#!/bin/bash #Copyright 2003 William Stearns #version 0.5.0 #Note! sed's undocumented '-r' switch turns on both '|' processing and the use of ( instead of \( #In /etc/squid/squid.conf #acl spammers url_regex "/etc/squid/sa-blacklist.domains" #http_access deny all spammers if [ -z "$1" ]; then echo I need a blacklist command line parameter, exiting. exit 1 fi case $1 in *master.cf) Blacklist="`echo "$1" | sed -e 's/\.master\.cf$//'`" if [ `grep -if /usr/src/sa-blacklist/sa-whitelist $1 | grep -v '[a-zA-Z0-9]@' | wc -l` -gt 0 ]; then grep -if /usr/src/sa-blacklist/sa-whitelist $1 | grep -v '[a-zA-Z0-9]@' echo blacklist contains whitelist entries, please fix, exiting. exit 1 fi if [ `cat $1 | sed -e 's/#.*//' | grep blacklist_from | sort | uniq -d | wc -l` -gt 0 ]; then cat $1 | sed -e 's/#.*//' | grep blacklist_from | sort | uniq -d echo are duplicates, please fix, exiting exit 1 fi #This was the manual approach, now replaced by strip-host-from-domain # | sed -r \ # -e 's/.*\.([a-z0-9-]*\.(art.br|com\.ar|com\.br|com\.cn|co\.il|co\.jp|com\.np|com\.pk|ne\.jp|co\.tv|com\.tw|co\.uk|co\.zw|etc\.br|net\.il|net\.tw|org\.tw|org\.uk|pro\.br|rec\.br|tmp\.br))$/\1HANDLED/' \ # -e 's/[a-z0-9-]*\.(art.br|com\.ar|com\.br|com\.cn|co\.il|co\.jp|com\.np|com\.pk|ne\.jp|co\.tv|com\.tw|co\.uk|co\.zw|etc\.br|net\.il|net\.tw|org\.tw|org\.uk|pro\.br|rec\.br|tmp\.br)$/&HANDLED/' \ # -e 's/.*\.([^\.]*\.(ar|biz|br|bz|cc|cn|com|de|edu|fr|info|il|it|jp|lt|net|np|org|tc|tv|tw|uk|us|zw))$/\1/' \ # -e 's/HANDLED$//' \ RawDomains="`cat "$1" \ | grep '^blacklist_from \*@' \ | tr A-Z a-z \ | sed \ -e 's/^blacklist_from \*@//' \ -e 's/^\*\.//' \ -e 's/^\*\.//' \ -e 's/^\*\.//' \ | strip-host-from-domain \ | grep -v '\*' \ | sort \ | uniq`" SerialHeader=`cat "$1" | grep '^#sa-blacklist: [0-9]*$'` #==== ALL domains, even ones no longer in whois ==== echo "$RawDomains" | grep -v '^yahoo.com$' >$Blacklist.withdead.domains ;; *.withdead.domains) Blacklist="`echo "$1" | sed -e 's/\.withdead\.domains$//'`" RawDomains="`cat "$1" \ | tr A-Z a-z \ | sort \ | uniq`" SerialHeader="#sa-blacklist: `echo \"$1\" | sed -e 's/\.withdead\.domains$//' -e 's/.*\.\([0-9]*\)/\1/'`" ;; *) echo error, blacklist needs to be called something.master.cf or something.withdead.domains, exiting exit 1 esac #Now we create a URL filter file from the domains file: echo "$SerialHeader" | sed -e 's/#sa-blacklist: /#sa-blacklist.uri: /' >$Blacklist.withdead.uri.cf #The sed script below converts "a.b.c" on stdin to "a.b.c a\.b\.c" on #stdout, allowing a single sed to convert every line without needing to #do a fork on each domain. URICount=0 #( echo drs.yahoo.com # echo rd.yahoo.com # echo srd.yahoo.com # cat $Blacklist.withdead.domains ) \ cat $Blacklist.withdead.domains \ | sed '{ h s/\./\\\\./g x G s/\ / / }' \ | while read OneDomain OneQuotedDomain ; do URICount=$[ $URICount + 1 ] echo "describe WLS_URI_$URICount URI contains $OneDomain" echo "uri WLS_URI_$URICount /\b${OneQuotedDomain}\b/i" echo "score WLS_URI_$URICount 2.0" done >>$Blacklist.withdead.uri.cf #==== LIVE domains, must be in whois ==== echo "$RawDomains" \ | grep -v '^yahoo.com$' \ | ( while read ADomain ; do if [ ! -f "/usr/src/whois-out/${ADomain}-whois" -a ! -f "/usr/src/whois-out/notfound/${ADomain}-whois" ]; then #Neither exists Neither=$[ $Neither + 1 ] echo $ADomain elif [ -f "/usr/src/whois-out/${ADomain}-whois" -a ! -f "/usr/src/whois-out/notfound/${ADomain}-whois" ]; then #Live exists Live=$[ $Live + 1 ] echo $ADomain elif [ ! -f "/usr/src/whois-out/${ADomain}-whois" -a -f "/usr/src/whois-out/notfound/${ADomain}-whois" ]; then #Dead exists Dead=$[ $Dead + 1 ] #No write elif [ -f "/usr/src/whois-out/${ADomain}-whois" -a -f "/usr/src/whois-out/notfound/${ADomain}-whois" ]; then #Both exist if [ "/usr/src/whois-out/${ADomain}-whois" -nt "/usr/src/whois-out/notfound/${ADomain}-whois" ]; then BothLiveNewer=$[ $BothLiveNewer + 1 ] echo $ADomain else BothDeadNewer=$[ $BothDeadNewer + 1 ] #No write fi fi done echo "Neither $Neither" >$Blacklist.stats echo "Live $Live" >>$Blacklist.stats echo "Dead $Dead" >>$Blacklist.stats echo "BothLiveNewer $BothLiveNewer" >>$Blacklist.stats echo "BothDeadNewer $BothDeadNewer" >>$Blacklist.stats ) >$Blacklist.domains rm -f sa-blacklist.current.domains ; ln -sf $Blacklist.domains sa-blacklist.current.domains echo '#### Start of Manual Blacklist ####' >$Blacklist.cf echo "$SerialHeader" >>$Blacklist.cf echo '#This list provided by William Stearns , please send' >>$Blacklist.cf echo '#additions and corrections.' >>$Blacklist.cf echo '#The master copy is kept at:' >>$Blacklist.cf echo '#http://www.stearns.org/sa-blacklist/sa-blacklist.current.cf' >>$Blacklist.cf echo '#Some of the following may be trademarks, owned by their respective owners.' >>$Blacklist.cf echo '#' >>$Blacklist.cf cat "$Blacklist.domains" | grep -v '^[0-9\.]*$' | sed -e 's/^/blacklist_from *@/' >>$Blacklist.cf cat "$Blacklist.domains" | grep -v '^[0-9\.]*$' | sed -e 's/^/blacklist_from *@*./' >>$Blacklist.cf rm -f sa-blacklist.current ; ln -sf $Blacklist.cf sa-blacklist.current rm -f sa-blacklist.current.cf ; ln -sf $Blacklist.cf sa-blacklist.current.cf echo "$SerialHeader" | sed -e 's/#sa-blacklist: /#sa-blacklist.at-domains: /' >$Blacklist.at-domains echo '#This file is designed to be used in Qmails "badmailfrom" file, found' >>$Blacklist.at-domains echo '#in the "control" directory. Append these lines and restart qmail.' >>$Blacklist.at-domains echo '#The latest version of this list can be found at: ' >>$Blacklist.at-domains echo '#http://www.stearns.org/sa-blacklist/' >>$Blacklist.at-domains cat "$Blacklist.domains" | sed -e 's/^/@/' >>$Blacklist.at-domains rm -f sa-blacklist.current.at-domains ; ln -sf $Blacklist.at-domains sa-blacklist.current.at-domains echo "$SerialHeader" | sed -e 's/#sa-blacklist: /#sa-blacklist.sendmail-access: /' >$Blacklist.sendmail-access echo '#This is designed to be used in Sendmails access file, usually found' >>$Blacklist.sendmail-access echo '#in /etc/mail/access . Append these lines, run "make access.db",' >>$Blacklist.sendmail-access echo '#and restart sendmail. The latest version of this file can be found' >>$Blacklist.sendmail-access echo '#at http://www.stearns.org/sa-blacklist/ .' >>$Blacklist.sendmail-access cat "$Blacklist.domains" | sed -e 's@$@ ERROR:550 "Blocked by http://www.stearns.org/sa-blacklist/"@' >>$Blacklist.sendmail-access rm -f sa-blacklist.current.sendmail-access ; ln -sf $Blacklist.sendmail-access sa-blacklist.current.sendmail-access echo "$SerialHeader" | sed -e 's/#sa-blacklist: /#sa-blacklist.action: /' >$Blacklist.action echo '#Designed for use with the Privoxy http proxy, see' >>$Blacklist.action echo '#http://www.privoxy.org/ . This list can be found at' >>$Blacklist.action echo '#http://www.stearns.org/sa-blacklist/' >>$Blacklist.action echo '{+block}' >>$Blacklist.action cat "$Blacklist.domains" | sed -e 's@^@.