Line 1: |
Line 1: |
| {{Languages}} | | {{Languages}} |
− | === Maintainer ===
| + | This product includes GeoLite2 data created by MaxMind, available from |
| + | https://www.maxmind.com. |
| + | ==Maintainer== |
| + | [[User:ReetP|john crisp]] |
| + | |
| [mailto:stephdl@de-labrusse.fr stephdl] Stéphane de Labrusse AKA [[User:stephdl|Stephdl]]<br /> | | [mailto:stephdl@de-labrusse.fr stephdl] Stéphane de Labrusse AKA [[User:stephdl|Stephdl]]<br /> |
− | === Version ===
| + | ==Version== |
| {{#smeversion: smeserver-geoip }} | | {{#smeversion: smeserver-geoip }} |
| | | |
− | ===Description===
| + | {{Warning box|From MAXMIND site : |
| + | "Due to upcoming data privacy regulations, we are making significant changes to how you access free GeoLite2 databases starting December 30, 2019. Learn more on our blog." https://blog.maxmind.com/2019/12/18/significant-changes-to-accessing-and-using-geolite2-databases/ |
| + | |
| + | Quote |
| + | Starting December 30, 2019, we will be requiring users of our GeoLite2 databases to register for a MaxMind account and obtain a license key in order to download GeoLite2 databases. We will continue to offer the GeoLite2 databases without charge, and with the ability to redistribute with proper attribution and in compliance with privacy regulations. In addition, we are introducing a new end-user license agreement to govern your use of the GeoLite2 databases. Previously, GeoLite2 databases were accessible for download to the public on our developer website and were licensed under the Creative Commons Attribution-ShareAlike 4.0 International License. |
| + | |
| + | Starting December 30, 2019, downloads will no longer be served from our public GeoLite2 page, from geolite.maxmind.com/download/geoip/database/*, or from any other public URL. |
| + | End Quote |
| + | |
| + | See the section below [[GeoIP#Installation_and_Updating_of_geoip_v2_db|Installation of V2 db ]] for steps on how to migrate to the new download mechanism.}} |
| + | |
| + | ==Description== |
| | | |
| The GeoIP plugin for qpsmtpd lets you know where your mail server is receiving mail from. If you're receiving too much spam from a particular location, this will help track it down. You can then use that info to reject connections from that place taking the load off your server. | | The GeoIP plugin for qpsmtpd lets you know where your mail server is receiving mail from. If you're receiving too much spam from a particular location, this will help track it down. You can then use that info to reject connections from that place taking the load off your server. |
Line 11: |
Line 26: |
| {{Note box|Maxmind have removed support for their legacy v1 DBs and an update to v2 DBs is required. Please see the bugtracker link to bug #9033 below for more information }} | | {{Note box|Maxmind have removed support for their legacy v1 DBs and an update to v2 DBs is required. Please see the bugtracker link to bug #9033 below for more information }} |
| | | |
− | Because the databases have been updated new perl modules are required to support GeoIP v2. The core modules have a large number of dependencies and we have decided that it is not practical for the Koozali team to maintain them all.
| + | ==Installation== |
| + | |
| + | <tabs container><tab name="SME 10"> |
| + | yum install smeserver-geoip --enablerepo=smecontribs |
| + | Then configure your update key, create a Maxmind account and retrieve an AccountID and LicenseKey properties and keys to the geoip db config. |
| + | You can also leave as is and just get the update from rpms every 2 months or so... |
| + | <br /> |
| + | </tab> |
| + | <tab name="SME 9"> |
| | | |
− | As a result you will now need the OpenFusion repo to install smeserver-geoip We will be syncing their mirror in due course to speed up installs and updates.
