Phishing Server Change
Thom van der Boon
thom at vdb.nl
Sat Aug 5 02:43:41 UTC 2017
Hi
Attached the two new scripts for testing
Both curl and wget will only download when a new file is on the remote server. curl is the prefered download method, wget as a backup
Met vriendelijke groet, Best regards,
Thom van der Boon
E-Mail: thom at vdb.nl
=====
Thom.H. van der Boon b.v.
Transito 4
6909 DA Babberich
Tel.: +31 (0)88 4272727
Fax: +31 (0)88 4272789
Home Page: http://www.vdb.nl/
Van: "Jerry Benton" <jerry.benton at mailborder.com>
Aan: "MailScanner Discussion" <mailscanner at lists.mailscanner.info>
Verzonden: Vrijdag 4 augustus 2017 21:16:11
Onderwerp: RE: Phishing Server Change
.master copy files have been added to the update server.
--
Jerry Benton
www.mailborder.com
+1 (843) 800-8605
+44 (020) 3883-8605
From: Jerry Benton [mailto:jerry.benton at mailborder.com]
Sent: Friday, August 4, 2017 1:42 PM
To: 'MailScanner Discussion' <mailscanner at lists.mailscanner.info>
Subject: RE: Phishing Server Change
Thom,
I can add a .master version of both files. That is not a problem. I will make a note to do that this weekend.
--
Jerry Benton
www.mailborder.com
+1 (843) 800-8605
+44 (020) 3883-8605
From: MailScanner [ mailto:mailscanner-bounces+jerry.benton=mailborder.com at lists.mailscanner.info ] On Behalf Of Thom van der Boon
Sent: Friday, August 4, 2017 1:22 PM
To: MailScanner Discussion < mailscanner at lists.mailscanner.info >
Subject: Re: Phishing Server Change
Jerry,
>> The logic of the script does not work as the current script. The current script downloads the file as .master and uses that file plus a .custom file to build the final list. It looks like this script was based on a very old version of the update script.
>> The script would have to keep a copy of the .master file instead of deleting it as it does in the current script in order to determine if the file on the update server has changed.
The problem is wget. To save bandwidth you want to run wget with the -N option (wget will only download if the remote file is newer than the local file), but the -O does not work together with the -N (curl does not have this problem)
To put it simple:
curl -z $CONFIGDIR/phishing.bad.sites.conf --compressed -o $CONFIGDIR/phishing.bad.sites.conf.master $THEURL
curl only downloads the remote phishing.bad.sites.conf to the local file to $CONFIGDIR/phishing.bad.sites.conf.master if the remote file is newer than the local phishing.bad.sites.conf
(curl is great)
wget does not support checking against an other file
If you want the script to work like you want it to work, there are two options:
a) we have to drop wget support because you can't check wether a newer version of the file is available
b) on the server there need to be both a phishing.bad.sites.conf but also a phishing.bad.sites.conf.master (same file, but wget needs to check against something with the same filename wether it has changed)
>> The script should not restart mailscanner if mailscanner has been manually stopped. (mailscanner.off file is present.)
>> The existence of /etc/init.d/mailscanner needs to be validated before being used. This file will not exist on a fully implemented systemd server and thus will not work across all platforms.
Will add this to the script
Met vriendelijke groet, Best regards,
Thom van der Boon
E-Mail: thom at vdb.nl
=====
Thom.H. van der Boon b.v.
Transito 4
6909 DA Babberich
Tel.: +31 (0)88 4272727
Fax: +31 (0)88 4272789
Home Page: http://www.vdb.nl/
Van: "Jerry Benton" < jerry.benton at mailborder.com >
Aan: "MailScanner Discussion" < mailscanner at lists.mailscanner.info >
Verzonden: Vrijdag 4 augustus 2017 17:18:03
Onderwerp: RE: Phishing Server Change
I briefly reviewed this script. A couple of problems:
* The logic of the script does not work as the current script. The current script downloads the file as .master and uses that file plus a .custom file to build the final list. It looks like this script was based on a very old version of the update script.
* The script should not restart mailscanner if mailscanner has been manually stopped. (mailscanner.off file is present.)
* The existence of /etc/init.d/mailscanner needs to be validated before being used. This file will not exist on a fully implemented systemd server and thus will not work across all platforms.
