HOSTS adblocker

# If this is our first run, save a copy of the system's original hosts file and set to read-only for safety
if [ ! -f /etc/hosts.bak ]
 echo "Saving copy of system's original hosts file..."
 sudo cp /etc/hosts /etc/hosts.bak
 sudo chmod 444 /etc/hosts.bak
# Perform work in temporary files
# Obtain various hosts files and merge into one
echo "Downloading ad-blocking hosts files..."
wget -nv -O - > $temphosts1
wget -nv -O - >> $temphosts1
#wget -nv -O - >> $temphosts1
wget -nv -O - >> $temphosts1
wget -nv -O - >> $temphosts1
wget -nv -O - "" >> $temphosts1
# Do some work on the file:
# 1. Remove MS-DOS carriage returns
# 2. Delete all lines that don't begin with or or ::1
# 3. make everything lowercase
# 4. Delete any lines containing the word localhost because we'll obtain that from the original hosts file
# 5. Replace and with ::1 {localhost on IPv6}
# 5. Scrunch extraneous spaces separating address from name into a single tab
# 6. Delete any comments on lines
# 7. Clean up leftover trailing blanks
# 8. We whitelist hosts
# Pass all this through sort with the unique flag to remove duplicates and save the result
echo "Parsing, cleaning, de-duplicating, sorting..."
# IPv4
#sed -e 's/\r//' -e '/^\|^\|^::1/!d'  -e 's/\(.*\)/\L\1/' -e '/localhost/d'  -e 's/' -e 's/ \+/\t/' -e 's/#.*$//' -e 's/[ \t]*$//' < $temphosts1 | sort -u > $temphosts2
# IPv6 ready
sed -e 's/\r//' -e '/^\|^\|^::1/!d' -e 's/\(.*\)/\L\1/' -e '/localhost/d' -e 's/' -e 's/' -e 's/ \+/\t/' -e 's/#.*$//' -e 's/[ \t]*$//' < $temphosts1 | sort -u | grep -v $'\tj\.mp' > $temphosts2

# Combine system hosts with adblocks
echo Merging with original system hosts...
echo -e "# Windows HOSTS file should NOT be over 135K!\n# Ad blocking hosts generated "`date` > $temphosts4
cat /etc/hosts.bak $temphosts4 $temphosts2 > $temphosts3
sudo cp $temphosts3 /etc/hosts
# Clean up temp files and remind user to copy new file
echo "Cleaning up..."
rm $temphosts1 $temphosts2 $temphosts3 $temphosts4
echo "Done."
echo "You can always restore your original hosts file with this command:"
echo " sudo cp /etc/hosts.bak /etc/hosts"
echo "so don't delete that file! (It's saved read-only for your protection.)"

# *buntu style
/etc/init.d/network-manager  restart

original (with bugs) @

how to use this in Ubuntu »>

Fighting SPAM

DNS "greylisting"

IN MX 10  spamtrap-tryothermx
IN MX 20
IN MX 25
IN MX 30 spamtrap-tryothermx

Most spam/viruses will hit primary and backup MX server with lower priority.
spamtrap-tryothermx points to a VALID IP, but connections on port 25/tcp (smtp) will (and must!) timeout.


5. Address Resolution and Mail Handling

When the lookup succeeds, the mapping can result in a list of
alternative delivery addresses rather than a single address, because
of multiple MX records, multihoming, or both. To provide reliable
mail transmission, the SMTP client MUST be able to try (and retry)
each of the relevant addresses in this list in order, until a
delivery attempt succeeds.

  • greylisting ==
  • sender address verification =
  • RFC2820/2821 rules =
  • helo checks =
  • policyd-weight


#! /bin/sh
# start p0f

case "$1" in
        /usr/sbin/p0f -i eth2 -l 'tcp dst port 25' 2>&1 | /usr/sbin/p0f-analyzer 2345 &

        stop)  ps aux | grep p0 | grep -v grep | grep -v stop
        #killall -9 /usr/sbin/p0f
        echo "You will have to kill p0f and p0f-analyzer manually"

        *) N=/etc/init.d/$NAME
        echo "Usage: $N {start|stop}" >&2
        exit 1
exit 0

p0f spamassassin


header L_P0F_WXP X-Amavis-OS-Fingerprint =~ /^Windows XP/
score L_P0F_WXP 3.5
header L_P0F_W X-Amavis-OS-Fingerprint =~ /^Windows(?! XP)/
score L_P0F_W 1.7
header L_P0F_UNKN X-Amavis-OS-Fingerprint =~ /^UNKNOWN/
score L_P0F_UNKN 0.8
header L_P0F_Unix X-Amavis-OS-Fingerprint =~ /^((Free|Open|Net)BSD)|Solaris|HP-UX|Tru64/
score L_P0F_Unix -1.0


# Use passive OS fingerprinting
$os_fingerprint_method = 'p0f:';

#$log_level = 1;

$policy_bank{'MYNETS'}{os_fingerprint_method} = undef;


add clamav to amavis group

$unrar = ['rar', 'unrar-free']


chomp($mydomain = `hostname -d`); @local_domains_acl = qw (.);

$virus_quarantine_method = undef;
$spam_quarantine_method = undef;
$banned_files_quarantine_method = undef;
$bad_header_quarantine_method = undef;

$final_spam_destiny = D_PASS;

$X_HEADER_LINE = “$myproduct_name at $mydomain”;

$hdr_encoding = 'utf-8';
$bdy_encoding = 'utf-8';

spam.txt · Last modified: 2016/08/05 09:00 by zagi
CC Attribution-Share Alike 4.0 International
Driven by DokuWiki Recent changes RSS feed Valid CSS Valid XHTML 1.0 ipv6 ready