| + | ====Installation of legacy geoip v1 db==== |
| | | |
− | yum --enablerepo=smeaddons install smeserver-extrarepositories-openfusion | + | those are still available for few time only for back compatibility purpose and to avoid a yum update mess, or if you do not trust third party repo, but be aware thos db are not updated anymore since April 2018 and were already only 80% accurate then. |
− | signal-event yum-modify
| + | yum install smeserver-geoip --enablerepo=smecontribs |
| config set UnsavedChanges no | | config set UnsavedChanges no |
| + | signal-event geoip-update |
| + | |
| + | ====update of geoip v1 db==== |
| + | if you have smeserver-geoip-1.1.2-7 already installed, this will keep you on the legacy version, only change new plugin comaptible with v1 and removal of cron update. |
| + | yum update --enablerepo=smecontribs |
| | | |
− | The openfusion repo now includes a number of packages as includes and Excludes, this is to prevent inadvertent system updates occurring when updating the old v1 DB package resulting in unstable or inaccessible systems, this is all they are for. These can be seen here:
| + | This is not updated anymore since 2018, you do not need the update key if you want to only use this. |
| | | |
− | db yum_repositories show openfusion
| + | ====Installation and Updating of geoip v2 db==== |
| | | |
− | ===Installation and Updating===
| + | As a result you will now need the OpenFusion repo to install smeserver-geoip We will be syncing their mirror in due course to speed up installs and updates. |
| + | yum --enablerepo=smeaddons install smeserver-extrarepositories-openfusion |
| + | signal-event yum-modify |
| + | config set UnsavedChanges no |
| | | |
− | =====Updating with v1 DBs installed=====
| + | ====Updating to v2 with v1 DBs installed==== |
| If you have the v1 DBs package smeserver-geoip-1.1.2-7 already installed and do not wish to update to v2 DBs you may perform updates safely, after making sure your smeserver-extrarepositories-openfusion is the latest, the following: | | If you have the v1 DBs package smeserver-geoip-1.1.2-7 already installed and do not wish to update to v2 DBs you may perform updates safely, after making sure your smeserver-extrarepositories-openfusion is the latest, the following: |
| | | |
− | yum update --enablerepo=smecontribs,openfusion | + | To carry out an install or update of the new v2 DBs you are required to firstly remove the exclude statement from the openfusion repo db |
− | | + | db yum_repositories delprop openfusion Exclude |
− | only produces a normal update, no extras from openfusion, trying to do an update of smeserver-geoip to a v2 status with excludes included produces depends errors and a failed update
| + | signal-event yum-modify |
− | | + | You may then go ahead with the following to either install or update a v2 DB package |
− | If you do not want to update you will need to follow something like this:
| + | yum install smeserver-geoip2 --enablerepo=smecontribs,openfusion |
| + | yum update --enablerepo=smecontribs,openfusion |
| + | config set UnsavedChanges no |
| | | |
− | db yum_repositories setprop smecontribs Exclude smeserver-geoip | + | A configuration db for geoip has been created as part of the install |
− | signal-even yum-modify | + | # config show geoip |
| + | geoip=service |
| + | status=enabled |
| | | |
− | ====Installation/Update v2 DBs==== | + | ====Fresh Installation of geoip v2 DBs==== |
| To carry out an install or update of the new v2 DBs you are required to firstly remove the exclude statement from the openfusion repo db | | To carry out an install or update of the new v2 DBs you are required to firstly remove the exclude statement from the openfusion repo db |
| db yum_repositories delprop openfusion Exclude | | db yum_repositories delprop openfusion Exclude |
Line 44: |
Line 79: |
| You may then go ahead with the following to either install or update a v2 DB package | | You may then go ahead with the following to either install or update a v2 DB package |
| | | |
− | yum install smeserver-geoip --enablerepo=smecontribs,openfusion | + | yum install smeserver-geoip2 --enablerepo=smecontribs,openfusion |
− | yum update smeserver-geoip --enablerepo=smecontribs,openfusion (preferred method) | + | config set UnsavedChanges no |
− | yum update --enablerepo=smecontribs,openfusion
| + | |
| + | A configuration db for geoip has been created as part of the install |
| + | # config show geoip |
| + | geoip=service |
| + | status=enabled |
| + | |
| + | Now add Maxmind AccountID and LicenseKey properties and keys to the geoip db config |
| + | </tab> |
| + | </tabs> |
| + | |
| + | ==== Maxmind account to update db ==== |
| + | Sign up for a MaxMind account (no purchase required) https://dev.maxmind.com/geoip/geoip2/geolite2/ |
| | | |
− | then
| + | Important - Note your login details and in particular your AccountID and LicenseKey |
− | signal-event geoip-update
| |
| | | |
− | or if you prefer to reboot your server
| + | Go to Services My Licence key and generate a licence key, carefully note the key details, multiple keys may be created. |
− | signal-event post-upgrade; signal-event reboot
| |
| | | |
− | Updating the geoip database is performed by issuing the following command:
| + | The following config property keys and values will be used to set the geoip config db for ongoing updates see below |
− | signal-event geoip-update
| + | AccountID ####### |
| + | LicenseKey xxxxxxxxxxxxxxx |
| + | set them in db and expand the config file |
| + | db configuration setprop geoip LicenseKey "YOUR LIC KEY" AccountID "YOUR ACCT ID" |
| + | expand-template /etc/GeoIP.conf |
| | | |
− | This contrib adds a template to /etc/crontab to automatically update the database once a month. It's set to do so at midnight on the 5th of each month. If you have a paid subscription through the maintainer of this database (http://dev.maxmind.com/geoip/geoipupdate/) you can update more often. If you do want to update more often, you will have to create a custom template to handle the change. In addition, you will be supplied login credentials that have to be inserted into the file /etc/GeoIP.conf for the update to complete. The file is not templated so it will survive reboots. Use your favorite text editor to insert the information into this file.
