[[spam]]
Trace:
Show page
AdminRecent ChangesSitemap

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
spam [2008/05/01 22:18]
greebo 		spam [2016/08/05 09:00] (current)
zagi
Line 1: Line 1:
 +===== HOSTS adblocker ====
  
-= DNS "greylisting"= 
  
- IN MX 5  spamvoid.aufbix.org. +<code bash> 
- IN MX 10 your.real.mx.server +#!/bin/bash 
- IN MX 15 spamvoid.aufbix.org.+  
 +# If this is our first run, save a copy of the system's original hosts file and set to read-only for safety 
 +if [ ! -f /etc/hosts.bak ] 
 +then 
 + echo "Saving copy of system's original hosts file..." 
 + sudo cp /etc/hosts /etc/hosts.bak 
 + sudo chmod 444 /etc/hosts.bak 
 +fi 
 +  
 +# Perform work in temporary files 
 +temphosts1="/tmp/temphosts1.$$" 
 +temphosts2="/tmp/temphosts2.$$" 
 +temphosts3="/tmp/temphosts3.$$" 
 +temphosts4="/tmp/temphosts4.$$" 
 +  
 +# Obtain various hosts files and merge into one 
 +echo "Downloading ad-blocking hosts files..." 
 +wget -nv -O - http://winhelp2002.mvps.org/hosts.txt > $temphosts1 
 +wget -nv -O - http://hosts-file.net/ad_servers.asp >> $temphosts1 
 +#wget -nv -O - http://someonewhocares.org/hosts/hosts >> $temphosts1 
 +wget -nv -O - http://someonewhocares.org/hosts/ipv6/hosts >> $temphosts1 
 +wget -nv -O - http://www.malwaredomainlist.com/hostslist/hosts.txt >> $temphosts1 
 +wget -nv -O - "http://pgl.yoyo.org/adservers/serverlist.php?hostformat=hosts&showintro=0&mimetype=plaintext" >> $temphosts1 
 +  
 +# Do some work on the file: 
 +# 1. Remove MS-DOS carriage returns 
 +# 2. Delete all lines that don't begin with 127.0.0.1 or 0.0.0.0 or ::1 
 +# 3. make everything lowercase 
 +# 4. Delete any lines containing the word localhost because we'll obtain that from the original hosts file 
 +# 5. Replace 127.0.0.1 and  0.0.0.0 with ::1 {localhost on IPv6} 
 +5. Scrunch extraneous spaces separating address from name into a single tab 
 +# 6. Delete any comments on lines 
 +# 7. Clean up leftover trailing blanks 
 +# 8. We whitelist hosts j.mp 
 +
 +# Pass all this through sort with the unique flag to remove duplicates and save the result 
 +echo "Parsing, cleaning, de-duplicating, sorting..." 
 +
 +# IPv4 
 +#sed -e 's/\r//' -e '/^127.0.0.1\|^0.0.0.0\|^::1/!d'  -e 's/\(.*\)/\L\1/' -e '/localhost/d'  -e 's/127.0.0.1/0.0.0.0/' -e 's/ \+/\t/' -e 's/#.*$//' -e 's/[ \t]*$//' < $temphosts1 | sort -u > $temphosts2 
 +
 +# IPv6 ready 
 +sed -e 's/\r//' -e '/^127.0.0.1\|^0.0.0.0\|^::1/!d' -e 's/\(.*\)/\L\1/' -e '/localhost/d' -e 's/127.0.0.1/::1/' -e 's/0.0.0.0/::1/' -e 's/ \+/\t/' -e 's/#.*$//' -e 's/[ \t]*$//' < $temphosts1 | sort -u | grep -v $'\tj\.mp' > $temphosts2 
 + 
 +# Combine system hosts with adblocks 
 +echo Merging with original system hosts... 
 +echo -e "# Windows HOSTS file should NOT be over 135K!\n# Ad blocking hosts generated "`date` > $temphosts4 
 +cat /etc/hosts.bak $temphosts4 $temphosts2 > $temphosts3 
 +sudo cp $temphosts3 /etc/hosts 
 +  
 +# Clean up temp files and remind user to copy new file 
 +echo "Cleaning up..." 
 +rm $temphosts1 $temphosts2 $temphosts3 $temphosts4 
 +echo "Done." 
 +echo 
 +echo "You can always restore your original hosts file with this command:" 
 +echo " sudo cp /etc/hosts.bak /etc/hosts" 
 +echo "so don't delete that file! (It's saved read-only for your protection.)" 
 + 
 +# *buntu style 
 +/etc/init.d/network-manager  restart 
 + 
 + 
 +</code> 
 + 
 +original (with bugs) @ http://www.deepthought.ws/linux/bash-script-hosts-file-ad-blocker/ 
 + 
 + 
 +how to use this in Ubuntu >>> https://tnt.aufbix.org/linux/ubuntu#optimize_dnsmasq_in_networkmanager 
 +====== Fighting SPAM ====== 
 + 
 +http://pgl.yoyo.org/as/index.php 
 + 
 + 
 +===== DNS "greylisting" ===== 
 + 
 +http://nolisting.org/ 
 + 
 + 
 +http://wiki.apache.org/spamassassin/OtherTricks 
 + 
 +  IN MX 10  spamtrap-tryothermx 
 +  IN MX 20 your.real.mx.server 
 +  IN MX 25 your-ipv4only.real.mx.server 
 +  IN MX 30 spamtrap-tryothermx
  
