SpamHaus DROP list

[clacroix at cegep-ste-foy.qc.ca]

Using the perl script that was posted here earlier, and this simple
awk/sed pipe abuse i bet you can archive what you want quite easily, but
why would you want to block at the firewall level, it's so much cleaner to
do at the mta level, at least it won't fall back to your secondary MX.

cat spamhaus-droplist |awk '{print $1}' | sed -e 's/^/iptables -I INPUT -i
ethX -s /' | sed -e 's/$/-d 0\/0 -j DROP/'

I guess you can make some shell script that will
1 take the old file and generate equivalent delete rules
2 run the perl script found on this list earlier today
3 run the cmd above


anyways, i hope this can help you.




> Michael Mansour wrote:
>> Hi Alex,
>>
>> */Alex Neuman van der Hans <alex at nkpanama.com>/* wrote:
>>
>>     Anybody here had any success/horror stories regarding the
>>     implementation
>>     of the SpamHaus DROP list? I've been getting a lot of crap (spam and
>>     other assorted network nonsense) from places in the DROP list and
>> I'd
>>     like to know if it's worth implementing at the firewall level. Any
>>     info
>>     on false positives would be good too, specially if there are any
>>     otherwise legit servers in that "rough network neighborhood".
>>
>> I've been using the droplist for years and have never had any issues
>> with it.
>>
>> I have a script which runs which queries the site for new updates,
>> then applies to the blocklist and runs a shorewall refresh
>> automatically.
>>
>> I've never had complaints from anyone from getting blocked from those
>> IP's, since they are IP's which have been hijacked.
>>
> By "new updates" do you "wget" or "curl" the drop.lasso file (whatever
> the name is) and "diff" the existing file? I'm looking to write a simple
> script using iptables that'll do that, unless somebody's already
> invented the wheel.
>> Regards,
>>
>> Michael.
>>
>>     --
>>     MailScanner mailing list
>>     mailscanner at lists.mailscanner.info
>>     http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>
>>     Before posting, read http://wiki.mailscanner.info/posting
>>
>>     Support MailScanner development - buy the book off the website!
>>
>>
>> ------------------------------------------------------------------------
>> Sick of deleting your inbox? Yahoo!7 Mail has free unlimited storage.
>> Get it now
>> <http://au.rd.yahoo.com/mail/taglines/default_all/storage/*http://au.docs.yahoo.com/mail/unlimitedstorage.html>.
>
>
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>