SpamHaus DROP list
hvdkooij at vanderkooij.org
hvdkooij at vanderkooij.org
Mon Oct 15 21:35:45 IST 2007
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Alex Neuman van der Hans wrote:
> Anybody here had any success/horror stories regarding the implementation
> of the SpamHaus DROP list? I've been getting a lot of crap (spam and
> other assorted network nonsense) from places in the DROP list and I'd
> like to know if it's worth implementing at the firewall level. Any info
> on false positives would be good too, specially if there are any
> otherwise legit servers in that "rough network neighborhood".
Too early to tell. I just wrote script to add it to my postfix blocking.
I guess blacklisting is more effective them stopping it with IP tables.
This way they will not try my fallback server(s).
In main.cf:
smtpd_client_restrictions =
check_client_access cidr:/etc/postfix/cidr/spamhause-droplist
And the update script:
#!/usr/bin/perl
use LWP::Simple;
$workdir = "/etc/postfix/cidr";
$file = "$workdir/spamhaus-droplist";
$url = "http://www.spamhaus.org/drop/drop.lasso";
my $content = get $url;
die "Couldn't get $url" unless defined $content;
#print $content;
@lines = split(/\n/, $content);
open(FILE, ">$file");
print FILE "#\n# spamhaus.org BLOCK list\n#
http://www.spamhaus.org/drop/drop.lasso\n#\n";
foreach $line (@lines) {
if ($line =~ / ; /) {
($IP,$identifier) = split(/ ; /,$line);
$length = 40 - length($IP);
$filler = " " x $length;
$string = $IP . $filler . "REJECT spamhaus.org BLOCK list " .
$identifier;
print FILE "$string\n";
}
}
close FILE;
# EOF
Feel free to use it or enhance it. But be nice and do not run it too
much. I guess every 3 hours should do the trick.
Hugo.
- --
hvdkooij at vanderkooij.org http://hugo.vanderkooij.org/
Don't meddle in the affairs of sysadmins,
for they are subtle and quick to anger.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
iD8DBQFHE88eBvzDRVjxmYERAurgAKCExrH3Q/wN11VDHedn8c2raR8X0gCgshtZ
teARwaPl9spgPq6igROP/zw=
=bid6
-----END PGP SIGNATURE-----
More information about the MailScanner
mailing list