 Most spam/viruses will hit primary and backup MX server with lower priority. Most spam/viruses will hit primary and backup MX server with lower priority.
-Spamvoid.aufbix.org points to a VALID IP, but connections on port 25/tcp (smtp) will (and must) timeout.+\\ 
 +spamtrap-tryothermx points to a VALID IP, but connections on port 25/tcp (smtp) will (and must!) timeout. 
 + 
 +[http://www.faqs.org/rfcs/rfc2821]\\ 
 +\\ 
 +5. Address Resolution and Mail Handling\\ 
 +...\\ 
 +When the lookup succeeds, the mapping can result in a list of\\ 
 +alternative delivery addresses rather than a single address, because\\ 
 +of multiple MX records, multihoming, or both.  To provide reliable\\ 
 +mail transmission, the SMTP client **MUST** be able to try (and retry)\\ 
 +each of the relevant addresses in this list in order, until a\\ 
 +delivery attempt succeeds. \\ 
 +\\ 
 + 
 + 
 +  * greylisting == 
 +  * sender address verification = 
 +  * RFC2820/2821 rules = 
 +  * helo checks = 
 +  * policyd-weight  
 + 
 + 
 + 
 +===p0f=== 
 + 
 +<code bash> 
 +#! /bin/sh 
 +
 +# start p0f 
 + 
 +case "$1" in 
 +        start) 
 +        /usr/sbin/p0f -i eth2 -l 'tcp dst port 25' 2>&1 | /usr/sbin/p0f-analyzer 2345 & 
 +         ;; 
 + 
 +        stop)  ps aux | grep p0 | grep -v grep | grep -v stop 
 +        #killall -9 /usr/sbin/p0f 
 +        echo "You will have to kill p0f and p0f-analyzer manually" 
 +         ;; 
 + 
 +        *) N=/etc/init.d/$NAME 
 +        echo "Usage: $N {start|stop}" >&
 +        exit 1 
 +         ;; 
 +esac 
 +exit 0 
 +</code> 
 + 
 +===p0f spamassassin== 
 +/etc/spamassassin/local.cf:\\ 
 + 
 +header L_P0F_WXP X-Amavis-OS-Fingerprint =~ /^Windows XP/\\ 
 +score L_P0F_WXP 3.5\\ 
 +header L_P0F_W X-Amavis-OS-Fingerprint =~ /^Windows(?! XP)/\\ 
 +score L_P0F_W 1.7\\ 
 +header L_P0F_UNKN X-Amavis-OS-Fingerprint =~ /^UNKNOWN/\\ 
 +score L_P0F_UNKN 0.8\\ 
 +header L_P0F_Unix X-Amavis-OS-Fingerprint =~ /^((Free|Open|Net)BSD)|Solaris|HP-UX|Tru64/\\ 
 +score L_P0F_Unix -1.0\\ 
 + 
 +=== /etc/amavis/conf.d/50-user.cfg === 
 + 
 + 
 +\\ 
 +# Use passive OS fingerprinting\\ 
 +$os_fingerprint_method = 'p0f:127.0.0.1:2345';\\ 
 +\\ 
 +#$log_level = 1;\\ 
 + 
 +\\ 
 +$policy_bank{'MYNETS'}{os_fingerprint_method} = undef;\\ 
 +\\ 
 + 
 +== clam == 
 + 
 +add clamav to amavis group 
 + 
 +01-debian:\\ 
 +$unrar      = ['rar', 'unrar-free'
 + 
 +/etc/amavis/conf.d/05-domain_id 
 + 
 +chomp($mydomain = `hostname -d`); 
 +@local_domains_acl = qw (.); 
 + 
 + 
 +20-debian-defaults\\ 
 +$virus_quarantine_method = undef;\\ 
 +$spam_quarantine_method = undef;\\ 
 +$banned_files_quarantine_method = undef;\\ 
 +$bad_header_quarantine_method = undef;\\ 
 +\\ 
 + 
 +$final_spam_destiny       = D_PASS;\\ 
 + 
 +$X_HEADER_LINE = "$myproduct_name at $mydomain";\\ 
  
-  greylisting =+30-template-localization\\ 
 +$hdr_encoding 'utf-8';\\ 
 +$bdy_encoding 'utf-8';\\
  
-  = sender address verification = 
-  = RFC2820/2821 rules = 
-  = helo checks = 
-  = policyd-weight = 
spam.1209673081.txt.gz · Last modified: 2009/05/25 00:34 (external edit)
Show pageOld revisions
Media ManagerBack to top
CC Attribution-Share Alike 4.0 International
Driven by DokuWiki Recent changes RSS feed Valid CSS Valid XHTML 1.0 ipv6 ready