Skip to content

nkovacne/pcc

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

22 Commits
.gitignore
.gitignore
 
 
CHANGELOG
CHANGELOG
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
dbschema.py
dbschema.py
 
 
funcs.py
funcs.py
 
 
pcc.conf
pcc.conf
 
 
pcc.py
pcc.py
 
 
pcc.sh
pcc.sh
 
 
postfix.py
postfix.py
 
 
requirements.txt
requirements.txt
 
 

Repository files navigation

pcc

Postfix Country Control

Description:

  • This script is a policy service for Postfix. It is meant to be an additional check for outgoing messages, checking the client's IP address and determining their country. Bearing in mind that spammers connect to compromised (stolen) e-mail accounts using proxies and TOR servers, it is very unlikely that a user will send e-mails from more than 2 (or 3, being very cautious) different countries in a short period of time, and this is what PCC takes advantage of to determine whether an account might be compromised.
  • If a user excedes a number of sent mails from X different countries within Y days, they're put in a 'blocked' list and any further attempts to send an e-mail are REJECTed/put on HOLD (depending on configuration), until mail server administrator's intervention. Also, a list of administrators might be configured to receive notifications of blocked users.

Version:

  • 1.5.1

Requisites:

  • python
  • virtualenv (optional, but recommended)
  • SQLAlchemy
  • python-geoip
  • python-geoip-geolite2
  • ConfigParser
  • Additionally to the above packages, you'll have to install the package for your database backend (MySQL-python, psycopg2...)

Configuration:

  • pip install -r requisites.txt
  • pip install [your_database_backend]
  • Create a database and a user and grant SELECT, INSERT, UPDATE and CREATE TABLE permissions at least.
  • Copy the pcc.conf file into your /etc directory. Make sure it has reading permissions for the user running the daemon.
  • Edit your settings and adjust them to your environment. ALL parameters are mandatory. If you don't need some of them, just leave them blank (parameter =)
  • Changes to be done in Postfix:

In your main.cf file:

If you're running Postfix 2.10 or earlier, change your smtpd_relay_restrictions to be somewhat like this (assuming your daemon will run on port 9999):

smtpd_relay_restrictions =
    ....
    permit_mynetworks
    check_policy_service inet:127.0.0.1:9999
    ....

If you're running Postfix 2.9 or older, change your smtpd_recipient_restrictions to be somewhat like this (assuming your daemon will run on port 9999):

smtpd_recipient_restrictions =
    ....
    permit_mynetworks
    check_policy_service inet:127.0.0.1:9999
    ....
  • Finally, you just have to run your PCC daemon, supervisord is recomended (pcc.py -d).
  • You can see the available options running: pcc.py -h

Known issues:

  • Sometimes, stopping the script via supervisorctl won't close it cleanly, resulting in a still open socket on the port until it timesout.

About

Postfix Country Control

Resources

Readme

License

GPL-2.0 license
Activity

Stars

2 stars

Watchers

2 watching

Forks

2 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages