == 0 )
{
  exception {
          to $SPAMFOLDER
  }
}

What still needs to be done is:

* automatic training on users’ emails (to enable per-user training)
* inclusion of user-specific rules (still need to thnik about it a bit as it has serious security implications).

Useful links:

* – Maildrop filtering language
* SpamAssasin GTUBE test
* – Sending EICAR messages to test anti-virus

Simple package building
———————-

1. First things first, get puilder:

apt-get install

2. Then build an initial image:

pbuilder create –distribution sarge –mirror http://ftp.ch.debian.org/debian

3. Get package sources (`.dsc`, `.diff.gz` and `.orig.tar.gz` files)
4. Build the package:

pbuilder build .dsc

Complex package building (with dependencies)
——————————————–

While playing with packages, I had the following problem: `packageA` build a few packages, one of them `packageA-dev`. The next package I was trying to build `package-B` had a build dependency on `packageA-dev`. However, as `packageA` was not in sarge, pbuilder couldn’t satisfy the dependencies and failed.

Trying to solve this problem, I found the following workaround:

1. Create an apt repository with newly build packages

dpkg-scanpackages . /dev/null | gzip > Packages.gz (in /var/cache/pbuilder/result)
touch Release

2. “Mount” the directory to be visible in the chrooted builder environment:

–bindmounts “/var/cache/pbuilder” (runtime)
or
BINDMOUNTS=”/var/cache/puilder” (config file)

3. Add the appropriate apt sources:

–othermirror “deb file:/var/cache/pbuilder/result ./” (runtime)
or
OTHERMIRROR=”deb file:/var/cache/pbuilder/result ./” (config file)

BTW: If you’re changing the config file after you’ve build the image, you should update base.tgz file using the following command:

pbuilder update –override-config –distribution sarge

BTW: [pbuilder manual](http://www.netfort.gr.jp/~dancer/software/pbuilder-doc/pbuilder-doc.html) can be useful.

For some time I’ve been running an ISP-grade e-mail hosting system on our server (it might be a bit of an overkill, I know), using Postfix, and Courier IMAP and Postgres as database backend. This is not the topic of this post, but followed [this tutorial](http://workaround.org/articles/ispmail-sarge/) while setting it up and changed some MySQL-specific things to Postgres (BTE: [postfix wiki article](http://postfixwiki.org/index.php?title=Virtual_Users_and_Domains_with_Courier-IMAP_and_MySQL) also discusses this topic).

The system works fine, but what’s been on my mind is how to enable server-side e-mail filters (rules, etc.). A simple example could be to deliver spam messages directly to “spam” folder, but other things could also be interesting (e.g. rule based filtering, autoreplying, folder sorting, etc.). All in all, what I was looking for is “procmail for virtual mailboxes”.

The most obvious option `mailbox_command = /usr/bin/procmail` in `main.cf` doesn’t work, because it only refers to local delivery (done using `local`, not `virtual` command). Looking into this matter a bit further, here are the possible soulutions I found on the web:

### Change virtual delivery to `local` ###
In this case postfix should just work, however you need to make sure that it delivers mail to correct mailboxes (it’s not trivial). Also, if users have per-user procmail files, they can probably easily access each others mailboxes (essentially no file system-level permissions here).

[This post and the followup discussion](http://irbs.net/internet/postfix/0306/0240.html) discuss this topic (in short, setting `virtual_transport=local` or `virtual_transport=postfix` is not such an easy solution).

There’s an interesting discussion [here](http://www.colug.net/pipermail/colug432/2005-April/000583.html) (check all the e-mails) and [one post](http://www.colug.net/pipermail/colug432/2005-April/000576.html) suggests `virtual=local`. Again, I’m not sure how well it works. Essentially, the problem is that procmail is not aware of users stored in the database.

### Change virtual delivery to `maildrop` ###
Maildrop can connect to the database and check user account there (this option is supposedly [not enabled in the debian package](http://www.marlow.dk/site.php/tech/postfix)).

Links:

* [Gentoo howto](http://gentoo-wiki.com/HOWTO_Email_Virtual_Server_Maildrop_and_Spam_Assasin)
* [Virtual readme](http://www.postfix.org/VIRTUAL_README.html) disusses how to setup Postfix to deliver some mail using maildrop.
* [Postfix Maildrop Howto](http://www.postfix.org/MAILDROP_README.html) even more specific.
* [Another howto on Debian](http://www.xs4all.nl/~jaspersl/howto/)

### Use Courier’s MTA and `procmail` ###
[This site](http://jastram.de/story.php?id=177) briefly mentions how to enable it. Haven’t tried it.

—-

To summarize, I think that the most reliable option is to use maildrop with database support. I will give it a try…