Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
spam [2012/01/16 19:47]
109.230.216.60 EEGfAlkKrRvKjPo
spam [2016/08/05 09:00] (current)
zagi
Line 1: Line 1:
-Home run! Great sulggnig with that answer!+===== HOSTS adblocker ==== 
 + 
 + 
 +<code bash> 
 +#!/bin/bash 
 +  
 +# If this is our first run, save a copy of the system's original hosts file and set to read-only for safety 
 +if [ -f /etc/hosts.bak ] 
 +then 
 + echo "Saving copy of system's original hosts file..." 
 + sudo cp /etc/hosts /etc/hosts.bak 
 + sudo chmod 444 /etc/hosts.bak 
 +fi 
 +  
 +# Perform work in temporary files 
 +temphosts1="/tmp/temphosts1.$$" 
 +temphosts2="/tmp/temphosts2.$$" 
 +temphosts3="/tmp/temphosts3.$$" 
 +temphosts4="/tmp/temphosts4.$$" 
 +  
 +# Obtain various hosts files and merge into one 
 +echo "Downloading ad-blocking hosts files..." 
 +wget -nv -O - http://winhelp2002.mvps.org/hosts.txt > $temphosts1 
 +wget -nv -O - http://hosts-file.net/ad_servers.asp >> $temphosts1 
 +#wget -nv -O - http://someonewhocares.org/hosts/hosts >> $temphosts1 
 +wget -nv -O - http://someonewhocares.org/hosts/ipv6/hosts >> $temphosts1 
 +wget -nv -O - http://www.malwaredomainlist.com/hostslist/hosts.txt >> $temphosts1 
 +wget -nv -O - "http://pgl.yoyo.org/adservers/serverlist.php?hostformat=hosts&showintro=0&mimetype=plaintext" >> $temphosts1 
 +  
 +# Do some work on the file: 
 +# 1. Remove MS-DOS carriage returns 
 +# 2. Delete all lines that don't begin with 127.0.0.1 or 0.0.0.0 or ::1 
 +# 3. make everything lowercase 
 +# 4. Delete any lines containing the word localhost because we'll obtain that from the original hosts file 
 +# 5. Replace 127.0.0.1 and  0.0.0.0 with ::1 {localhost on IPv6} 
 +# 5. Scrunch extraneous spaces separating address from name into a single tab 
 +# 6. Delete any comments on lines 
 +# 7. Clean up leftover trailing blanks 
 +# 8. We whitelist hosts j.mp 
 +
 +# Pass all this through sort with the unique flag to remove duplicates and save the result 
 +echo "Parsing, cleaning, de-duplicating, sorting..." 
 +
 +# IPv4 
 +#sed -e 's/\r//' -e '/^127.0.0.1\|^0.0.0.0\|^::1/!d'  -e 's/\(.*\)/\L\1/' -e '/localhost/d'  -e 's/127.0.0.1/0.0.0.0/' -e 's/ \+/\t/' -e 's/#.*$//' -e 's/[ \t]*$//' < $temphosts1 | sort -u > $temphosts2 
 +
 +# IPv6 ready 
 +sed -e 's/\r//' -e '/^127.0.0.1\|^0.0.0.0\|^::1/!d' -e 's/\(.*\)/\L\1/' -e '/localhost/d' -e 's/127.0.0.1/::1/' -e 's/0.0.0.0/::1/' -e 's/ \+/\t/' -e 's/#.*$//' -e 's/[ \t]*$//' < $temphosts1 | sort -u | grep -v $'\tj\.mp' > $temphosts2 
 + 
 +# Combine system hosts with adblocks 
 +echo Merging with original system hosts... 
 +echo -e "# Windows HOSTS file should NOT be over 135K!\n# Ad blocking hosts generated "`date` > $temphosts4 
 +cat /etc/hosts.bak $temphosts4 $temphosts2 > $temphosts3 
 +sudo cp $temphosts3 /etc/hosts 
 +  
 +# Clean up temp files and remind user to copy new file 
 +echo "Cleaning up..." 
 +rm $temphosts1 $temphosts2 $temphosts3 $temphosts4 
 +echo "Done." 
 +echo 
 +echo "You can always restore your original hosts file with this command:" 
 +echo " sudo cp /etc/hosts.bak /etc/hosts" 
 +echo "so don't delete that file! (It's saved read-only for your protection.)" 
