Date: Thu, 3 Nov 2005 13:51:40 +0200 From: "Ion-Mihai "IOnut" Tetcu" <itetcu@people.tecnik93.com> To: "FreeBSD gnats submit" <FreeBSD-gnats-submit@FreeBSD.org> Subject: ports/88446: [NEW PORT] mail/rabl_server: Reactive Autonomous Blackhole List server Message-ID: <1131018700.0@it.buh.tecnik93.com> Resent-Message-ID: <200511031200.jA3C0PsE006781@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 88446 >Category: ports >Synopsis: [NEW PORT] mail/rabl_server: Reactive Autonomous Blackhole List server >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: change-request >Submitter-Id: current-users >Arrival-Date: Thu Nov 03 12:00:24 GMT 2005 >Closed-Date: >Last-Modified: >Originator: Ion-Mihai "IOnut" Tetcu >Release: FreeBSD 6.0-RC1 i386 >Organization: >Environment: System: FreeBSD 6.0-RC1 #1: Fri Oct 28 10:49:49 EEST 2005 >Description: Attached shar, also available at: http://people.tecnik93.com/~itetcu/FreeBSD/ports/rabl_server/port/rabl_server-1.0.0.shar wil create the prot for you. The RABL (pronounced "rabble") server is a statistical, machine-automated and up-to-the-second blackhole list server designed to monitor global network activity and make decisions based on network spread and infection rate - that is, abuse from an address which has been reported by a number of participating networks. This is in far contrast to how most other blacklists function, where fallable humans (many with political agendas) must process thousands of reports and make decisions - many times after the fact. The RABL is fully reactive to new threats and can block addresses within seconds of widespread infection - good to know in this world of drone PCs and stolen accounts. The RABL server blacklists addresses until they have cleared a minimum duration (an hour by default) without any additional reporting, making the appeals process as simple as "fix your junk". The RABL is designed to function via automated machine-learning spam filters, such as Bayesian filters. Each participating network is granted write authentication in the blackhole list, to prevent abuse. A client tool is also provided. The RABL server is the server component of the blacklist. It is only necessary to use the server if you are running your own local RABL. If you are looking to simply subscribe to the public RABL, then you need the RABL client instead (mail/rabl_client). WWW: http://www.nuclearelephant.com/projects/rabl/ >How-To-Repeat: >Fix: --- rabl_server-1.0.0.shar begins here --- # This is a shell archive. Save it in a file, remove anything before # this line, and then unpack it by entering "sh file". Note, it may # create directories; files and directories will be owned by you and # have default permissions. # # This archive contains: # # rabl_server/ # rabl_server/files # rabl_server/files/patch-rabl_server.conf # rabl_server/files/rabl_server.sh.in # rabl_server/Makefile # rabl_server/distinfo # rabl_server/pkg-descr # rabl_server/pkg-plist # echo c - rabl_server/ mkdir -p rabl_server/ > /dev/null 2>&1 echo c - rabl_server/files mkdir -p rabl_server/files > /dev/null 2>&1 echo x - rabl_server/files/patch-rabl_server.conf sed 's/^X//' >rabl_server/files/patch-rabl_server.conf << 'END-of-rabl_server/files/patch-rabl_server.conf' X--- rabl_server.conf.dist Tue Oct 25 17:51:52 2005 X+++ rabl_server.conf Tue Oct 25 19:00:18 2005 X@@ -3,7 +3,7 @@ X ## X X # Logfile X-Logfile rabl.log X+Logfile /var/log/rabl.log X X # Connection Queue Size X Queue 32 X@@ -21,11 +21,17 @@ X Life 86400 X X # Command to execute if being DoSed X-DoSCMD "echo 'block in quick from %s/32 to any' | ipf -f -" X+### be sure to tailor this to your setup befor un-commenting one of them X+# ipf X+# DoSCMD "echo 'block in quick from %s/32 to any' | ipf -f -" X+# ipfw X+# DoSCMD "ipfw add deny ip from %s/32 to any" X+# pf X+# DoSCMD "echo "block quick from %s/32 to any" | pfctl -mf -" X X # Zone file writing X-ZoneTemplate /var/named/rabl.mydomain.com.template X-ZoneOutput /var/named/rabl.mydomain.com X+ZoneTemplate /etc/namedb/master/rabl.example.com.template X+ZoneOutput /etc/namedb/master/rabl.example.com X X # Users (Clients with the ability to report a spamming host) X # USER <uid> <secret> <acl> <permissions> END-of-rabl_server/files/patch-rabl_server.conf echo x - rabl_server/files/rabl_server.sh.in sed 's/^X//' >rabl_server/files/rabl_server.sh.in << 'END-of-rabl_server/files/rabl_server.sh.in' X#!