Re: [pfSense Support] importing from multiple iptables ... BOUNTY $100
Glenn Kelley wrote: write to the pfsense server not have pfsense pull :-) even if we just dump the xml feed onto pfsense box first not thinking clearly w/ 1 hour power nap surely it's safer for the internal servers to trust the firewall (i.e. firewall connects and pulls files, probably a pre-processed file, which is checked for sanity on the firewall before applying)? after all, if the firewall is compromised, you're in deep doo-doo! letting internal servers (which provide a service to the public, and which should be in a DMZ and somewhat sacrificial, and depend on the firewall for protection) to connect to the firewall and change its behaviour is LESS secure. So, I'd say that RB is wrong and GK is right! - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Re: DHCP server problem
Ugo Bellavance wrote: I would recommend trying tcpdump, if nothing else to be sure that the ... Funny, I only see Requests... But in the logs I see offers, acks, etc. I'll double-check my tcpdump settings another time. # tcpdump -e -i sis0 -n -s 1500 port 67 or port 68 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on sis0, link-type EN10MB (Ethernet), capture size 1500 bytes 20:12:31.443257 00:12:f0:9a:4b:1e ff:ff:ff:ff:ff:ff, ethertype IPv4 (0x0800), length 362: 0.0.0.0.68 255.255.255.255.67: BOOTP/DHCP, Request from 00:12:f0:9a:4b:1e, length: 320 well, it looks fine... so either * dhcp daemon isn't bound to the correct interface, = do netstat -an | grep udp | grep -ilisten * the firewall isn't open to allow UDP port 67 and 68 in, or isn't allowing the broadcast in = check logs = check rules * dhcp daemon isn't running try = ps auxgw - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Vista's DHCP Issues
Paul Mansfield wrote: Tim Nelson wrote: I recently ran into an issue where one of our client's laptops would/could not get an IP address from one of our boxes running pfSense 1.2-RELEASE. Connecting via wireless or wired made no difference and other machines could connect just fine without issue. After doing some searching, I've found that Vista has some issues with DHCP. The full Microsoft Article is here: http://support.microsoft.com/kb/928233/EN-US/ In short, Vista needs to have it's DHCP broadcast flags modified to use DHCP on some routers and some non-Microsoft DHCP servers. I can only assume it is a problem with Vista and not the underlying DHCPD daemons as I don't believe any other OS's have this problem currently. Just thought I'd post this to the list as I'm assuming some of you may run into the same problem at some point. I wish I'd seen this a few days ago as I stumbled into it last night. New laptop, multi-booting linux and vista (the latter kept just in case), booted vista and it wouldn't connect to my ad-hoc network at home reliably (i.e. it didn't get a dhcp lease). Had to hard-wire a static IP and it worked just fine, couldn't figure it out, but you solved my puzzle! - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] blocking china
For some reason, some of the messages in here get sent to junk mail. But as long as you got it. Derrick -Original Message- From: Joe Laffey [mailto:[EMAIL PROTECTED] Sent: Monday, September 22, 2008 8:44 PM To: support@pfsense.com Subject: RE: [pfSense Support] blocking china On Mon, 22 Sep 2008, Derrick Conner wrote: I've attached my cleaned up XML of all the subnets I block. Feel free to post it, or whatever you want to do with it. I would have sent it to Joe Laffey, but I think my spam filter got him. You were trying to send to me and your spam filter caught it? I didn't get anything, and din't block anything as spam, unless it was a spamhaus block.. But I saw your attachment here. Thanks. -- Joe Laffey| Visual Effects for Film and Video LAFFEY Computer Imaging | - St. Louis, MO | Show Reel http://LAFFEY.tv/?e11875 USA | - . |-*- Digital Fusion Plugins -*- -- - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] blocking spammers xml
