SpamHaus DROP list

hvdkooij at vanderkooij.org hvdkooij at vanderkooij.org
Mon Oct 15 21:35:45 IST 2007


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Alex Neuman van der Hans wrote:
> Anybody here had any success/horror stories regarding the implementation
> of the SpamHaus DROP list? I've been getting a lot of crap (spam and
> other assorted network nonsense) from places in the DROP list and I'd
> like to know if it's worth implementing at the firewall level. Any info
> on false positives would be good too, specially if there are any
> otherwise legit servers in that "rough network neighborhood".

Too early to tell. I just wrote script to add it to my postfix blocking.
I guess blacklisting is more effective them stopping it with IP tables.
This way they will not try my fallback server(s).

In main.cf:

smtpd_client_restrictions =
	check_client_access cidr:/etc/postfix/cidr/spamhause-droplist

And the update script:

#!/usr/bin/perl

use LWP::Simple;

$workdir = "/etc/postfix/cidr";
$file = "$workdir/spamhaus-droplist";
$url = "http://www.spamhaus.org/drop/drop.lasso";

my $content = get $url;
die "Couldn't get $url" unless defined $content;

#print $content;

@lines = split(/\n/, $content);

open(FILE, ">$file");
print FILE "#\n#        spamhaus.org BLOCK list\n#
http://www.spamhaus.org/drop/drop.lasso\n#\n";

foreach $line (@lines) {
   if ($line =~ / ; /) {
      ($IP,$identifier) = split(/ ; /,$line);
      $length = 40 - length($IP);
      $filler = " " x $length;
      $string = $IP . $filler . "REJECT  spamhaus.org BLOCK list " .
$identifier;
      print FILE "$string\n";
      }
   }
close FILE;

# EOF


Feel free to use it or enhance it. But be nice and do not run it too
much. I guess every 3 hours should do the trick.

Hugo.

- --
hvdkooij at vanderkooij.org               http://hugo.vanderkooij.org/
	Don't meddle in the affairs of sysadmins,
	for they are subtle and quick to anger.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFHE88eBvzDRVjxmYERAurgAKCExrH3Q/wN11VDHedn8c2raR8X0gCgshtZ
teARwaPl9spgPq6igROP/zw=
=bid6
-----END PGP SIGNATURE-----


More information about the MailScanner mailing list