ucspi-tcp-geoip

ucspi-tcp-geoip is a modification of Dan Bernstien’s ucspi-tcp package. We added support to tcpserver to allow or block connections based on the GeoIP country code of the connecting IP. We also added support to save the process id to a file to help init scripts kill the service.

Download latest version here

Features

  • -w path-to-pid file
  • DENYCOUNTRY environment variable
  • Set DENYCOUNTRY to a comma separated list of 2 character country codes that you want to deny access to. The connecting IP is looked up in the GeoIP public database. If the country is listed in the DENYCOUNTRY enviroment variable then tcpserver drops the connection. Otherwise
    the connection is allowed. For example if you want to drop connections from the United States and Canada then set DENYCOUNTRY=”US,CA”

  • ALLOWCOUNTRY environment variable
  • Set ALLOWCOUNTRY to a comma separated list of 2 character country codes that you want to allow access to. If the connecting IP country code is not in the list then tcpserver drops the connection. Otherwise the connection is allowed. For example if you only want to allow connections from the United States and Canada then set ALLOWCOUNTRY=”US,CA”.

  • You can use either DENYCOUNTRY or ALLOWCOUNTRY or neither.
  • If DENYCOUNTRY and ALLOWCOUNTRY are not set then no connections will be blocked.

  • 2 character country code is added to end of tcpserver log line.
  • If DENYCOUNTRY or ALLOWCOUNTRY are set then the 2 character country code is added to the end of the tcpserver log line for ” ok ” or ” deny “. For example: tcpserver: deny 4252 mail.inter7.com:X.X.X.XX:110 :Z.Z.Z.Z::56134:US

Example start up line for qmail pop3 connections.

This will allow only connections from IPs identified to be in the AA country (fake country code) by GeoIP database.

env - PATH="/var/qmail/bin:/usr/local/bin:$PATH" \
ALLOWCOUNTRY="AA" \
tcpserver -vHRD -l$HOSTNAME -c100 -w /var/run/pop3.pid \
0.0.0.0 110 /var/qmail/bin/qmail-popup $HOSTNAME \
/home/vpopmail/bin/vchkpw /var/qmail/bin/qmail-pop3d \
Maildir 2>&1 | /usr/local/bin/setuidgid qmaill \
/usr/local/bin/multilog t n20 s1000000 /var/log/pop3 &

If the connecting IP is not identified as being in the country XX then the connection is dropped.

-w option write the process pid to /var/run/pop3.pid

To stop tcpserver you could use

kill -9 `cat /var/run/pop3.pid`

Example start up line for qmail smtp connections

This will block connections from IPs that are in (fake) countries XX, YY and ZZ

env - PATH="/var/qmail/bin:/usr/local/bin:$PATH" \
DENY_COUNTRY="XX,YY,ZZ" \
tcpserver -vRD -l$HOSTNAME -x /home/vpopmail/etc/tcp.smtp.cdb \
-c300 -w /var/run/smtpd.pid 0 25 \
/var/qmail/bin/qmail-smtpd /home/vpopmail/bin/vchkpw /bin/true 2>&1 | \
/usr/local/bin/setuidgid qmaill \
/usr/local/bin/multilog t n20 s4000000 /var/log/smtp &

If the connecting IP is identified as being in Russia,China or Vietnam then the connection is dropped.

-w option writes the process pid to /var/run/smtpd.pid

To stop tcpserver you could use

kill -9 `cat /var/run/smtpd.pid`

2 Digit country codes can be found on the internet or at WikiPedia

News

Latest Production version released March 1 2020.
Download latest version here

reporting

You can get a report of Countries that we allowed to connect or a report of countries that were denied connections. For example

To get list of countries that were denied connections and a count for pop3 try:
grep deny /var/log/pop3/current | sed 's/:/ /g' | awk '{print $NF}' | sort | uniq -c | sort -nr

or

grep deny /var/log/pop3/* | sed 's/:/ /g' | awk '{print $NF}' | sort | uniq -c | sort -nr

It should have a count of the connections and the country code.
520 CN
170 NL
75 CA
60 DE
42 HK
36 KR
27 RU
11 MD
4 FR
3 VN
3 CL
1 SC
1 KE
1 IR
1 EG

Or to get a list of countries that were allowed connections change deny to " ok "
grep " ok " /var/log/pop3/current | sed 's/:/ /g' | awk '{print $NF}' | sort | uniq -c | sort -nr

Output should have a count of the connections and the counntry code.
35 US

You could also run the report on any other tcpserver log files.

Installation Instructions

  • Download the source
  • Unpack the source
  • tar zxf ucspi-tcp-pid-geoip-0.88.tar.gz

  • go into the source directory
  • cd ucspi-tcp-pid-geoip-0.88

  • build the source
  • make

  • install into /usr/local/bin/
  • make setup

  • to clean up source code (remove .o and binaries.
  • make clean

Dependencies

  • GeoIP package required to run
  • On Centos install GeoIP with yum install GeoIP

  • GeoIP development package required to build the software
  • On Centos install GeoIP with yum install GeoIP-devel

    Copyright © 2012