[Announce] spews2fw-0.4

Contributed by Dengue on 2002-11-28 from the spam-haters dept.

"Those of you that run a firewall or several, might be interested in this tool. spews2fw, is based on an example from Harry at spamcop.net, which will automatically download the level 1 or 2 listings from spews.org, parse, sort, and remove duplicates. It will then generate firewall rulesets for ipchains, iptables, pf, ipf, Sun SunScreen, and Cisco. Please, check it out, and if you have issues or suggestions, please let me know. Robert Maxwell rmaxwell@madripoor.org "

Personally, anything that slows down or stops spammers is high on my list. Here's a link to the software: http://www.madripoor.org/Downloads/downloads.html .

(Comments are closed)

Comments

By jizzmopper () on 2002-11-28 23:59

This story was posted about a month ago. It's a nice tool, but tends to generate several thousand pf rules which can be fun to navigate.
By Anonymous Coward () on 2002-11-30 23:11

Looking at the file of spammers is daunting! I think from Daniels performance paper pf scales well with more rules, but I have no personal experience.

One could do the same with a combination of awk and sort and uniq, but the overall framework is a good way to automate the entire process.

Does anyone else find it ironic that the original idea came from an OpenBSD posting, and now is issued under the GNU license? That is the Linux way, the BSD way is the one most prevalent around these parts.

What we now need is a Webalizer for pf, that will tell you where all these spams are coming from and draw nice charts and graphs to show where all your stuff is getting blocked or allowed.
By jose () on 2002-12-01 05:07

so i did some work over the past 6 months to look at better spam filters. one of the things i looked at was sources and paths as a possible filtering method. i used to filter a lot on sources and source domains. i no longer do. if you look at my website you'll see some graphs i have put up of spam analysis. you'll quickly see that about 80% of the spam comes to me from unique paths and addresses. this isn't uncommon. as such, if you want to try and keep up, you'll always be adding rules, but to no real avail. there are better ways at the application layer to filter for spam which are more adaptable.

Latest Articles

Thu, Apr 18
- 05:05 Coming soon to a -current system near you: parallel raw IP input (0)
Wed, Apr 17
- 05:33 In -current, default write format for tar(1) changed to "pax" (10)
Wed, Apr 10
- 18:50 OpenSMTPD 7.5.0p0 Released (2)
Tue, Apr 09
- 04:49 20 years since "and we're just starting": undeadly.org turns 20 (2024-04-09) (13)
Fri, Apr 05
- 06:16 OpenBSD 7.5 released (3)
Thu, Mar 28
- 18:18 LibreSSL 3.8.4 and 3.9.1 released (0)
Tue, Mar 12
- 06:53 OpenSSH 9.7/9.7p1 released! (0)
Mon, Mar 11
- 11:28 Game of Trees 0.97 released (0)
Sun, Mar 10
- 09:06 LibreSSL versions 3.8.3 and 3.9.0 released (0)

Credits

Copyright © 2004-2008 Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to April 2nd 2004 as well as images and HTML templates were copied from the fabulous original deadly.org with Jose's and Jim's kind permission. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]