Darn good idea! I'm going to set that up right now. Thanks! Don't know why this didn't come to me. Derrick -Original Message- From: Glenn Kelley [mailto:[EMAIL PROTECTED] Sent: Monday, September 22, 2008 11:21 PM To: support@pfsense.com Subject: Re: [pfSense Support] blocking spammers xml I did these a little different... in XML I added in filters section filters rule typeblock/type interfacewan/interface max-src-nodes/ max-src-states/ statetimeout/ statetypekeep state/statetype os/os protocoltcp/udp/protocol source addressspammers/address /source destination any/ port25/port /destination descrspammers/descr /rule /filters then below the rules / filters section aliases alias namespammers/name address66.0.0.0/8 66.0.0.0/8 78.0.0.0/8 79.0.0.0/8 80.0.0.0/8 81.0.0.0/8 82.0.0.0/8 83.0.0.0/8 84.0.0.0/8 85.0.0.0/8 86.0.0.0/8 87.0.0.0/8 88.0.0.0/8 89.0.0.0/8 90.0.0.0/8 91.0.0.0/8 92.0.0.0/8 93.0.0.0/8 94.0.0.0/8 95.0.0.0/8 116.0.0.0/8 121.0.0.0/8 122.0.0.0/8 123.0.0.0/8 124.0.0.0/8 125.0.0.0/8 194.0.0.0/8 195.0.0.0/8 200.0.0.0/8 201.0.0.0/8 202.0.0.0/8 203.0.0.0/8 210.0.0.0/8 190.0.0.0/8/address descrSMTP Block Known Spam Networks/descr typenetwork/type detailsmtp block spam Canada||smtp block Spam Canada||smtp block Spam Amsterdam||smtp block Spam Amsterdam||smtp block Spam Amsterdam|| smtp block Spam Amsterdam||smtp block Spam Amsterdam||smtp block Spam Amsterdam||smtp block Spam Amsterdam||smtp block Spam Amsterdam||smtp block Spam Amsterdam||smtp block Spam Amsterdam||smtp block Spam Amsterdam||smtp block Spam Amsterdam||smtp block Spam Amsterdam||smtp block Spam Amsterdam||smtp block Spam Amsterdam||smtp block Spam Amsterdam||smtp block Spam Amsterdam||smtp block Spam Amsterdam||smtp block Spam Asia||smtp block Spam Amsterdam||smtp block Spam Amsterdam|| smtp block Spam Amsterdam||smtp block Spam Amsterdam||smtp block Spam Amsterdam||smtp block Spam Amsterdam||smtp block Spam Amsterdam||smtp block Spam Mexico||smtp block Spam Mexico||smtp block Spam Mexico|| smtp block Spam Mexico||smtp block Spam Mexico||smtp block Spam Mexico||/detail /alias /aliases Seems to work well. On Sep 22, 2008, at 9:25 PM, Derrick Conner wrote: I've attached my cleaned up XML of all the subnets I block. Feel free to post it, or whatever you want to do with it. I would have sent it to Joe Laffey, but I think my spam filter got him. Derrick -Original Message- From: Glenn Kelley [mailto:[EMAIL PROTECTED] Sent: Monday, September 22, 2008 10:43 AM To: support@pfsense.com Subject: Re: [pfSense Support] blockign china I would need to know perl . I have given my wife a few of those in the past hmmm going to her jewlery box all kidding aside - i think your right. I will see what I can come up w/ - i think this might help the pfsense community @ large. In fact - it seems simple enough - it might make a very simple pkg just a thought - I think if it were a pkg - it could then parse those lists every month or so - cron job 1 time per month and then reinject the changes This way it stays up to date... I would say 95% of the hacking attempts we are seeing in our datacenter are all out of China and Korea - the last 5 % would be say 4% from Russia and 1% from script kiddies in the US Then again 99.256% of all statistics are made up 98.721% of the time I know