Hi,
On June 12, 2012, Spamhaus added an extended DROP (EDROP) list to be used along with the DROP list. The EDROP list is located here - http://www.spamhaus.org/drop/edrop.txt. Information about the list is here - http://www.spamhaus.org/drop/.
Currently the list has 12 entries.
Thanks for your consideration.
Terry
Addition of Spamhaus extended DROP (EDROP) list
Re: Addition of Spamhaus extended DROP (EDROP) list
Hi Terryr,
I created an unofficial patch to your request. Can you be try this patch into your csf 5.59.
Cheers,
I created an unofficial patch to your request. Can you be try this patch into your csf 5.59.
Code: Select all
--- csf.conf-ok 2012-07-10 23:22:36.000000000 -0300
+++ csf.conf-spamhause 2012-07-16 15:49:16.000000000 -0300
@@ -185,7 +185,7 @@
# SMTP_BLOCK is only applied if port 25 is included in TCP6_OUT
#
# Not supported:
-# DYNDNS, CC_DENY, CC_ALLOW, CC_ALLOW_FILTER, LF_DSHIELD, LF_SPAMHAUS,
+# DYNDNS, CC_DENY, CC_ALLOW, CC_ALLOW_FILTER, LF_DSHIELD, LF_SPAMHAUS, LF_SPAMHAUS_E
# SYNFLOOD, PORTFLOOD, DYNDNS, ICMP_IN, ICMP_OUT, LF_NETBLOCK, MESSENGER,
# CC_IGNORE, CONNLIMIT
#
@@ -544,6 +544,18 @@
# is in the same format as the drop list
LF_SPAMHAUS_URL = "h t t p : / / www . spamhaus . org/drop/drop.lasso"
+# Enable IP range blocking using the Spamhaus Extended DROP List at
+# http:// www . spamhaus . org/drop/edrop.txt
+# To enable this feature, set the following to the interval in seconds that you
+# want the block list updated. The list is reasonably static during the length
+# of a day, so it would be appropriate to only update once every 24 hours, so
+# a value of "86400" is recommended
+LF_SPAMHAUS_E = "86400"
+
+# The Spamhaus Extended DROP List URL. If you change this to something else be sure it
+# is in the same format as the drop list
+LF_SPAMHAUS_E_URL = "h t t p : / / www . spamhaus . org/drop/edrop.txt"
+
# Enable IP range blocking using the BOGON List at
# http://www . cymru . com/Bogons/
# To enable this feature, set the following to the interval in seconds that you
--- csf. pl-ok 2012-03-31 13:03:25.000000000 -0300
+++ csf. pl-spamhause 2012-07-16 15:52:13.000000000 -0300
@@ -457,11 +457,12 @@
if ($config{LF_DSHIELD}) {&syscommand(__LINE__,"$config{IPTABLES} $verbose -N DSHIELD")}
if ($config{LF_SPAMHAUS}) {&syscommand(__LINE__,"$config{IPTABLES} $verbose -N SPAMHAUS")}
+ if ($config{LF_SPAMHAUS_E}) {&syscommand(__LINE__,"$config{IPTABLES} $verbose -N SPAMHAUS_E")}
if ($config{LF_BOGON}) {&syscommand(__LINE__,"$config{IPTABLES} $verbose -N BOGON")}
if ($config{CC_ALLOW_FILTER}) {&syscommand(__LINE__,"$config{IPTABLES} $verbose -N CC_ALLOWF")}
if ($config{CC_ALLOW}) {&syscommand(__LINE__,"$config{IPTABLES} $verbose -N CC_ALLOW")}
if ($config{CC_DENY}) {&syscommand(__LINE__,"$config{IPTABLES} $verbose -N CC_DENY")}
- if (($config{LF_SPAMHAUS} or $config{LF_DSHIELD} or $config{LF_BOGON}) and ($config{DROP_IP_LOGGING})) {&syscommand(__LINE__,"$config{IPTABLES} $verbose -N BLOCKDROP")}
