Linux-Bulgaria.ORG

навигация

начало

пощенски списък

архив на групата

По Дата

Re: lug-bg: osoben tip spam

Subject: Re: lug-bg: osoben tip spam
From: vlk@email.domain.hidden (Vesselin Kolev)
Date: Thu, 29 May 2003 13:17:56 +0300


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Sorry:( otnesoh se... Eto pochvam.

Az shte govoria tuk samo za dnsbl. Black list, koito e baziran samo na
proverka na IP adresite na iniciatorite na SMTP sesii kym MTA.

rhsbl, koiti sa bazirani na formata i sydyrzhanieto na poshtenskia adres
shte obsydia utre ili drug pyt, shtoto dnes za tova niama da mi stigne
i vremeto.

================================================================
                     -> DNSBL

Pyrvo software-a koito sym izpolzval. 

Kogato zapochnah izgrazhdaneto na lista, rabotih s ISC BIND  9.2.1. V momenta 
sym s ISC BIND 9.2.2. Mashinata, na koiato se poddryzha lista e sys
slednite paramtri:

OS: Mandrake Linux 8.2, kernel 2.4.18-6mdk
CPU: PII 333 MHz 
RAM:  64MB SDRAM 
HDD: 10.5GB
FS: ext2

Mashinata e svyrzana v 100 Mbps LAN s poddryzhanite ot men MTA (obshto
5 na broi).

Configuracionen file na BIND: /etc/named.conf
Hranilishte za zonalnite file-ove: /var/named/dnsbl

Configuracionen segment za DNSBL vyv file-a /etc/named.conf

zone "dnsbl.vpn.lcpe.uni-sofia.bg" {
type master;
   file "/var/named/dnsbl/dnsbl.vpn.lcpe.uni-sofia.bg";
   allow-query { internals;};
   allow-transfer { none;};
};

VNIMANIE!!! Edin ot malkoto sluchai, kogato ne biva da se razreshava
svoboden transfer na zoni e sluchaia sys dnsbl. Prichinata e, che
spamerite mogat da izpolzvat informaciata tam za da nameriat openrelay
hostove i da gi izpolzvat.

Osobenoto pri men e, che az polzvam samo edin centalen DNS server,
i niamam slave serveri za imena. Tova e poradi konrektnata situacia. V 
osbhtia sluchai traibva da se poddyrzha slave mrezha ot serveri za imena,
osobeno ako se raboti pri golemi natovarvania.

#######################
VNIMANIE: Tova, koeto vizhdate kato konfiguracia se otnasia samo i
edinstveno za localen DNSBL. Tozi list ne vkliuchva prepratki kym
publichni svobodni ili comersailno black lists!
#######################

#######################
#######################
MNOGO GOLIAMO VNIMANIE!
Ako ste ISP i poddryzhate naeti linii i imate mail hub, ne vkliuchvaite tozi
mail hub kym DNSBL, koito gradite i izobshto kym niakakyv blacklist! Tova
mozhe da dovede do konflikti mezhdu vas i klientite. Opityt sochi, che e
po-dobre da ima dva mail hub-a za fortifikacionna shema na vhodiashtata
poshta: edinia da e obvyrzan s black list, a drugia ne i klientite sami da
izbirat prez koi ot dvata mail hub-a shte minat kato bydat izrichno 
predopredeni za koliziite, koito mogat da se poluchat.
#######################
#######################

Syntax na RR v zonata na blacklista. 
   
  V zonata na dnsbl se praviat PTR resursni zapisi sypytstvani s TXT RR s
ukazatel za prichinata za pribavianeto na narushitelia ili s ukazvane na
link, kydeto mozhe da byde poluchena informacia za prichinata za postavaneto
na daden IP adres v zonata.

V obsht vid syntax traibva da e

$ORIGIN vashia.dnsbl.domain.
xxx.yyy.zzz.qqq   PTR  127.0.0.x
xxx.yyy.zzz.qqq   TXT  "obiasnenie ili nasochvane"

Konvencia za izpolzvane na PTR ukazatelite.