my #'s are close however Glenn On Sep 22, 2008, at 10:08 AM, Joe Laffey wrote: On Mon, 22 Sep 2008, Glenn Kelley wrote: Thanks Joe - I saw that... My concern was typing all of those into the system one by one by one... Its okay if I gotta do it :-) My hope was that someone already has - and that they could put out that part of their xml file - so the community could all benefit. I would think you could write a perl script to convert those into a segment of XML that you could then paste into a saved config. Then reload that config. -- Joe Laffey| Visual Effects for Film and Video LAFFEY Computer Imaging | - St. Louis, MO | Show Reel http://LAFFEY.tv/?e11861 USA | - . |-*- Digital Fusion Plugins -*-
[pfSense Support] dansguardian + pfsense
Hi All, I searched internet but I didnt find about pfs+dansguardian Is anybody install dansguardian manual on pfsense please help me ? Or prefer another any content filter package ? Thank you
Re: [pfSense Support] dansguardian + pfsense
Koray AGAYA wrote: Hi All, I searched internet but I didnt find about pfs+dansguardian Is anybody install dansguardian manual on pfsense please help me ? Or prefer another any content filter package ? Thank you There is already a squid and squidGuard package available for pfSense. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] dansguardian + pfsense
I want to use dansguardian I know very well dansguardian Please help On Tue, Sep 23, 2008 at 5:56 PM, Gary Buckmaster [EMAIL PROTECTED] wrote: Koray AGAYA wrote: Hi All, I searched internet but I didnt find about pfs+dansguardian Is anybody install dansguardian manual on pfsense please help me ? Or prefer another any content filter package ? Thank you There is already a squid and squidGuard package available for pfSense. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- -Hayatı Ciddiye Alma Asla Sağ Çıkamıycaksın !
Re: [pfSense Support] blocking spammers xml
I would love to pull in all that fun stuff from this nice tool http://blacklist.linuxadmin.org/ Of course that makes the iptables ruleset. I am very interested in how we could do this easily for the entire community. Wish I knew code better - write a little script to create all of these. :-) On Sep 23, 2008, at 10:47 AM, Derrick Conner wrote: Darn good idea! I'm going to set that up right now. Thanks! Don't know why this didn't come to me. Derrick -Original Message- From: Glenn Kelley [mailto:[EMAIL PROTECTED] Sent: Monday, September 22, 2008 11:21 PM To: support@pfsense.com Subject: Re: [pfSense Support] blocking spammers xml I did these a little different... in XML I added in filters section filters rule typeblock/type interfacewan/interface max-src-nodes/ max-src-states/ statetimeout/ statetypekeep state/statetype os/os protocoltcp/udp/protocol source addressspammers/address /source destination any/ port25/port /destination descrspammers/descr /rule /filters then below the rules / filters section aliases alias namespammers/name address66.0.0.0/8 66.0.0.0/8 78.0.0.0/8 79.0.0.0/8 80.0.0.0/8 81.0.0.0/8 82.0.0.0/8 83.0.0.0/8 84.0.0.0/8 85.0.0.0/8 86.0.0.0/8 87.0.0.0/8 88.0.0.0/8 89.0.0.0/8 90.0.0.0/8 91.0.0.0/8 92.0.0.0/8 93.0.0.0/8 94.0.0.0/8 95.0.0.0/8 116.0.0.0/8 121.0.0.0/8 122.0.0.0/8 123.0.0.0/8 124.0.0.0/8 125.0.0.0/8 194.0.0.0/8 195.0.0.0/8 200.0.0.0/8 201.0.0.0/8 202.0.0.0/8 203.0.0.0/8 210.0.0.0/8 190.0.0.0/8/address descrSMTP Block Known Spam Networks/descr typenetwork/type detailsmtp block spam Canada||smtp block Spam Canada||smtp block Spam Amsterdam||smtp block Spam Amsterdam||smtp block Spam Amsterdam|| smtp block Spam Amsterdam||smtp block Spam Amsterdam||smtp block Spam Amsterdam||smtp block