+ if (($config{LF_SPAMHAUS} or $config{LF_SPAMHAUS_E} or $config{LF_DSHIELD} or $config{LF_BOGON}) and ($config{DROP_IP_LOGGING})) {&syscommand(__LINE__,"$config{IPTABLES} $verbose -N BLOCKDROP")}
if (($config{CC_DENY} or $config{CC_ALLOW_FILTER}) and $config{DROP_IP_LOGGING}) {&syscommand(__LINE__,"$config{IPTABLES} $verbose -N CCDROP")}
if ($config{GLOBAL_ALLOW}) {&syscommand(__LINE__,"$config{IPTABLES} $verbose -N GALLOWIN")}
if ($config{GLOBAL_ALLOW}) {&syscommand(__LINE__,"$config{IPTABLES} $verbose -N GALLOWOUT")}
@@ -522,12 +523,12 @@
&syscommand(__LINE__,"$config{IP6TABLES} $verbose -A LOGDROPIN -p icmpv6 -m limit --limit 30/m --limit-burst 5 -j $logmodule 'Firewall: *ICMP6IN Blocked* '");
&syscommand(__LINE__,"$config{IP6TABLES} $verbose -A LOGDROPOUT -p icmpv6 -m limit --limit 30/m --limit-burst 5 -j $logmodule 'Firewall: *ICMP6OUT Blocked* '");
}
- if (($config{LF_SPAMHAUS} or $config{LF_DSHIELD} or $config{LF_BOGON}) and ($config{DROP_IP_LOGGING})) {&syscommand(__LINE__,"$config{IPTABLES} $verbose -A BLOCKDROP -m limit --limit 30/m --limit-burst 5 -j $logmodule 'Firewall: *BLOCK_LIST* '");}
+ if (($config{LF_SPAMHAUS} or $config{LF_SPAMHAUS_E} or $config{LF_DSHIELD} or $config{LF_BOGON}) and ($config{DROP_IP_LOGGING})) {&syscommand(__LINE__,"$config{IPTABLES} $verbose -A BLOCKDROP -m limit --limit 30/m --limit-burst 5 -j $logmodule 'Firewall: *BLOCK_LIST* '");}
if (($config{CC_DENY} or $config{CC_ALLOW_FILTER}) and $config{DROP_IP_LOGGING}) {&syscommand(__LINE__,"$config{IPTABLES} $verbose -A CCDROP -m limit --limit 30/m --limit-burst 5 -j $logmodule 'Firewall: *CC_DENY* '");}
if ($config{PORTFLOOD}) {&syscommand(__LINE__,"$config{IPTABLES} $verbose -A PORTFLOOD -m limit --limit 30/m --limit-burst 5 -j $logmodule 'Firewall: *Port Flood* '");}
}
if ($config{CONNLIMIT} and $config{CONNLIMIT_LOGGING}) {&syscommand(__LINE__,"$config{IPTABLES} $verbose -A CONNLIMIT -m limit --limit 30/m --limit-burst 5 -j $logmodule 'Firewall: *ConnLimit* '");}
- if (($config{LF_SPAMHAUS} or $config{LF_DSHIELD} or $config{LF_BOGON}) and ($config{DROP_IP_LOGGING})) {&syscommand(__LINE__,"$config{IPTABLES} $verbose -A BLOCKDROP -j $config{DROP}");}
+ if (($config{LF_SPAMHAUS} or $config{LF_SPAMHAUS_E} or $config{LF_DSHIELD} or $config{LF_BOGON}) and ($config{DROP_IP_LOGGING})) {&syscommand(__LINE__,"$config{IPTABLES} $verbose -A BLOCKDROP -j $config{DROP}");}
if (($config{CC_DENY} or $config{CC_ALLOW_FILTER}) and $config{DROP_IP_LOGGING}) {&syscommand(__LINE__,"$config{IPTABLES} $verbose -A CCDROP -j $config{DROP}");}
&syscommand(__LINE__,"$config{IPTABLES} $verbose -A LOGDROPIN -j $config{DROP}");
&syscommand(__LINE__,"$config{IPTABLES} $verbose -A LOGDROPOUT -j $config{DROP}");
@@ -1364,6 +1365,25 @@
&syscommand(__LINE__,"$config{IPTABLES} $verbose -A LOCALINPUT $ethdevin -j SPAMHAUS");
}