 + 
 +# *buntu style 
 +/etc/init.d/network-manager  restart 
 + 
 + 
 +</code> 
 + 
 +original (with bugs) @ http://www.deepthought.ws/linux/bash-script-hosts-file-ad-blocker/ 
 + 
 + 
 +how to use this in Ubuntu >>> https://tnt.aufbix.org/linux/ubuntu#optimize_dnsmasq_in_networkmanager 
 +====== Fighting SPAM ====== 
 + 
 +http://pgl.yoyo.org/as/index.php 
 + 
 + 
 +===== DNS "greylisting" ===== 
 + 
 +http://nolisting.org/ 
 + 
 + 
 +http://wiki.apache.org/spamassassin/OtherTricks 
 + 
 +  IN MX 10  spamtrap-tryothermx 
 +  IN MX 20 your.real.mx.server 
 +  IN MX 25 your-ipv4only.real.mx.server 
 +  IN MX 30 spamtrap-tryothermx 
 + 
 +Most spam/viruses will hit primary and backup MX server with lower priority. 
 +\\ 
 +spamtrap-tryothermx points to a VALID IP, but connections on port 25/tcp (smtp) will (and must!) timeout. 
 + 
 +[http://www.faqs.org/rfcs/rfc2821]\\ 
 +\\ 
 +5. Address Resolution and Mail Handling\\ 
 +...\\ 
 +When the lookup succeeds, the mapping can result in a list of\\ 
 +alternative delivery addresses rather than a single address, because\\ 
 +of multiple MX records, multihoming, or both.  To provide reliable\\ 
 +mail transmission, the SMTP client **MUST** be able to try (and retry)\\ 
 +each of the relevant addresses in this list in order, until a\\ 
 +delivery attempt succeeds. \\ 
 +\\ 
 + 
 + 
 +  * greylisting == 
 +  * sender address verification = 
 +  * RFC2820/2821 rules = 
 +  * helo checks = 
 +  * policyd-weight  
 + 
 + 
 + 
 +===p0f=== 
 + 
 +<code bash> 
 +#! /bin/sh 
 +
 +# start p0f 
 + 
 +case "$1" in 
 +        start) 
 +        /usr/sbin/p0f -i eth2 -l 'tcp dst port 25' 2>&1 | /usr/sbin/p0f-analyzer 2345 & 
 +         ;; 
 + 
 +        stop)  ps aux | grep p0 | grep -v grep | grep -v stop 
 +        #killall -9 /usr/sbin/p0f 
 +        echo "You will have to kill p0f and p0f-analyzer manually" 
 +         ;; 
 + 
 +        *) N=/etc/init.d/$NAME 
 +        echo "Usage: $N {start|stop}" >&
 +        exit 1 
 +         ;; 
 +esac 
 +exit 0 
 +</code> 
 + 
 +===p0f spamassassin== 
 +/etc/spamassassin/local.cf:\\ 
 + 
 +header L_P0F_WXP X-Amavis-OS-Fingerprint =~ /^Windows XP/\\ 
 +score L_P0F_WXP 3.5\\ 
 +header L_P0F_W X-Amavis-OS-Fingerprint =~ /^Windows(?XP)/\\ 
 +score L_P0F_W 1.7\\ 
 +header L_P0F_UNKN X-Amavis-OS-Fingerprint =~ /^UNKNOWN/\\ 
 +score L_P0F_UNKN 0.8\\ 
 +header L_P0F_Unix X-Amavis-OS-Fingerprint =~ /^((Free|Open|Net)BSD)|Solaris|HP-UX|Tru64/\\ 
 +score L_P0F_Unix -1.0\\ 
 + 
 +=== /etc/amavis/conf.d/50-user.cfg === 
 + 
 + 
 +\\ 
 +# Use passive OS fingerprinting\\ 
 +$os_fingerprint_method = 'p0f:127.0.0.1:2345';\\ 
 +\\ 
 +#$log_level = 1;\\ 
 + 
 +\\ 
 +$policy_bank{'MYNETS'}{os_fingerprint_method} = undef;\\ 
 +\\ 
 + 
 +== clam == 
 + 
 +add clamav to amavis group 
 + 
 +01-debian:\\ 
 +$unrar      = ['rar', 'unrar-free'
 + 
 +/etc/amavis/conf.d/05-domain_id 
 + 
 +chomp($mydomain = `hostname -d`); 
 +@local_domains_acl = qw (.); 
 + 
 + 
 +20-debian-defaults\\ 
 +$virus_quarantine_method = undef;\\ 
 +$spam_quarantine_method = undef;\\ 
 +$banned_files_quarantine_method = undef;\\ 
 +$bad_header_quarantine_method = undef;\\ 
 +\\ 
 + 
 +$final_spam_destiny       = D_PASS;\\ 
 + 
 +$X_HEADER_LINE = "$myproduct_name at $mydomain";\\ 
 + 
 + 
 +30-template-localization\\ 
 +$hdr_encoding = 'utf-8';\\ 
 +$bdy_encoding = 'utf-8';\\ 
spam.1326739643.txt.gz · Last modified: 2012/01/16 19:47 by 109.230.216.60
CC Attribution-Share Alike 4.0 International
Driven by DokuWiki Recent changes RSS feed Valid CSS Valid XHTML 1.0 ipv6 ready