Spam Amsterdam||smtp block Spam Amsterdam||smtp block Spam Amsterdam||smtp block Spam Amsterdam||smtp block Spam Amsterdam||smtp block Spam Amsterdam||smtp block Spam Amsterdam||smtp block Spam Amsterdam||smtp block Spam Amsterdam||smtp block Spam Amsterdam||smtp block Spam Amsterdam||smtp block Spam Amsterdam||smtp block Spam Asia||smtp block Spam Amsterdam||smtp block Spam Amsterdam|| smtp block Spam Amsterdam||smtp block Spam Amsterdam||smtp block Spam Amsterdam||smtp block Spam Amsterdam||smtp block Spam Amsterdam||smtp block Spam Mexico||smtp block Spam Mexico||smtp block Spam Mexico|| smtp block Spam Mexico||smtp block Spam Mexico||smtp block Spam Mexico||/detail /alias /aliases Seems to work well. On Sep 22, 2008, at 9:25 PM, Derrick Conner wrote: I've attached my cleaned up XML of all the subnets I block. Feel free to post it, or whatever you want to do with it. I would have sent it to Joe Laffey, but I think my spam filter got him. Derrick -Original Message- From: Glenn Kelley [mailto:[EMAIL PROTECTED] Sent: Monday, September 22, 2008 10:43 AM To: support@pfsense.com Subject: Re: [pfSense Support] blockign china I would need to know perl . I have given my wife a few of those in the past hmmm going to her jewlery box all kidding aside - i think your right. I will see what I can come up w/ - i think this might help the pfsense community @ large. In fact - it seems simple enough - it might make a very simple pkg just a thought - I think if it were a pkg - it could then parse those lists every month or so - cron job 1 time per month and then reinject the changes This way it stays up to date... I would say 95% of the hacking attempts we are seeing in our datacenter are all out of China and Korea - the last 5 % would be say 4% from Russia and 1% from script kiddies in the US Then again 99.256% of all statistics are made up 98.721% of the time I know my #'s are close however Glenn On Sep 22, 2008, at 10:08 AM, Joe Laffey wrote: On Mon, 22 Sep 2008, Glenn Kelley wrote: Thanks Joe - I saw that... My concern was typing all of those into the system one by one by one... Its okay if I gotta do it :-) My hope was that someone already has - and that they could put out that part of their xml file - so the community could all benefit. I would think you could write a perl script to convert those into a segment of XML that you could then paste into a saved config. Then reload that config. -- Joe Laffey| Visual Effects for Film and Video LAFFEY Computer Imaging |
Re: [pfSense Support] dansguardian + pfsense
I want to use dansguardian I know very well dansguardian Please help I want a chocolate pony with sprinkles, but likely won't get one by COB. Your original message stated Or prefer another any content filter package, which squid+squidguard fulfills. If you absolutely insist on dansguardian, you have 5 options: 1. Hope someone else has done the work and wait for them to respond 2. Set it up as a second, in-line system 3. Install the squid package on pfSense and have it point at an existing dansguardian system as its parent proxy 4. Make a package yourself 5. Pay someone (read the bounty page on the forum) to package it up for you and publish the results - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] blocking spammers xml