+ if ($config{LF_SPAMHAUS_E}) {
+ if (-e "/etc/csf/csf.spamhaus_e") {
+ my $drop = $config{DROP};
+ if ($config{DROP_IP_LOGGING}) {$drop = "BLOCKDROP"}
+ open (IN, "</etc/csf/csf.spamhaus_e") or &error(__LINE__,"Could not open /etc/csf/csf.spamhaus_e: $!");
+ flock (IN, LOCK_SH) or &error(__LINE__,"Could not lock /etc/csf/csf.spamhaus_e: $!");
+ my @spamhaus_e = <IN>;
+ close (IN) or &error(__LINE__,"Could not close /etc/csf/csf.spamhaus_e: $!");
+ chomp @spamhaus_e;
+ foreach my $line (@spamhaus_e) {
+ my ($ip,$comment) = split (/\s/,$line,2);
+ if (&checkip($ip)) {
+ &syscommand(__LINE__,"$config{IPTABLES} $verbose -I SPAMHAUS_E -s $ip -j $drop");
+ }
+ }
+ }
+ &syscommand(__LINE__,"$config{IPTABLES} $verbose -A LOCALINPUT $ethdevin -j SPAMHAUS_E");
+ }
+
$config{CC_DENY} =~ s/\s//g;
if ($config{CC_DENY}) {
foreach my $cc (split(/\,/,$config{CC_DENY})) {
@@ -2918,6 +2938,7 @@
my @chains = ("INPUT","LOCALINPUT","LOGDROPIN");
if ($config{LF_DSHIELD}) {push @chains,"DSHIELD"}
if ($config{LF_SPAMHAUS}) {push @chains,"SPAMHAUS"}
+ if ($config{LF_SPAMHAUS_E}) {push @chains,"SPAMHAUS_E"}
if ($config{LF_BOGON}) {push @chains,"BOGON"}
if ($config{PACKET_FILTER}) {push @chains,"INVALID","INVDROP"}
if ($config{CC_ALLOW_FILTER}) {push @chains,"CC_ALLOWF"}
--- lfd. pl-orig 2012-07-09 13:15:53.000000000 -0300
+++ lfd. pl-spamahause 2012-07-16 15:57:03.000000000 -0300
@@ -27,7 +27,7 @@
$count, %config, %logfiles, $childpid, $childcnt, %logintimeout, $cidr,
%loginproto, $cttimeout, %ips, %ifaces, $scriptline, @cidrs, %pskip,
%scripts, $scripttimeout, %blockedips, $pttimeout, %skip, $csftimeout,
- $dshieldtimeout, $spamhaustimeout, $dirwatchtimeout, @suspicious,
+ $dshieldtimeout, $spamhaustimeout, $spamhaus_e_timeout, $dirwatchtimeout, @suspicious,
%skipfile, %sfile, %nofiles, @matchfile, $toomanymatches, $pidino,
%dirwatchfile, $dirwatchfiletimeout, %skipuser, $globaltimeout,
%skipscript, %ports, $smtptimeout, $dyndnstimeout, @lfsize, $hostshort,
@@ -458,6 +458,15 @@
&spamhaus;
$spamhaustimeout = 0;
}
+if ($config{LF_SPAMHAUS_E}) {
+ &logfile("SPAMHAUS_E Tracking...");
+ if ($config{LF_SPAMHAUS_E} < 3600) {
+ &logfile("LF_SPAMHAUS_E refresh increased to 3600 to prevent blacklisting (csf.conf setting: $config{LF_SPAMHAUS_E})");
+ $config{LF_SPAMHAUS_E} = 3600;
+ }
+ &spamhaus_e;
+ $spamhaus_e_timeout = 0;
+}
if ($config{CC_DENY} or $config{CC_ALLOW} or $config{CC_ALLOW_FILTER} or $config{CC_IGNORE}) {
&logfile("Country Code Filters...");
&countrycode;
@@ -1182,6 +1191,14 @@
}
}
+ if ($config{LF_SPAMHAUS_E}) {
+ $spamhaus_e_timeout+=$duration;
+ if ($spamhaus_e_timeout >= $config{LF_SPAMHAUS_E}) {
+ $spamhaus_e_timeout = 0;
+ &spamhaus_e;
+ }
+ }
+
if ($config{CC_DENY} or $config{CC_ALLOW} or $config{CC_ALLOW_FILTER} or $config{CC_IGNORE}) {
$cctimeout+=$duration;
if ($cctimeout >= 3600) {
@@ -3879,6 +3896,81 @@
}
# end spamhaus
###############################################################################
