nixlists <nixmli...@gmail.com> writes: > spamd is great, but I need to filter other traffic. I still wonder how > people manage to download and convert blocklists for loading into pf > in an automated way as a cron job. Has anyone attempted to do this?
This is still pretty vague. If you want to download lists of IP addresses to load into tables, that's fairly straightforward, but there is always the risk of bumping into the limits on table entries if the lists are large enough, for example. > Often there are syntax errors in the lists, sometimes transfers fail. > IOW it's unreliable, and I have to do it manually. I guess I could do > it such that if a list fails download or conversion, then leave the > old list alone, but that sucks too. For garbage in downloadable lists, you would need to talk to the people who generate them and ask them to clean up, or devise some simple tests for validity before loading the data into your tables. As for using old data vs no data, there is the possibility that no data is preferable to using out of date data with a higher propability of false positives. Your system, your call of course. > Also, which lists do you use? For spamd, I use and recommend uatraps and nixspam, both in the default spamd.conf for you to include. My own greytrap list is available to others too (fetchable from bsdly.net), use at your own risk and so forth. At the moment I have no other blacklist machinery in place other than the usual auto-LARTing of rapid-fire bruteforcers. - Peter -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/ "Remember to set the evil bit on all malicious network traffic" delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.