@' >>$Blacklist.action rm -f sa-blacklist.current.action ; ln -sf $Blacklist.action sa-blacklist.current.action rm -f sa-blacklist.current.actions ; ln -sf $Blacklist.action sa-blacklist.current.actions echo "$SerialHeader" | sed -e 's/#sa-blacklist: /#sa-blacklist.reject: /' >$Blacklist.reject echo '#Designed for use with the Postfix MTA, see' >>$Blacklist.reject echo '#http://www.postfix.org/ . This list and install instructions can be' >>$Blacklist.reject echo '#found at http://www.stearns.org/sa-blacklist/' >>$Blacklist.reject cat "$Blacklist.domains" | sed -e 's@$@ REJECT@' >>$Blacklist.reject rm -f sa-blacklist.current.reject ; ln -sf $Blacklist.reject sa-blacklist.current.reject #echo "$SerialHeader" | sed -e 's/#sa-blacklist: /;sa-blacklist.bind: /' >$Blacklist.bind #Timestamp=`echo "$SerialHeader" | sed -e 's/#sa-blacklist: //'` #echo ';Designed for use with the Bind dns server, see' >>$Blacklist.bind #echo ';http://www.isc.org/sw/bind/ . This list and install instructions' >>$Blacklist.bind #echo ';can be found at http://www.stearns.org/sa-blacklist/' >>$Blacklist.bind #cat <>$Blacklist.bind #\$TTL 600 #@ IN SOA ns1.freeapp.net. zone.surbl.org. ( # $Timestamp 600 300 604800 600 ) # #@ IN NS ns1.freeapp.net. #@ IN NS dns1.littleredbat.net. #@ IN NS a.rbl-auth.sr.sonic.net. #@ IN NS b.rbl-auth.sr.sonic.net. # #@ IN A 66.170.2.60 # #test.surbl.org IN A 127.0.0.2 ; permanent test point #test.sc.surbl.org IN A 127.0.0.2 ; permanent test point #EOHEADER #cat "$Blacklist.domains" | sed -e 's@$@ IN A 127.0.0.2\ # IN TXT "Message body contains spammer domain, see http://www.stearns.org/sa-blacklist"@' >>$Blacklist.bind #Now we create a URL filter file from the domains file: echo "$SerialHeader" | sed -e 's/#sa-blacklist: /#sa-blacklist.uri: /' >$Blacklist.oneperrule.uri.cf echo '#This is designed to be used with Spamassassin,' >>$Blacklist.oneperrule.uri.cf echo '#http://www.spamassassin.org . Place it in /etc/mail/spamassassin/' >>$Blacklist.oneperrule.uri.cf echo '#and restart spamassassin. The latest version of this list can be' >>$Blacklist.oneperrule.uri.cf echo '#found at http://www.stearns.org/sa-blacklist/ .' >>$Blacklist.oneperrule.uri.cf URICount=0 #( echo drs.yahoo.com # echo rd.yahoo.com # echo srd.yahoo.com # cat $Blacklist.domains ) \ cat $Blacklist.domains \ | sed '{ h s/\./\\\\./g x G s/\ / / }' \ | while read OneDomain OneQuotedDomain ; do URICount=$[ $URICount + 1 ] echo "describe WLS_URI_$URICount URI contains $OneDomain" echo "uri WLS_URI_$URICount /\b${OneQuotedDomain}\b/i" echo "score WLS_URI_$URICount 2.0" done >>$Blacklist.oneperrule.uri.cf cat $Blacklist.oneperrule.uri.cf | dwinkler-convert-uri-list.pl >$Blacklist.uri.cf rm -f sa-blacklist.current.uri.cf ; ln -sf $Blacklist.uri.cf sa-blacklist.current.uri.cf