+# start spamhaus_e
+sub spamhaus_e {
+ my $getlist = 0;
+ if (-e "/etc/csf/csf.spamhaus_e") {
+ my $mtime = (stat("/etc/csf/csf.spamhaus_e"))[9];
+ my $listtime = (time - $mtime);
+ if ($listtime >= $config{LF_SPAMHAUS_E}) {$getlist = 1}
+ } else {$getlist = 1}
+
+ if ($getlist) {
+ unless ($config{OLD_REAPER}) {$SIG{CHLD} = 'IGNORE';}
+ unless (defined ($childpid = fork)) {
+ &cleanup(__LINE__,"*Error* cannot fork: $!");
+ }
+ unless ($childpid) {
+ my $timer = time;
+ if ($config{DEBUG} >= 3) {$timer = &timer("start","spamhaus_e",$timer)}
+ $0 = "lfd - retrieving spamhaus_e blocklist";
+
+ my $lockstr = "LF_SPAMHAUS_E";
+ sysopen (THISLOCK, "/etc/csf/lock/$lockstr.lock", O_RDWR | O_CREAT) or &childcleanup("*Error* Unable to open /etc/csf/lock/$lockstr.lock");
+ flock (THISLOCK, LOCK_EX | LOCK_NB) or &childcleanup("*Lock Error* [$lockstr] still active - section skipped");
+
+ my ($status, $text) = &urlget($config{LF_SPAMHAUS_E_URL});
+ if ($status) {
+ &logfile("SPAMHAUS_E: Unable to retrieve spamhaus_e block list - $text");
+ exit;
+ }
+
+ if (&csflock) {&lockfail("LF_SPAMHAUS_E")}
+ &logfile("SPAMHAUS_E - retrieved and blocking IP address ranges");
+ my $drop = $config{DROP};
+ if ($config{DROP_IP_LOGGING}) {$drop = "BLOCKDROP"}
+
+ if ($config{SAFECHAINUPDATE}) {
+ &syscommand(__LINE__,"$config{IPTABLES} -N NEWSPAMHAUS_E");
+ } else {
+ &syscommand(__LINE__,"$config{IPTABLES} -F SPAMHAUS_E");
+ }
+ sysopen (SPAMHAUS_E, "/etc/csf/csf.spamhaus_e", O_WRONLY | O_CREAT) or &childcleanup(__LINE__,"*Error* Cannot open out file: $!");
+ flock (SPAMHAUS_E, LOCK_EX);
+ seek (SPAMHAUS_E, 0, 0);
+ truncate (SPAMHAUS_E, 0);
+ foreach my $line (split (/\n/,$text)) {
+ if ($line =~ /^\#/) {next}
+ if ($line =~ /^([\d\.\/]+)\s+/) {
+ my $iprange = $1;
+ if ($iprange) {
+ print SPAMHAUS_E "$iprange\n";
+ if ($config{SAFECHAINUPDATE}) {
+ &syscommand(__LINE__,"$config{IPTABLES} -I NEWSPAMHAUS_E -s $iprange -j $drop");
+ } else {
+ &syscommand(__LINE__,"$config{IPTABLES} -I SPAMHAUS_E -s $iprange -j $drop");
+ }
+ }
+ }
+ }
+ close (SPAMHAUS_E);
+ if ($config{SAFECHAINUPDATE}) {
+ &syscommand(__LINE__,"$config{IPTABLES} -A LOCALINPUT $ethdevin -j NEWSPAMHAUS_E");
+ &syscommand(__LINE__,"$config{IPTABLES} -D LOCALINPUT $ethdevin -j SPAMHAUS_E");
+ &syscommand(__LINE__,"$config{IPTABLES} -F SPAMHAUS_E");
+ &syscommand(__LINE__,"$config{IPTABLES} -X SPAMHAUS_E");
+ &syscommand(__LINE__,"$config{IPTABLES} -E NEWSPAMHAUS_E SPAMHAUS_E");
+ }
+
+ close (THISLOCK);
+ if ($config{DEBUG} >= 3) {$timer = &timer("stop","spamhaus_e",$timer)}
+ $0 = "lfd - child closing";
+ exit;
+ }
+ }
+}
+# end spamhaus_e
+###############################################################################
# start countrycode
sub countrycode {
my $force = shift;
Re: Addition of Spamhaus extended DROP (EDROP) list
My apologies for not responding sooner. Was on vacation.
