Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


  • Categories
  • Recent
  • Tags
  • Popular
  • Bookmarks
Skins
  • Light
  • Cerulean
  • Cosmo
  • Flatly
  • Journal
  • Litera
  • Lumen
  • Lux
  • Materia
  • Minty
  • Morph
  • Pulse
  • Sandstone
  • Simplex
  • Sketchy
  • Spacelab
  • United
  • Yeti
  • Zephyr
  • Dark
  • Cyborg
  • Darkly
  • Quartz
  • Slate
  • Solar
  • Superhero
  • Vapor

  • Default (No Skin)
  • No Skin
Collapse

Cloudron Forum

Apps | Demo | Docs | Install

Firewall / Spamassassin: Automatic list update

Scheduled Pinned Locked Moved Feature Requests
firewallspamassassin
16 Posts 8 Posters 859 Views
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • necrevistonnezrN Offline
    necrevistonnezrN Offline
    necrevistonnezr
    wrote on last edited by girish
    #1

    @imc67 explained how to block IP ranges from certain countries
    I think it would be useful if such lists (e.g. from https://www.ipdeny.com/ipblocks/) could be kept updated automatically, e.g. by running an update script regularly.

    The same applies for spamassassin lists, e.g. the excellent Spamassassin lists from Heinlein who runs www.mailbox.org

    ruihildtR d19dotcaD MooCloud_MattM 3 Replies Last reply
    5
  • ruihildtR Offline
    ruihildtR Offline
    ruihildt
    replied to necrevistonnezr on last edited by
    #2

    We were talking with @rmdes about it, it would be the best to have a default updated list you can subscribe to instead of each Cloudron admin going over the same process on their own.

    jdaviescoatesJ 1 Reply Last reply
    2
  • jdaviescoatesJ Offline
    jdaviescoatesJ Offline
    jdaviescoates
    replied to ruihildt on last edited by
    #3

    @ruihildt yeah, it'd be great if Cloudron could just subscribe to these lists for us.

    I use Cloudron with Gandi & Hetzner

    1 Reply Last reply
    0
  • d19dotcaD Offline
    d19dotcaD Offline
    d19dotca
    replied to necrevistonnezr on last edited by
    #4

    @necrevistonnezr Fully support this, this would be awesome. Definitely been looking into this recently and realized there's no way to keep it updated automatically from lists like that in Cloudron. Some ability to enter a URL to subscribe to or even just have a few built-in ones that need to be enabled would be fantastic.

    --
    Dustin Dauncey
    www.d19.ca

    1 Reply Last reply
    1
  • girishG Do not disturb
    girishG Do not disturb
    girish Staff
    wrote on last edited by girish
    #5

    Would love to see this as well. The license of ipdeny is also fairly permissive.

    You may NOW re-distribute our zone files and you can freely use our generated IP zone
    files in  your commercial or freeware solutions or services, please read our
    Copyright policy and please comply with our Usage limits policy. Linkback to our
    service is always appreciated and  recommended.
    
    rmdesR 1 Reply Last reply
    1
  • girishG Do not disturb
    girishG Do not disturb
    girish Staff
    wrote on last edited by girish
    #6

    BTW, for mail server, the mail server already uses zen spamhaus. This is enabled by default (and in fact, no way to disable this).

    1 Reply Last reply
    2
  • robiR Offline
    robiR Offline
    robi
    wrote on last edited by
    #7

    The output from mail-tester.com provides ~20 different RBL/SBL lists to check. Could be useful to integrate if they have an API.

    Life of sky tech

    1 Reply Last reply
    1
  • rmdesR Offline
    rmdesR Offline
    rmdes
    replied to girish on last edited by
    #8

    @girish There is the risk those lists are too broad, I just had to remove taiwan zone because one of our forum users could not access it.