| + | ====Update the db==== |
| + | signal-event geoip-update |
| | | |
| ==Testing== | | ==Testing== |
| + | |
| + | {{Note box| These tests use the V1 DB which will be increasingly out of date.}} |
| | | |
| Now that the package and database are installed, we can test it (refer to Country Code list at end of page as required). | | Now that the package and database are installed, we can test it (refer to Country Code list at end of page as required). |
Line 419: |
Line 470: |
| | | |
| Users are advised to determine the effectiveness of the database for themselves. | | Users are advised to determine the effectiveness of the database for themselves. |
− | === Bugs === | + | |
| + | ===Db compatibility with other softwares=== |
| + | Some software either use or depends on a geoip library, here is a table to help understand: |
| + | {| class="wikitable sortable" |
| + | !software |
| + | !repo |
| + | !Geoip 1 support |
| + | !Geoip 2 support |
| + | !notes on behaviour and default or settings to do |
| + | |- |
| + | |spamassassin |
| + | |smeos |
| + | |yes |
| + | |3.4.2 or above |
| + | | |
| + | |- |
| + | |smeserver-mailsats |
| + | |smecontribs |
| + | |yes |
| + | |Yes with updates |
| + | |Requires updated perl-IO-Socket-INET6 and check_badcountries plugin: https://bugs.contribs.org/show_bug.cgi?id=10523 |
| + | |- |
| + | |qpsmtpd plugin / smeserver-geoip |
| + | |smecontribs |
| + | |yes |
| + | |smeserver-geoip 1.2 and above |
| + | |new bad_countries is a fork of qpsmtpd geoip plugin, default to v2 unless v2 is not available then failback on v1 |
| + | |- |
| + | |proftpd |
| + | |smeos |
| + | |only |
| + | |no |
| + | |no support for v2 yet see https://github.com/proftpd/proftpd/issues/605 |
| + | |- |
| + | |apache mod_geoip |
| + | |smecontribs |
| + | |yes |
| + | |unknown |
| + | |v 1.2.10 requires libGeoIP.so.1 and GeoIP: probably only v1 db supported up there |
| + | |- |
| + | |apache mod_maxminddb |
| + | | |
| + | | |
| + | |yes |
| + | |https://github.com/maxmind/mod_maxminddb available in smecontribs [[Mod maxminddb|smeserver-mod_maxminddb]] |
| + | |- |
| + | |opensips-mmgeoip |
| + | |epel |
| + | | |
| + | | |
| + | |unknown |
| + | |- |
| + | |php-pecl-geoip |
| + | |epel |
| + | |yes |
| + | |no |
| + | |depends on libGeoIP.so.1 |
| + | |- |
| + | |php*-php-pecl-geoip |
| + | |remi-safe |
| + | |yes |
| + | |no |
| + | |depends on libGeoIP.so.1 |
| + | |- |
| + | |php-maxminddb |
| + | |remi |
| + | |no |
| + | |yes |
| + | |need to test if installs with base php. mostly not... |
| + | |- |
| + | |php*-php-maxminddb |
| + | |remi-safe |
| + | | |
| + | |yes |
| + | |depends on libmaxminddb |
| + | |- |
| + | |lighttpd-mod_geoip |
| + | |epel |
| + | |yes |
| + | | |
| + | |depends on libGeoIP.so.1 |
| + | |- |
| + | |nginx-mod-http-geoip |
| + | |epel |
| + | |yes |
| + | | |
| + | |depends on libGeoIP.so.1 ; found a source for geoip2 https://github.com/leev/ngx_http_geoip2_module |
| + | |- |
| + | |python-GeoIP |
| + | |epel |
| + | |yes |
| + | |no |
| + | | |
| + | |- |
| + | |python-geoip2 python2-maxminddb |
| + | | |
| + | |no |
| + | |yes |
| + | |not available on CentOS 6 but 7. |
| + | |- |
| + | |python-pygeoip |
| + | |epel |
| + | |yes |
| + | |no |
| + | |Pure Python GeoIP API |
| + | |- |
| + | |uwsgi-plugin-geoip |
| + | |epel |
| + | | |
| + | | |
| + | |unknown |
| + | |- |
| + | |perl-Geo-IP |
| + | |smecontribs |
| + | |only |
| + | |no |
| + | |libGeoIP.so.1 |
| + | |- |
| + | |perl-GeoIP2 |
| + | |openfusion |
| + | |no |
| + | |yes |
| + | | |
| + | |- |
| + | |perl-MaxMind-DB-* |
| + | |openfusion |
| + | |no |
| + | |yes |
| + | | |
| + | |- |
| + | |libmaxminddb |
| + | |epel |
| + | | |
| + | | |
| + | |1.1.1 needed for mmdblookup |
| + | |- |
| + | |mmdblookup |
| + | | |
| + | | |
| + | | |
| + | |provided by libmaxminddb-devel (see https://bugzilla.redhat.com/show_bug.cgi?id=1663670) |
| + | |- |
| + | |bind-libs /bind-utils |
| + | |smeos |
| + | |required |
| + | |unknown |
| + | | |
| + | |} |
| + | you might want to use legacy db updated with recent Maxmind geoilite2, see: https://www.miyuru.lk/geoiplegacy |
| + | |
| + | ===Bugs=== |
| Please raise bugs under the SME-Contribs section in [http://bugs.contribs.org/enter_bug.cgi bugzilla] | | Please raise bugs under the SME-Contribs section in [http://bugs.contribs.org/enter_bug.cgi bugzilla] |
| and select the smeserver-geoip component or use {{BugzillaFileBug|product=SME%20Contribs|component=smeserver-geoip|title=this link}}. | | and select the smeserver-geoip component or use {{BugzillaFileBug|product=SME%20Contribs|component=smeserver-geoip|title=this link}}. |
− |
| |
| | | |
| | | |