PT. Hawk Teknologi Solusi

Silahkan Cari Disini

Senin, 10 Agustus 2009

Blacklists/Blocklists

Blacklists or blocklists are lists of IP addresses, domain names, email addresses or content of the headers or the body, or some combination of these different types, that can be used to help identify spam. A special subset of IP address and domain name lists exist which can be queried using DNS, which are called DNS Blackhole Lists or DNSBLs. Blacklists can be unverified and cause “collateral damage”; their criteria for listing may not be clear.

Those blacklists listed here are just a tiny subset of all of the private access lists and ACLs that exist to block spam from private networks; that larger set is the source of the death of a thousand cuts that any spam friendly provider should eventually experience. They may not have the clout of SPEWS, but they may last even longer.


From:
http://spamlinks.net/filter-bl.htm


Postfix blacklist or reject an email address

Q. I’ve Postfix based CentOS Linux server. I need to blacklist email ID: user@abadboy.com . How do I blacklist email address with postfix? I also have spamassassin software installed.

A. By default, the Postfix SMTP server accepts any sender address. However you can block / blacklist sender email address easily with Postfix. It has SMTP server access table.

Open /etc/postfix/sender_access file
# cd /etc/postfix
# vi sender_access

Append sender email id as follows:
user@abadboy.com REJECT
Save and close the file. Use postmap command to create a database:
# postmap hash:sender_access
Now open main.cf and add code as follows:
smtpd_recipient_restrictions = check_sender_access hash:/etc/postfix/sender_access
Save and close the file. Restart / reload postfix MTA:
# /etc/init.d/postfix restart

You can also use spamassassin to blacklist email address. Just add to your own spamassassin configuration or to /etc/mail/spamassassin/local.cf file:
# vi /etc/mail/spamassassin/local.cf
Append blacklist as follows:
blacklist_from user@abadboy.com
Save and close the file. Restart spamassassin:
# /etc/init.d/spamassassin restart

spamassassin will marke mail as SPAM instead of rejecting the same.

From:
http://www.cyberciti.biz/faq/howto-blacklist-reject-sender-email-address/

Minggu, 09 Agustus 2009

Lindungi jaringan anda dari daftar ip yang terindentifikasi pada dshield dan spamhaus

Pagi ini lagi-lagi smtp ku di buat mabok oleh traffic spam , iseng aku cari di google bagaimana fetch daftar ip sumber spam langsung di mikrotik ternyata ketemu link berikut:

http://forum.mikrotik.com/viewtopic.php?f=9&t=24427


berikut adalah contoh script + scheduling + firewall filter yang saya gunakan di router mikrotik 3.25:


# aug/09/2009 11:27:24 by RouterOS 3.25
#
/system script
add name=fetch-dshield-spamhaus policy=\
ftp,reboot,read,write,policy,test,winbox,password,sniff source="## Parse D\
SHIELD & Spamhaus feed and build an address-list.\r\
\n## Written by Sam Norris, ChangeIP.com 2008\r\
\n## Any comments or suggestions welcome in the forums.\r\
\n##\r\
\n## 06/03/08 - Initial list parsing.\r\
\n\r\
\n/tool fetch address=feeds.dshield.org host=feeds.dshield.org mode=http s\
rc-path=block.txt\r\
\n/tool fetch address=www.spamhaus.org host=www.spamhaus.org mode=http src\
-path=drop/drop.lasso\r\
\n\r\
\n##\r\
\n## DSHIELD Drop List\r\
\n##\r\
\n\r\
\n:if ( [/file get [/file find name=block.txt] size] > 0 ) do={\r\
\n\r\
\n /ip firewall address-list remove [/ip firewall address-list find list=\
dshield]\r\
\n\r\
\n :global content [/file get [/file find name=block.txt] contents] ;\r\
\n :global contentLen [ :len \$content ] ;\r\
\n\r\
\n :global lineEnd 0;\r\
\n :global line \"\";\r\
\n :global lastEnd 0;\r\
\n\r\
\n :do {\r\
\n :set lineEnd [:find \$content \"\\n\" \$lastEnd ] ;\r\
\n :set line [:pick \$content \$lastEnd \$lineEnd] ;\r\
\n :set lastEnd ( \$lineEnd + 1 ) ;\r\
\n\r\
\n :if ( [:pick \$line 0 1] != \"#\" ) do={\r\
\n\r\
\n :if ([:typeof [:toip [:pick \$line 0 [:find \$line \"\\t\"] ] ] ] !=\
\_\"nil\") do={\r\
\n :local pos1 [:find \$line \"\\t\" 0]\r\
\n :local pos2 [:find \$line \"\\t\" \$pos1]\r\
\n :local pos3 [:find \$line \"\\t\" \$pos2]\r\
\n :log info ( \"DShield Entry: \" . [:pick \$line 0 \$pos1 ] . \"/\"\
\_. [:pick \$line (\$pos2+1) \$pos3 ] )\r\
\n /ip firewall address-list add list=dshield address=( [:pick \$line\
\_0 \$pos1 ] . \"/\" . [:pick \$line (\$pos2+1) \$pos3 ] )\r\
\n } \r\
\n\r\
\n }\r\
\n\r\
\n } while (\$lineEnd < \$contentLen)\r\
\n\r\
\n}\r\
\n\r\
\n##\r\
\n## SPAMHAUS.ORG Drop List\r\
\n##\r\
\n\r\
\n:if ( [/file get [/file find name=drop.lasso] size] > 0 ) do={\r\
\n\r\
\n /ip firewall address-list remove [/ip firewall address-list find list=\
spamhaus.lasso]\r\
\n\r\
\n :global content [/file get [/file find name=drop.lasso] contents] ;\r\
\n :global contentLen [ :len \$content ] ;\r\
\n\r\
\n :global lineEnd 0;\r\
\n :global line \"\";\r\
\n :global lastEnd 0;\r\
\n\r\
\n :do {\r\
\n :set lineEnd [:find \$content \"\\n\" \$lastEnd ] ;\r\
\n :set line [:pick \$content \$lastEnd \$lineEnd] ;\r\
\n :set lastEnd ( \$lineEnd + 1 ) ;\r\
\n\r\
\n :if ( [:pick \$line 0 1] != \";\" ) do={\r\
\n\r\
\n :if ([:len [:pick \$line 0 [:find \$line \";\"] ] ] > 0 ) do={\r\
\n :local pos1 [:find \$line \";\" 0]\r\
\n :local entry [:pick \$line 0 (\$pos1-1) ]\r\
\n :if ( [:len \$entry ] > 0 ) do={\r\
\n :log info \"Lasso Entry: \$entry\"\r\
\n /ip firewall address-list add list=spamhaus.lasso address=\$ent\
ry\r\
\n }\r\
\n } \r\
\n\r\
\n }\r\
\n\r\
\n } while (\$lineEnd < \$contentLen)\r\
\n\r\
\n}"
# aug/09/2009 11:27:47 by RouterOS 3.25
#
/system scheduler
add comment="" disabled=no interval=12h name=fecth-dshield-spamhaus on-event=\
fetch-dshield-spamhaus start-date=jan/01/1970 start-time=06:00:00
# aug/09/2009 11:33:37 by RouterOS 3.25
#
/ip firewall filter
add action=drop chain=forward comment="### DROP Spamhaus-Lasso" disabled=no \
src-address-list=spamhaus.lasso
add action=drop chain=forward comment="### DROP Dshield" \
disabled=no src-address-list=dshield
#