Applied the patch and restarted CSF and LFD. All seems to be working fine.
Output from CSF restart with regards to Spamhaus EDROP:
SPAMHAUS_E all opt -- in !lo out * 0.0.0.0/0 -> 0.0.0.0/0
DROP all opt -- in * out * 0.0.0.0/8 -> 0.0.0.0/0
DROP all opt -- in * out * 10.0.0.0/8 -> 0.0.0.0/0
DROP all opt -- in * out * 100.64.0.0/10 -> 0.0.0.0/0
DROP all opt -- in * out * 127.0.0.0/8 -> 0.0.0.0/0
DROP all opt -- in * out * 169.254.0.0/16 -> 0.0.0.0/0
DROP all opt -- in * out * 172.16.0.0/12 -> 0.0.0.0/0
DROP all opt -- in * out * 192.0.0.0/24 -> 0.0.0.0/0
DROP all opt -- in * out * 192.0.2.0/24 -> 0.0.0.0/0
DROP all opt -- in * out * 192.168.0.0/16 -> 0.0.0.0/0
DROP all opt -- in * out * 198.18.0.0/15 -> 0.0.0.0/0
DROP all opt -- in * out * 198.51.100.0/24 -> 0.0.0.0/0
DROP all opt -- in * out * 203.0.113.0/24 -> 0.0.0.0/0
DROP all opt -- in * out * 224.0.0.0/3 -> 0.0.0.0/0
Thanks so much for your help.
Terry
Applied the patch and restarted CSF and LFD. All seems to be working fine.
Output from CSF restart with regards to Spamhaus EDROP:
SPAMHAUS_E all opt -- in !lo out * 0.0.0.0/0 -> 0.0.0.0/0
DROP all opt -- in * out * 0.0.0.0/8 -> 0.0.0.0/0
DROP all opt -- in * out * 10.0.0.0/8 -> 0.0.0.0/0
DROP all opt -- in * out * 100.64.0.0/10 -> 0.0.0.0/0
DROP all opt -- in * out * 127.0.0.0/8 -> 0.0.0.0/0
DROP all opt -- in * out * 169.254.0.0/16 -> 0.0.0.0/0
DROP all opt -- in * out * 172.16.0.0/12 -> 0.0.0.0/0
DROP all opt -- in * out * 192.0.0.0/24 -> 0.0.0.0/0
DROP all opt -- in * out * 192.0.2.0/24 -> 0.0.0.0/0
DROP all opt -- in * out * 192.168.0.0/16 -> 0.0.0.0/0
DROP all opt -- in * out * 198.18.0.0/15 -> 0.0.0.0/0
DROP all opt -- in * out * 198.51.100.0/24 -> 0.0.0.0/0
DROP all opt -- in * out * 203.0.113.0/24 -> 0.0.0.0/0
DROP all opt -- in * out * 224.0.0.0/3 -> 0.0.0.0/0
Thanks so much for your help.
Terry
Re: Addition of Spamhaus extended DROP (EDROP) list
A variation on this will be included in the next csf release.
Re: Addition of Spamhaus extended DROP (EDROP) list
Great. Thanks.
Terry
Terry
-
- Moderator
- Posts: 1524
- Joined: 01 Oct 2008, 09:24
Re: Addition of Spamhaus extended DROP (EDROP) list
Support for this was added to v5.60:
http://blog.configserver.com/index.php?itemid=667
http://blog.configserver.com/index.php?itemid=667