/bin/sh X# $FreeBSD$ X# X X# PROVIDE: rabl_server X# REQUIRE: NETWORKING SERVERS X# BEFORE: mail X# KEYWORD: shutdown X X# X# Add the following lines to /etc/rc.conf[.local] to enable rabl_server: X# X# rabl_server_enable="YES" X# User variables: X# rabl_server_conf - conf file to use (default: %%PREFIX%%/etc/${name}.conf) X# rabl_server_user - user to run as (default: bind) X# X X. %%RC_SUBR%% X Xname=rabl_server Xrcvar=`set_rcvar` X Xcommand=%%PREFIX%%/bin/${name} X#command_args="-c ${rabl_server_conf} -u ${rabl_server_user}" X#${name}_flags="-c ${rabl_server_conf} -u ${rabl_server_user}" Xrequired_files=%%PREFIX%%/etc/${name}.conf X Xextra_commands=reload X X#reload() X#{ X# kill -HUP `cat $pidfile` X#} X X# set defaults Xrabl_server_enable=${rabl_server_enable:-"NO"} X Xload_rc_config $name X Xrabl_server_user=${rabl_server_user:-"bind"} Xrabl_server_conf=${rabl_server_conf:-"%%PREFIX%%/etc/${name}.conf"} X Xrabl_server_flags="-c ${rabl_server_conf} -u ${rabl_server_user} &" X Xrun_rc_command "$1" END-of-rabl_server/files/rabl_server.sh.in echo x - rabl_server/Makefile sed 's/^X//' >rabl_server/Makefile << 'END-of-rabl_server/Makefile' X# New ports collection makefile for: rabl_server X# Date created: 2005-10-25 X# Whom: Ion-Mihai "IOnut" Tetcu <itetcu@people.tecnik93.com> X# X# $FreeBSD$ X# X XPORTNAME= rabl_server XPORTVERSION= 1.0.0 XCATEGORIES= mail dns XMASTER_SITES= http://www.nuclearelephant.com/projects/rabl/sources/ \ X http://people.tecnik93.com/~itetcu/FreeBSD/ports/${PORTNAME}/sources/ X XMAINTAINER= itetcu@people.tecnik93.com XCOMMENT= Reactive Autonomous Blackhole List server X XUSE_LIBTOOL_VER= 15 XGNU_CONFIGURE= yes XINSTALLS_SHLIB= yes XCONFIGURE_ENV+= LDFLAGS="-L${LOCALBASE}/lib" XCONFIGURE_TARGET= --build=${MACHINE_ARCH}-portbld-freebsd${OSREL} XCONFIGURE_ARGS+= --prefix=${PREFIX} X XPORTDOCS= CHANGE README RELEASE.NOTES X XOPTIONS= DEBUG "Enable DEBUG messages" off X XRC_SUFX= .sh XUSE_RC_SUBR= ${PORTNAME}${RC_SUFX} X X_RABL_GROUP= bind XRABL_GROUP?= ${_RABL_GROUP} X X.include <bsd.port.pre.mk> X X.if defined(WITH_DEBUG) XCONFIGURE_ARGS+= --enable-debug XCFLAGS+= -g -DDEBUG XSTRIP_CMD= # empty X.endif X X.pre-everything:: X ${ECHO_CMD} X ${ECHO_CMD} "If you plan to run ${PORTNAME} as an other user that the" X ${ECHO_CMD} "default 'bind' define RABL_GROUP to the group that user belongs" X ${ECHO_CMD} "RABL_GROUP=${RABL_GROUP} (default: ${_RABL_GROUP})" X ${ECHO_CMD} X Xpost-install: X ${INSTALL} -o ${SHAREOWN} -g ${RABL_GROUP} -m 0640 \ X ${WRKSRC}/${PORTNAME}.conf ${PREFIX}/etc/${PORTNAME}.conf.sample X.if !exists(${PREFIX}/etc/${PORTNAME}.conf) X ${INSTALL} -o ${SHAREOWN} -g ${RABL_GROUP} -m 0640 \ X ${WRKSRC}/${PORTNAME}.conf ${PREFIX}/etc X.endif X.if !defined(NOPORTDOCS) X ${MKDIR} ${DOCSDIR} X. for i in ${PORTDOCS} X ${INSTALL_DATA} ${WRKSRC}/${i} ${DOCSDIR} X. endfor X.endif X X.include <bsd.port.post.mk> END-of-rabl_server/Makefile echo x - rabl_server/distinfo sed 's/^X//' >rabl_server/distinfo << 'END-of-rabl_server/distinfo' XMD5 (rabl_server-1.0.0.tar.gz) = 01614728ef4fa407aec0479dd382eb18 XSIZE (rabl_server-1.0.0.tar.gz) = 311628 END-of-rabl_server/distinfo echo x - rabl_server/pkg-descr sed 's/^X//' >rabl_server/pkg-descr << 'END-of-rabl_server/pkg-descr' XThe RABL (pronounced "rabble") server is a statistical, machine-automated and Xup-to-the-second blackhole list server designed to monitor global network Xactivity and make decisions based on network spread and infection rate - Xthat is, abuse from an address which has been reported by a number of Xparticipating networks. This is in far contrast to how most other Xblacklists function, where fallable humans (many with political agendas) must Xprocess thousands of reports and make decisions - many times after the fact. XThe RABL is fully reactive to new threats and can block addresses within Xseconds of widespread infection - good to know in this world of drone PCs Xand stolen accounts. The RABL server blacklists addresses until they have Xcleared a minimum duration (an hour by default) without any additional Xreporting, making the appeals process as simple as "fix your junk". The RABL Xis designed to function via automated machine-learning spam filters, such as XBayesian filters. Each participating network is granted write authentication Xin the blackhole list, to prevent abuse. A client tool is also provided. X XThe RABL server is the server component of the blacklist. It is only Xnecessary to use the server if you are running your own local RABL. If you are Xlooking to simply subscribe to the public RABL, then you need the RABL client Xinstead (mail/rabl_client). X XWWW: http://www.nuclearelephant.com/projects/rabl/ END-of-rabl_server/pkg-descr echo x - rabl_server/pkg-plist sed 's/^X//' >rabl_server/pkg-plist << 'END-of-rabl_server/pkg-plist' Xbin/rabl_server X@unexec if cmp -s %D/etc/rabl_server.conf %D/etc/rabl_server.conf.sample; then rm -f %D/etc/rabl_server.conf; fi Xetc/rabl_server.conf.sample END-of-rabl_server/pkg-plist exit --- rabl_server-1.0.0.shar ends here --- >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1131018700.0>