===== HOSTS adblocker ====


<code bash>
#!/bin/bash
 
# If this is our first run, save a copy of the system's original hosts file and set to read-only for safety
if [ ! -f /etc/hosts.bak ]
then
 echo "Saving copy of system's original hosts file..."
 sudo cp /etc/hosts /etc/hosts.bak
 sudo chmod 444 /etc/hosts.bak
fi
 
# Perform work in temporary files
temphosts1="/tmp/temphosts1.$$"
temphosts2="/tmp/temphosts2.$$"
temphosts3="/tmp/temphosts3.$$"
temphosts4="/tmp/temphosts4.$$"
 
# Obtain various hosts files and merge into one
echo "Downloading ad-blocking hosts files..."
wget -nv -O - http://winhelp2002.mvps.org/hosts.txt > $temphosts1
wget -nv -O - http://hosts-file.net/ad_servers.asp >> $temphosts1
#wget -nv -O - http://someonewhocares.org/hosts/hosts >> $temphosts1
wget -nv -O - http://someonewhocares.org/hosts/ipv6/hosts >> $temphosts1
wget -nv -O - http://www.malwaredomainlist.com/hostslist/hosts.txt >> $temphosts1
wget -nv -O - "http://pgl.yoyo.org/adservers/serverlist.php?hostformat=hosts&showintro=0&mimetype=plaintext" >> $temphosts1
 
# Do some work on the file:
# 1. Remove MS-DOS carriage returns
# 2. Delete all lines that don't begin with 127.0.0.1 or 0.0.0.0 or ::1
# 3. make everything lowercase
# 4. Delete any lines containing the word localhost because we'll obtain that from the original hosts file
# 5. Replace 127.0.0.1 and  0.0.0.0 with ::1 {localhost on IPv6}
# 5. Scrunch extraneous spaces separating address from name into a single tab
# 6. Delete any comments on lines
# 7. Clean up leftover trailing blanks
# 8. We whitelist hosts j.mp
#
# Pass all this through sort with the unique flag to remove duplicates and save the result
echo "Parsing, cleaning, de-duplicating, sorting..."
#
# IPv4
#sed -e 's/\r//' -e '/^127.0.0.1\|^0.0.0.0\|^::1/!d'  -e 's/\(.*\)/\L\1/' -e '/localhost/d'  -e 's/127.0.0.1/0.0.0.0/' -e 's/ \+/\t/' -e 's/#.*$//' -e 's/[ \t]*$//' < $temphosts1 | sort -u > $temphosts2
#
# IPv6 ready
sed -e 's/\r//' -e '/^127.0.0.1\|^0.0.0.0\|^::1/!d' -e 's/\(.*\)/\L\1/' -e '/localhost/d' -e 's/127.0.0.1/::1/' -e 's/0.0.0.0/::1/' -e 's/ \+/\t/' -e 's/#.*$//' -e 's/[ \t]*$//' < $temphosts1 | sort -u | grep -v $'\tj\.mp' > $temphosts2

# Combine system hosts with adblocks
echo Merging with original system hosts...
echo -e "# Windows HOSTS file should NOT be over 135K!\n# Ad blocking hosts generated "`date` > $temphosts4
cat /etc/hosts.bak $temphosts4 $temphosts2 > $temphosts3
sudo cp $temphosts3 /etc/hosts
 
# Clean up temp files and remind user to copy new file
echo "Cleaning up..."
rm $temphosts1 $temphosts2 $temphosts3 $temphosts4
echo "Done."
echo
echo "You can always restore your original hosts file with this command:"
echo " sudo cp /etc/hosts.bak /etc/hosts"
echo "so don't delete that file! (It's saved read-only for your protection.)"

# *buntu style
/etc/init.d/network-manager  restart


</code>

original (with bugs) @ http://www.deepthought.ws/linux/bash-script-hosts-file-ad-blocker/


how to use this in Ubuntu >>> https://tnt.aufbix.org/linux/ubuntu#optimize_dnsmasq_in_networkmanager
====== Fighting SPAM ======

http://pgl.yoyo.org/as/index.php


===== DNS "greylisting" =====

http://nolisting.org/


http://wiki.apache.org/spamassassin/OtherTricks

  IN MX 10  spamtrap-tryothermx
  IN MX 20 your.real.mx.server
  IN MX 25 your-ipv4only.real.mx.server
  IN MX 30 spamtrap-tryothermx

Most spam/viruses will hit primary and backup MX server with lower priority.
\\
spamtrap-tryothermx points to a VALID IP, but connections on port 25/tcp (smtp) will (and must!) timeout.

[http://www.faqs.org/rfcs/rfc2821]\\
\\
5. Address Resolution and Mail Handling\\
...\\
When the lookup succeeds, the mapping can result in a list of\\
alternative delivery addresses rather than a single address, because\\
of multiple MX records, multihoming, or both.  To provide reliable\\
mail transmission, the SMTP client **MUST** be able to try (and retry)\\
each of the relevant addresses in this list in order, until a\\
delivery attempt succeeds. \\
\\


  * greylisting ==
  * sender address verification =
  * RFC2820/2821 rules =
  * helo checks =
  * policyd-weight 



===p0f===

<code bash>
#! /bin/sh
#
# start p0f

case "$1" in
        start)
        /usr/sbin/p0f -i eth2 -l 'tcp dst port 25' 2>&1 | /usr/sbin/p0f-analyzer 2345 &
         ;;

        stop)  ps aux | grep p0 | grep -v grep | grep -v stop
        #killall -9 /usr/sbin/p0f
        echo "You will have to kill p0f and p0f-analyzer manually"
         ;;

        *) N=/etc/init.d/$NAME
        echo "Usage: $N {start|stop}" >&2
        exit 1
         ;;
esac
exit 0
</code>

===p0f spamassassin==
/etc/spamassassin/local.cf:\\

header L_P0F_WXP X-Amavis-OS-Fingerprint =~ /^Windows XP/\\
score L_P0F_WXP 3.5\\
header L_P0F_W X-Amavis-OS-Fingerprint =~ /^Windows(?! XP)/\\
score L_P0F_W 1.7\\
header L_P0F_UNKN X-Amavis-OS-Fingerprint =~ /^UNKNOWN/\\
score L_P0F_UNKN 0.8\\
header L_P0F_Unix X-Amavis-OS-Fingerprint =~ /^((Free|Open|Net)BSD)|Solaris|HP-UX|Tru64/\\
score L_P0F_Unix -1.0\\

=== /etc/amavis/conf.d/50-user.cfg ===


\\
# Use passive OS fingerprinting\\
$os_fingerprint_method = 'p0f:127.0.0.1:2345';\\
\\
#$log_level = 1;\\

\\
$policy_bank{'MYNETS'}{os_fingerprint_method} = undef;\\
\\

== clam ==

add clamav to amavis group

01-debian:\\
$unrar      = ['rar', 'unrar-free']

/etc/amavis/conf.d/05-domain_id

chomp($mydomain = `hostname -d`);
@local_domains_acl = qw (.);


20-debian-defaults\\
$virus_quarantine_method = undef;\\
$spam_quarantine_method = undef;\\
$banned_files_quarantine_method = undef;\\
$bad_header_quarantine_method = undef;\\
\\

$final_spam_destiny       = D_PASS;\\

$X_HEADER_LINE = "$myproduct_name at $mydomain";\\


30-template-localization\\
$hdr_encoding = 'utf-8';\\
$bdy_encoding = 'utf-8';\\