    I think if we ever have automatic list update, the source should be a vetted spam ip list not just IP list blocking entire countries..

    rmdesR d19dotcaD 2 Replies Last reply
    1
  • rmdesR Offline
    rmdesR Offline
    rmdes
    replied to rmdes on last edited by
    #9

    @girish @nebulon This repo here seems to be interesting to build on this feature request :
    https://github.com/firehol/blocklist-ipsets
    official site :https://iplists.firehol.org/

    1 Reply Last reply
    2
  • MooCloud_MattM Offline
    MooCloud_MattM Offline
    MooCloud_Matt
    replied to necrevistonnezr on last edited by MooCloud_Matt
    #10

    @necrevistonnezr said in Firewall / Spamassassin: Automatic list update:

    Spamassassin lists from Heinlein

    I think that this config file is mostly oriented on German email, probably if an incoming email is in Italian or French or English wold be completely useless, this is one of the biggest issue in spam protection and having a 0% ham.

    You need custom rules for every language and if you use Rspamd you also need different AI/db for every language.

    Matteo. R.
    Founder and Tech-Support Manager.
    MooCloud MSP
    Swiss Managed Service Provider

    necrevistonnezrN 1 Reply Last reply
    0
  • necrevistonnezrN Offline
    necrevistonnezrN Offline
    necrevistonnezr
    replied to MooCloud_Matt on last edited by
    #11

    @moocloud_matt said in Firewall / Spamassassin: Automatic list update:

    @necrevistonnezr said in Firewall / Spamassassin: Automatic list update:

    Spamassassin lists from Heinlein

    I think that this config file is mostly oriented on German email, probably if an incoming email is in Italian or French or English wold be completely useless, this is one of the biggest issue in spam protection and having a 0% ham.

    You need custom rules for every language and if you use Rspamd you also need different AI/db for every language.

    I don't think so. Looking into their body cf file, you see entries like this, I'd say more than half is English:

    body HS_BODY_2021		/Today is the last day to order a custom print for Christmas delivery/
    describe HS_BODY_2021		Heinlein Support Spamschutz Body-2021 Spam
    score HS_BODY_2021		10
    
    body HS_BODY_2023		/Need a little help finding the right piece? Our curators are here to help/
    describe HS_BODY_2023		Heinlein Support Spamschutz Body-2023 Spam
    score HS_BODY_2023		10
    
    body HS_BODY_2026		/Shop now - no minimums or promo required. Sale ends Tuesday/
    describe HS_BODY_2026		Heinlein Support Spamschutz Body-2026 Spam
    score HS_BODY_2026		10
    
    body HS_BODY_2028		/globalgallery.us5.list-manage.com/
    describe HS_BODY_2028		Heinlein Support Spamschutz Body-2028 Spam
    score HS_BODY_2028		10
    
    body HS_BODY_2029		/ausmisten, die Ablage wegsortieren, den Jahresurlaub buchen oder auch/
    describe HS_BODY_2029		Heinlein Support Spamschutz Body-2029 Spam
    score HS_BODY_2029		3
    
    body HS_BODY_2032		/Ciao!  https:..betcb.com/
    describe HS_BODY_2032		Heinlein Support Spamschutz Body-2032 Spam
    score HS_BODY_2032		5
    
    body HS_BODY_2037		/If you ignored this email your account will be Officially Permanently disabled the next/
    describe HS_BODY_2037		Heinlein Support Spamschutz Body-2037 Phishing
    score HS_BODY_2037		5
    
    body HS_BODY_2040		/from AppleID./
    describe HS_BODY_2040		Heinlein Support Spamschutz Body-2040 pHISHING
    score HS_BODY_2040		5
    
    body HS_BODY_2043		/http\:\/\/datingx\.co/
    describe HS_BODY_2043		Heinlein Support Spamschutz Body-2043 Spam
    score HS_BODY_2043		5
    
    body HS_BODY_2045		/as one of the final recipients of the Mega million Bonanza funding/
    describe HS_BODY_2045		Heinlein Support Spamschutz Body-2045 Spam
    score HS_BODY_2045		5
    
    body HS_BODY_2048		/A Sophisticated Automated Database to Randomly select/
    describe HS_BODY_2048		Heinlein Support Spamschutz Body-2048 Spam
    score HS_BODY_2048		5
    
    body HS_BODY_2050		/ We Embarked on a worldwide promotion for Disabled, Employed and Unemployed Workers, Retired, Young and Old people/
    describe HS_BODY_2050		Heinlein Support Spamschutz Body-2050 Spam
    score HS_BODY_2050		5
    
