Milter-AbuseIPDB

Current version 0.1.2

03 September 2023

Download

Installation

To install, download the zipped tar file. Unpack it – this will create a directory called milter-AbuseIPDB (where x are the version numbers). Go into the directory and type:

perl Makefile.PL
make install

This will install the necessary files into your system.

The milter can be started with:

systemctl start milter-abuseipdb

The milter also needs to be configured in the sendmail config file so that sendmail sends the IP address for checking. This is done by adding the following into the sendmail.mc file:

INPUT_MAIL_FILTER(milter-abuseipdb',S=inet:8978@localhost’)

Once this has been done then the config file will need to be rebuilt and sendmail restarted.

Please note that the config file will be installed into /etc. If it already exists then it will be upgraded and a backup copy made of the original file. You should check that the upgraded file contains the correct settings.

Description

milter-AbuseIPDB is a PERL program that queries the database at www.abuseipdb.com to check whether the IP address connecting has been reported. If the confidence level is above the threshold (set if the config file) then it rejects the connection. It requires an account to obtain an API key. This should be put in the configuration file.

Free accounts are available from www.abusipdb.com which have a limited number of calls per day.

Config file

The milter-abuseipdb.conf file contains configuration information which you should change to suite your requirements as follows:

APIKey This should be set to the API key that is available from abuseipdb.com.

WhiteList An array containing the IP addresses that should not be looked up. Can be specified as individual addresses, a range or in CIDR format. Entries should be separated by a space. Can also be the full pathname to a file – must be started with @ 

LogFile The location of the log file for the milter. Will contain information about the lookups.

Confidence The confidence level above which the IP address should be considered malicious.

Workers The number of worker threads to start.

Debug If set to 1 it puts the milter into debug mode and produces lots of output into the log file.

AbuseIPDB Contributor Badge