Differences

This shows you the differences between two versions of the page.

--- spam [2012/01/16 19:47]
109.230.216.60 EEGfAlkKrRvKjPo
+++ spam [2016/08/05 08:58]
zagi
@@ Line 1: / Line 1: @@
-Home run! Great sulggnig with that answer!
+===== HOSTS adblocker ====
+<code bash>
+#!/bin/bash
+# If this is our first run, save a copy of the system's original hosts file and set to read-only for safety
+if [ ! -f /etc/hosts.bak ]
+then
+ echo "Saving copy of system's original hosts file..."
+ sudo cp /etc/hosts /etc/hosts.bak
+ sudo chmod 444 /etc/hosts.bak
+fi
+# Perform work in temporary files
+temphosts1="/tmp/temphosts1.$$"
+temphosts2="/tmp/temphosts2.$$"
+temphosts3="/tmp/temphosts3.$$"
+temphosts4="/tmp/temphosts4.$$"
+# Obtain various hosts files and merge into one
+echo "Downloading ad-blocking hosts files..."
+wget -nv -O - http://winhelp2002.mvps.org/hosts.txt > $temphosts1
+wget -nv -O - http://hosts-file.net/ad_servers.asp >> $temphosts1
+#wget -nv -O - http://someonewhocares.org/hosts/hosts >> $temphosts1
+wget -nv -O - http://someonewhocares.org/hosts/ipv6/hosts >> $temphosts1
+wget -nv -O - http://www.malwaredomainlist.com/hostslist/hosts.txt >> $temphosts1
+wget -nv -O - "http://pgl.yoyo.org/adservers/serverlist.php?hostformat=hosts&showintro=0&mimetype=plaintext" >> $temphosts1
+# Do some work on the file:
+# 1. Remove MS-DOS carriage returns
+# 2. Delete all lines that don't begin with 127.0.0.1 or 0.0.0.0 or ::1
+# 3. make everything lowercase
+# 4. Delete any lines containing the word localhost because we'll obtain that from the original hosts file
+# 5. Replace 127.0.0.1 and  0.0.0.0 with ::1 {localhost on IPv6}
+# 5. Scrunch extraneous spaces separating address from name into a single tab
+# 6. Delete any comments on lines
+# 7. Clean up leftover trailing blanks
+# 8. We whitelist hosts j.mp
+#
+# Pass all this through sort with the unique flag to remove duplicates and save the result
+echo "Parsing, cleaning, de-duplicating, sorting..."
+#
+# IPv4
+#sed -e 's/\r//' -e '/^127.0.0.1\|^0.0.0.0\|^::1/!d'  -e 's/\(.*\)/\L\1/' -e '/localhost/d'  -e 's/127.0.0.1/0.0.0.0/' -e 's/ \+/\t/' -e 's/#.*$//' -e 's/[ \t]*$//' < $temphosts1 | sort -u > $temphosts2
+#
+# IPv6 ready
+sed -e 's/\r//' -e '/^127.0.0.1\|^0.0.0.0\|^::1/!d' -e 's/\(.*\)/\L\1/' -e '/localhost/d' -e 's/127.0.0.1/::1/' -e 's/0.0.0.0/::1/' -e 's/ \+/\t/' -e 's/#.*$//' -e 's/[ \t]*$//' < $temphosts1 | sort -u | grep -v $'\tj\.mp' > $temphosts2
+# Combine system hosts with adblocks
+echo Merging with original system hosts...
+echo -e "Windows HOSTS file should NOT be over 135K!\n# Ad blocking hosts generated "`date` > $temphosts4
+cat /etc/hosts.bak $temphosts4 $temphosts2 > $temphosts3
+sudo cp $temphosts3 /etc/hosts
+# Clean up temp files and remind user to copy new file
+echo "Cleaning up..."
+rm $temphosts1 $temphosts2 $temphosts3 $temphosts4
+echo "Done."
+echo
+echo "You can always restore your original hosts file with this command:"
+echo " sudo cp /etc/hosts.bak /etc/hosts"
+echo "so don't delete that file! (It's saved read-only for your protection.)"