  PTR RR traiva da ukazva okteten zapis ot tipa na
127.0.0.2, 127.0.0.3 i t.n... Niama tochno opredeleno pravilo za upotreba
na ukazatelite, zatova vseki blacklist opisva na web site-a si ili drugade
znachenieto na vseki ukazatel. Naprimer:

    *  127.0.0.2 - open relays
    * 127.0.0.3 - dial-up/dynamic IP ranges
    * 127.0.0.4 - Spam Sources
      This will include both commercial spammers as well as some dial-up 
direct-to-mx spammers and open proxies as it's not always possible to 
differentiate between these sources. For commercial spammers, once we have 
spam on file from some of their IPs, we may add their entire IP range if it 
can be reliably determined.
    * 127.0.0.5 Multi-stage open relays
      Before adding multi-stage open relays to our list, we make an attempt to 
notify the NIC contacts for their IP space and give them at least one week to 
fix their systems.
    * 127.0.0.8 Systems with insecure formmail.cgi or similar CGI scripts 
which turn them into open relays
      This includes the output IP when a server with an insecure formmail CGI 
smarthosts outgoing email through another server or servers.
    * 127.0.0.9 Open proxy servers

   i t.n...

Vyzmozhni sa i drugi konvencii. Niakoi software-i mogat da se suobraziavat
s konvenciite, ako tova tova byde ukazano. Shte stane tvyrde dylgo, ako 
pochna da opisvam. Niakoi dnsbl izpolzvat samo edin ukazatel. Edna selekcia
na ednoukazatelni dnsbl mozhete da vidite na adres:

http://www.declude.com/JunkMail/Support/ip4r.htm

<p><p>Prevencii.

    Filtriraite adresnite prostranstva po RFC 1918, ako ne ochakvate vryzki ot 
IP adresi v tehnia systav za predavane na mail kym vashi MTA. Tova mozhe da
byde napraveno i po interace-i. Filtriraite syshto taka multikast adresnite
prostranstva otkym dostyp do 25/tcp (ako razbira se shte filtrirate samo
e-mail).

<p>Postaviane na zapis za proverka.

   Za da proverite dali deistva vashata zona mozhete da postavite slednia
zapis:

$ORIGIN vashia.dnsbl.domain.
17.0.0.127 PTR 127.0.0.2
17.0.0.127 PTR "Test"

Posle se opitaite s dig, host ili nslookup da izvlechete PTR zapis za

17.0.0.127.vashia.dnsbl.domain. 

Ako zadadete i type txt na zaiavkata shte poluchite i 

Test

   Ako tazi informacia vi se struva malko.. pishete, mozhe da napisha i
oshte. Za shemata na managirane na zapisite, shte pisha posle, prosto
dosta rabotno vreme gylta takova opisanie.

  Pozdravi
      Vesselin Kolev
 

On Thursday 29 May 2003 11:05, Ñòîÿí Öàëåâ wrote:
<em class="quotelev1">> Àõì,(ïîêàøëÿíå...),àç äà íàïîìÿ íà Âåñêî Êîëåâ äà äðàñíå íÿêîé ðåä äà êàæå
<em class="quotelev1">> êàê å ïðè íåãî :)
<em class="quotelev1">>
<em class="quotelev1">> Stockton
<em class="quotelev1">>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)

iD8DBQE+1d5a+48lZPXaa+MRArVkAKD5jLbZoAAcPsOjt0tuYMjXYlP9swCgwRly
j/znEUwdLd+QiAn7uwcIIzs=
=MD2Z
-----END PGP SIGNATURE-----

============================================================================
A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers).
http://www.linux-bulgaria.org - Hosted by Internet Group Ltd. - Stara Zagora
To unsubscribe: http://www.linux-bulgaria.org/public/mail_list.html
============================================================================

Относно:
- Re: lug-bg: osoben tip spam
  - Изпратено от: stockton@email.domain.hidden (�� )

Предишно по дата: Re: lug-bg: Seminar & Distro's
Следващо по дата: Re: lug-bg: �� 
Предишно по тема: Re: lug-bg: osoben tip spam
Следващо по тема: Re: lug-bg: osoben tip spam
Индекс:
- По дата
- По тема

наши приятели

линукс за българи
http://linux-bg.org

FSA-BG
http://fsa-bg.org

OpenFest
http://openfest.org

FreeBSD BG
http://bg-freebsd.org

KDE-BG
http://kde.fsa-bg.org/

Gnome-BG
http://gnome.cult.bg/

проект OpenFMI
http://openfmi.net

NetField Forum
http://netField.ludost.net/forum/

Linux-Bulgaria.ORG