Table of Contents

HOSTS adblocker

#!/bin/bash
 
# If this is our first run, save a copy of the system's original hosts file and set to read-only for safety
if [ ! -f /etc/hosts.bak ]
then
 echo "Saving copy of system's original hosts file..."
 sudo cp /etc/hosts /etc/hosts.bak
 sudo chmod 444 /etc/hosts.bak
fi
 
# Perform work in temporary files
temphosts1="/tmp/temphosts1.$$"
temphosts2="/tmp/temphosts2.$$"
temphosts3="/tmp/temphosts3.$$"
temphosts4="/tmp/temphosts4.$$"
 
# Obtain various hosts files and merge into one
echo "Downloading ad-blocking hosts files..."
wget -nv -O - http://winhelp2002.mvps.org/hosts.txt > $temphosts1
wget -nv -O - http://hosts-file.net/ad_servers.asp >> $temphosts1
#wget -nv -O - http://someonewhocares.org/hosts/hosts >> $temphosts1
wget -nv -O - http://someonewhocares.org/hosts/ipv6/hosts >> $temphosts1
wget -nv -O - http://www.malwaredomainlist.com/hostslist/hosts.txt >> $temphosts1
wget -nv -O - "http://pgl.yoyo.org/adservers/serverlist.php?hostformat=hosts&showintro=0&mimetype=plaintext" >> $temphosts1
 
# Do some work on the file:
# 1. Remove MS-DOS carriage returns
# 2. Delete all lines that don't begin with 127.0.0.1 or 0.0.0.0 or ::1
# 3. make everything lowercase
# 4. Delete any lines containing the word localhost because we'll obtain that from the original hosts file
# 5. Replace 127.0.0.1 and  0.0.0.0 with ::1 {localhost on IPv6}
# 5. Scrunch extraneous spaces separating address from name into a single tab
# 6. Delete any comments on lines
# 7. Clean up leftover trailing blanks
# 8. We whitelist hosts j.mp
#
# Pass all this through sort with the unique flag to remove duplicates and save the result
echo "Parsing, cleaning, de-duplicating, sorting..."
#
# IPv4
#sed -e 's/\r//' -e '/^127.0.0.1\|^0.0.0.0\|^::1/!d'  -e 's/\(.*\)/\L\1/' -e '/localhost/d'  -e 's/127.0.0.1/0.0.0.0/' -e 's/ \+/\t/' -e 's/#.*$//' -e 's/[ \t]*$//' < $temphosts1 | sort -u > $temphosts2
#
# IPv6 ready
sed -e 's/\r//' -e '/^127.0.0.1\|^0.0.0.0\|^::1/!d' -e 's/\(.*\)/\L\1/' -e '/localhost/d' -e 's/127.0.0.1/::1/' -e 's/0.0.0.0/::1/' -e 's/ \+/\t/' -e 's/#.*$//' -e 's/[ \t]*$//' < $temphosts1 | sort -u | grep -v $'\tj\.mp' > $temphosts2

# Combine system hosts with adblocks
echo Merging with original system hosts...
echo -e "# Windows HOSTS file should NOT be over 135K!\n# Ad blocking hosts generated "`date` > $temphosts4
cat /etc/hosts.bak $temphosts4 $temphosts2 > $temphosts3
sudo cp $temphosts3 /etc/hosts
 
# Clean up temp files and remind user to copy new file
echo "Cleaning up..."
rm $temphosts1 $temphosts2 $temphosts3 $temphosts4
echo "Done."
echo
echo "You can always restore your original hosts file with this command:"
echo " sudo cp /etc/hosts.bak /etc/hosts"
echo "so don't delete that file! (It's saved read-only for your protection.)"

# *buntu style
/etc/init.d/network-manager  restart


original (with bugs) @ http://www.deepthought.ws/linux/bash-script-hosts-file-ad-blocker/

how to use this in Ubuntu »> https://tnt.aufbix.org/linux/ubuntu#optimize_dnsmasq_in_networkmanager

Fighting SPAM

http://pgl.yoyo.org/as/index.php

DNS "greylisting"

http://nolisting.org/

http://wiki.apache.org/spamassassin/OtherTricks

IN MX 10  spamtrap-tryothermx
IN MX 20 your.real.mx.server
IN MX 25 your-ipv4only.real.mx.server
IN MX 30 spamtrap-tryothermx

Most spam/viruses will hit primary and backup MX server with lower priority.
spamtrap-tryothermx points to a VALID IP, but connections on port 25/tcp (smtp) will (and must!) timeout.

[http://www.faqs.org/rfcs/rfc2821]

5. Address Resolution and Mail Handling

When the lookup succeeds, the mapping can result in a list of
alternative delivery addresses rather than a single address, because
of multiple MX records, multihoming, or both. To provide reliable
mail transmission, the SMTP client MUST be able to try (and retry)
each of the relevant addresses in this list in order, until a
delivery attempt succeeds.

p0f

#! /bin/sh
#
# start p0f

case "$1" in
        start)
        /usr/sbin/p0f -i eth2 -l 'tcp dst port 25' 2>&1 | /usr/sbin/p0f-analyzer 2345 &
         ;;

        stop)  ps aux | grep p0 | grep -v grep | grep -v stop
        #killall -9 /usr/sbin/p0f
        echo "You will have to kill p0f and p0f-analyzer manually"
         ;;

        *) N=/etc/init.d/$NAME
        echo "Usage: $N {start|stop}" >&2
        exit 1
         ;;
esac
exit 0

p0f spamassassin

/etc/spamassassin/local.cf:

header L_P0F_WXP X-Amavis-OS-Fingerprint =~ /^Windows XP/
score L_P0F_WXP 3.5
header L_P0F_W X-Amavis-OS-Fingerprint =~ /^Windows(?! XP)/
score L_P0F_W 1.7
header L_P0F_UNKN X-Amavis-OS-Fingerprint =~ /^UNKNOWN/
score L_P0F_UNKN 0.8
header L_P0F_Unix X-Amavis-OS-Fingerprint =~ /^((Free|Open|Net)BSD)|Solaris|HP-UX|Tru64/
score L_P0F_Unix -1.0

/etc/amavis/conf.d/50-user.cfg


# Use passive OS fingerprinting
$os_fingerprint_method = 'p0f:127.0.0.1:2345';

#$log_level = 1;


$policy_bank{'MYNETS'}{os_fingerprint_method} = undef;

clam

add clamav to amavis group

01-debian:
$unrar = ['rar', 'unrar-free']

/etc/amavis/conf.d/05-domain_id

chomp($mydomain = `hostname -d`); @local_domains_acl = qw (.);

20-debian-defaults
$virus_quarantine_method = undef;
$spam_quarantine_method = undef;
$banned_files_quarantine_method = undef;
$bad_header_quarantine_method = undef;

$final_spam_destiny = D_PASS;

$X_HEADER_LINE = “$myproduct_name at $mydomain”;

30-template-localization
$hdr_encoding = 'utf-8';
$bdy_encoding = 'utf-8';