+# *buntu style
+/etc/init.d/network-manager  restart
+</code>
+original (with bugs) @ http://www.deepthought.ws/linux/bash-script-hosts-file-ad-blocker/
+how to use this in Ubuntu >>> https://tnt.aufbix.org/linux/ubuntu#optimize_dnsmasq_in_networkmanager
+====== Fighting SPAM ======
+http://pgl.yoyo.org/as/index.php
+===== DNS "greylisting" =====
+http://nolisting.org/
+http://wiki.apache.org/spamassassin/OtherTricks
+  IN MX 10  spamtrap-tryothermx
+  IN MX 20 your.real.mx.server
+  IN MX 25 your-ipv4only.real.mx.server
+  IN MX 30 spamtrap-tryothermx
+Most spam/viruses will hit primary and backup MX server with lower priority.
+\\
+spamtrap-tryothermx points to a VALID IP, but connections on port 25/tcp (smtp) will (and must!) timeout.
+[http://www.faqs.org/rfcs/rfc2821]\\
+\\
+. Address Resolution and Mail Handling\\
+...\\
+When the lookup succeeds, the mapping can result in a list of\\
+alternative delivery addresses rather than a single address, because\\
+of multiple MX records, multihoming, or both.  To provide reliable\\
+mail transmission, the SMTP client **MUST** be able to try (and retry)\\
+each of the relevant addresses in this list in order, until a\\
+delivery attempt succeeds. \\
+\\
+  * greylisting ==
+  * sender address verification =
+  * RFC2820/2821 rules =
+  * helo checks =
+  * policyd-weight
+===p0f===
+<code bash>
+#! /bin/sh
+#
+# start p0f
+case "$1" in
+        start)
+        /usr/sbin/p0f -i eth2 -l 'tcp dst port 25' 2>&1 | /usr/sbin/p0f-analyzer 2345 &
+         ;;
+        stop)  ps aux | grep p0 | grep -v grep | grep -v stop
+        #killall -9 /usr/sbin/p0f
+        echo "You will have to kill p0f and p0f-analyzer manually"
+         ;;
+        *) N=/etc/init.d/$NAME
+        echo "Usage: $N {start|stop}" >&2
+        exit 1
+         ;;
+esac
+exit 0
+</code>
+===p0f spamassassin==
+/etc/spamassassin/local.cf:\\
+header L_P0F_WXP X-Amavis-OS-Fingerprint =~ /^Windows XP/\\
+score L_P0F_WXP 3.5\\
+header L_P0F_W X-Amavis-OS-Fingerprint =~ /^Windows(?! XP)/\\
+score L_P0F_W 1.7\\
+header L_P0F_UNKN X-Amavis-OS-Fingerprint =~ /^UNKNOWN/\\
+score L_P0F_UNKN 0.8\\
+header L_P0F_Unix X-Amavis-OS-Fingerprint =~ /^((Free|Open|Net)BSD)|Solaris|HP-UX|Tru64/\\
+score L_P0F_Unix -1.0\\
+=== /etc/amavis/conf.d/50-user.cfg ===
+\\
+# Use passive OS fingerprinting\\
+$os_fingerprint_method = 'p0f:127.0.0.1:2345';\\
+\\
+#$log_level = 1;\\
+\\
+$policy_bank{'MYNETS'}{os_fingerprint_method} = undef;\\
+\\
+== clam ==
+add clamav to amavis group
+-debian:\\
+$unrar      = ['rar', 'unrar-free']
+/etc/amavis/conf.d/05-domain_id
+chomp($mydomain = `hostname -d`);
+@local_domains_acl = qw (.);
+-debian-defaults\\
+$virus_quarantine_method = undef;\\
+$spam_quarantine_method = undef;\\
+$banned_files_quarantine_method = undef;\\
+$bad_header_quarantine_method = undef;\\
+\\
+$final_spam_destiny       = D_PASS;\\
+$X_HEADER_LINE = "$myproduct_name at $mydomain";\\
+-template-localization\\
+$hdr_encoding = 'utf-8';\\
+$bdy_encoding = 'utf-8';\\