--
Jerry Benton
www.mailborder.com
+1 (843) 800-8605
+44 (020) 3883-8605
From: MailScanner [ mailto:mailscanner-bounces+jerry.benton=mailborder.com at lists.mailscanner.info ] On Behalf Of Thom van der Boon
Sent: Friday, August 4, 2017 1:52 AM
To: MailScanner Discussion < mailscanner at lists.mailscanner.info >
Subject: Re: Phishing Server Change
Jerry,
Attached a almost totally rewritten update_bad_phishing_sites script.It uses curl and as a fallback wget. If the remote file is not updated, it will not download (with both curl and wget).
New function: If a new phishing.bad.sites.conf is downloaded, mailscanner is reloaded (if that fails, mailscanner will be restarted)
Testing of the script and feedback is highly appriciated.
I will do the same for the other script in the upcoming day.
Met vriendelijke groet, Best regards,
Thom van der Boon
E-Mail: thom at vdb.nl
=====
Thom.H. van der Boon b.v.
Transito 4
6909 DA Babberich
Tel.: +31 (0)88 4272727
Fax: +31 (0)88 4272789
Home Page: http://www.vdb.nl/
Van: "Jerry Benton" < jerry.benton at mailborder.com >
Aan: "MailScanner Discussion" < mailscanner at lists.mailscanner.info >
Verzonden: Donderdag 3 augustus 2017 16:42:51
Onderwerp: RE: Phishing Server Change
Thom,
Yes, that is correct. I can disable the rejections so you can do your testing.
Ok … done. I disabled the rejects.
--
Jerry Benton
www.mailborder.com
+1 (843) 800-8605
+44 (020) 3883-8605
From: MailScanner [ mailto:mailscanner-bounces+jerry.benton=mailborder.com at lists.mailscanner.info ] On Behalf Of Thom van der Boon
Sent: Thursday, August 3, 2017 9:46 AM
To: MailScanner Discussion < mailscanner at lists.mailscanner.info >
Subject: Re: Phishing Server Change
Jerry,
I am currently debugging a update to the script
I am currently trying to get the wget part working that i only downloads when the remote file is newer... but the server refuses wget... is that correct?
Met vriendelijke groet, Best regards,
Thom van der Boon
E-Mail: thom at vdb.nl
=====
Thom.H. van der Boon b.v.
Transito 4
6909 DA Babberich
Tel.: +31 (0)88 4272727
Fax: +31 (0)88 4272789
Home Page: http://www.vdb.nl/
Van: "Jerry Benton" < jerry.benton at mailborder.com >
Aan: "MailScanner Discussion" < mailscanner at lists.mailscanner.info >
Verzonden: Donderdag 3 augustus 2017 07:03:07
Onderwerp: Phishing Server Change
Please use the updated version of the phishing updates script from
http://phishing.mailscanner.info/
I am trying to reduce bandwidth and the new script uses curl as the primary
method, which support gzip by default. The fallback is wget, which uses more
bandwidth. Most servers are still using the older update script version that
uses wget as the primary method. (You cannot just tell wget to use gzip
because the downloaded file ends up staying compressed and thus useless.)
The phishing server does about 550GB per month in transfers. Using wget the
bad phishing file transfer size is 280081 and with curl it is 119027. That
is almost half the transfer size. I would like to try to get that 550GB
number down. I don't want to have to pull out the big stick and start
blocking wget user agents, so please help me out here.
As a side note, there is no point in updating the phishing files every hour.
They get updated six times per day. If you are running every hour, please
change your cron settings to something less taxing. Again, I don't want to
pull out the big stick and start throttling IPs that are updating too often.
--
Jerry Benton
www.mailborder.com
+1 (843) 800-8605
+44 (020) 3883-8605
--
MailScanner mailing list
mailscanner at lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner
--
MailScanner mailing list
mailscanner at lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner
--
MailScanner mailing list
mailscanner at lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner
--
MailScanner mailing list
mailscanner at lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.mailscanner.info/pipermail/mailscanner/attachments/20170805/b26d1282/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: update_bad_phishing_sites
Type: application/x-shellscript
Size: 7140 bytes
Desc: not available
URL: <http://lists.mailscanner.info/pipermail/mailscanner/attachments/20170805/b26d1282/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: update_phishing_sites
Type: application/x-shellscript
Size: 7184 bytes
Desc: not available
URL: <http://lists.mailscanner.info/pipermail/mailscanner/attachments/20170805/b26d1282/attachment-0001.bin>
More information about the MailScanner
mailing list