    body HS_BODY_2051		/the On-line director of the Mega millions Bonanza funding imposed by the United State Government/
    describe HS_BODY_2051		Heinlein Support Spamschutz Body-2051 Spam
    score HS_BODY_2051		5
    
    body HS_BODY_2052		/Ihr Paket ist gerade in unserer Zentrale eingetroffen, aber wir k/
    describe HS_BODY_2052		Heinlein Support Spamschutz Body-2052 Spam
    score HS_BODY_2052		3
    
    body HS_BODY_2053		/Content-Disposition: attachment; filename=DHL.*PDF.iso;/
    describe HS_BODY_2053		Heinlein Support Spamschutz Body-2053 Phishing
    score HS_BODY_2053		5
    
    body HS_BODY_2054		/http.*\.icu\/ub\.php\?/
    describe HS_BODY_2054		Heinlein Support Spamschutz Body-2054 Spam
    score HS_BODY_2054		2
    
    body HS_BODY_2056		/http...www.db-onlinemarketing.net/
    describe HS_BODY_2056		Heinlein Support Spamschutz Body-2056 Spammer
    score HS_BODY_2056		4
    
    body HS_BODY_2059		/Firmendatenbank GC-Contact/
    describe HS_BODY_2059		Heinlein Support Spamschutz Body-2059 Spam
    score HS_BODY_2059		2
    
    body HS_BODY_2061		/Eine Investition in die Firmenadressen macht sich sofort bezahlt. Sie erwerben das Nutzungsrecht am kompletten Adressenpaket./
    describe HS_BODY_2061		Heinlein Support Spamschutz Body-2061 Spam
    score HS_BODY_2061		2
    
    1 Reply Last reply
    0
  • d19dotcaD Offline
    d19dotcaD Offline
    d19dotca
    replied to rmdes on last edited by
    #12

    @rmdes said in Firewall / Spamassassin: Automatic list update:

    source should be a vetted spam ip list

    My two cents... Cloudron should not be responsible for vetting the list. It should be (ideally) as simple as admins enabling/disabling lists that are pre-packaged by Cloudron in case they can't just allow any dataset to be used, or we'd be able to throw in our own links to files updated by various vendors such as those from Firehol for example.

    I think that's what you meant, but wanted to clarify in case, as I would hate to see Cloudron being responsible for doing any kind of manual vetting, that should definitely be on admins to do. Cloudron just needs to allow access to the lists and we then go from there as admins.

    --
    Dustin Dauncey
    www.d19.ca

    1 Reply Last reply
    0
  • d19dotcaD Offline
    d19dotcaD Offline
    d19dotca
    wrote on last edited by
    #13

    There's even a list for Cloudron team to use for this forum 😉 haha

    https://iplists.firehol.org/?ipset=stopforumspam

    Now imagine if that could be used in the firewall automatically. Would be awesome.

    --
    Dustin Dauncey
    www.d19.ca

    rmdesR 1 Reply Last reply
    3
  • rmdesR Offline
    rmdesR Offline
    rmdes
    replied to d19dotca on last edited by
    #14

    @d19dotca Yes that's what I meant, hence the lists I suggested: https://forum.cloudron.io/post/20010

    rmdesR 1 Reply Last reply
    0
  • rmdesR Offline
    rmdesR Offline
    rmdes
    replied to rmdes on last edited by
    #15

    The more I read about FireHol the more I wish this was backed into cloudron install directly, it seems to me that Firehol is a great source to rely for blocking bad IP's

    necrevistonnezrN 1 Reply Last reply
    4
  • necrevistonnezrN Offline
    necrevistonnezrN Offline
    necrevistonnezr
    replied to rmdes on last edited by
    #16

    @girish
    Did anything come of this...?

    1 Reply Last reply
    2

  • Login

  • Don't have an account? Register

  • Login or register to search.
  • First post
    Last post
0
  • Categories
  • Recent
  • Tags
  • Popular
  • Bookmarks
  • Login

  • Don't have an account? Register

  • Login or register to search.