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 already doing that for hacker networks and spamlinkdests with 2 embedded pfsense from database in netsecdb.de to use /8 would be a little bit tooo cruel, wouldn't it? Regards, Claus Glenn Kelley schrieb: I would love to pull in all that fun stuff from this nice tool http://blacklist.linuxadmin.org/ Of course that makes the iptables ruleset. I am very interested in how we could do this easily for the entire community. Wish I knew code better - write a little script to create all of these. :-) On Sep 23, 2008, at 10:47 AM, Derrick Conner wrote: Darn good idea! I'm going to set that up right now. Thanks! Don't know why this didn't come to me. Derrick -Original Message- From: Glenn Kelley [mailto:[EMAIL PROTECTED] Sent: Monday, September 22, 2008 11:21 PM To: support@pfsense.com Subject: Re: [pfSense Support] blocking spammers xml I did these a little different... in XML I added in filters section filters rule typeblock/type interfacewan/interface max-src-nodes/ max-src-states/ statetimeout/ statetypekeep state/statetype os/os protocoltcp/udp/protocol source addressspammers/address /source destination any/ port25/port /destination descrspammers/descr /rule /filters then below the rules / filters section aliases alias namespammers/name address66.0.0.0/8 66.0.0.0/8 78.0.0.0/8 79.0.0.0/8 80.0.0.0/8 81.0.0.0/8 82.0.0.0/8 83.0.0.0/8 84.0.0.0/8 85.0.0.0/8 86.0.0.0/8 87.0.0.0/8 88.0.0.0/8 89.0.0.0/8 90.0.0.0/8 91.0.0.0/8 92.0.0.0/8 93.0.0.0/8 94.0.0.0/8 95.0.0.0/8 116.0.0.0/8 121.0.0.0/8 122.0.0.0/8 123.0.0.0/8 124.0.0.0/8 125.0.0.0/8 194.0.0.0/8 195.0.0.0/8 200.0.0.0/8 201.0.0.0/8 202.0.0.0/8 203.0.0.0/8 210.0.0.0/8 190.0.0.0/8/address descrSMTP Block Known Spam Networks/descr typenetwork/type detailsmtp block spam Canada||smtp block Spam Canada||smtp block Spam Amsterdam||smtp block Spam Amsterdam||smtp block Spam Amsterdam|| smtp block Spam Amsterdam||smtp block Spam Amsterdam||smtp block Spam Amsterdam||smtp block Spam Amsterdam||smtp block Spam Amsterdam||smtp block Spam Amsterdam||smtp block Spam Amsterdam||smtp block Spam Amsterdam||smtp block Spam Amsterdam||smtp block Spam Amsterdam||smtp block Spam Amsterdam||smtp block Spam Amsterdam||smtp block Spam Amsterdam||smtp block Spam Amsterdam||smtp block Spam Amsterdam||smtp block Spam Asia||smtp block Spam Amsterdam||smtp block Spam Amsterdam|| smtp block Spam Amsterdam||smtp block Spam Amsterdam||smtp block Spam Amsterdam||smtp block Spam Amsterdam||smtp block Spam Amsterdam||smtp block Spam Mexico||smtp block Spam Mexico||smtp block Spam Mexico|| smtp block Spam Mexico||smtp block Spam Mexico||smtp block Spam Mexico||/detail /alias /aliases Seems to work well. On Sep 22, 2008, at 9:25 PM, Derrick Conner wrote: I've attached my cleaned up XML of all the subnets I block. Feel free to post it, or whatever you want to do with it. I would have sent it to Joe Laffey, but I think my spam filter got him. Derrick -Original Message- From: Glenn Kelley [mailto:[EMAIL PROTECTED] Sent: Monday, September 22, 2008 10:43 AM To: support@pfsense.com Subject: Re: [pfSense Support] blockign china I would need to know perl . I have given my wife a few of those in the past hmmm going to her jewlery box all kidding aside - i think your right. I will see what I can come up w/ - i think this might help the pfsense community @ large. In fact - it seems simple enough - it might make a very simple pkg just a thought - I think if it were a pkg - it could then parse those lists every month or so - cron job 1 time per month and then reinject the changes This way it stays up to date... I would say 95% of the hacking attempts we are seeing in our datacenter are all out of China and Korea - the last 5 % would be say 4% from Russia and 1% from script kiddies in the US Then again 99.256% of all statistics are made up 98.721% of the time I know my #'s are close however Glenn On Sep 22, 2008, at 10:08 AM, Joe Laffey wrote: On Mon, 22 Sep 2008, Glenn Kelley wrote: Thanks Joe - I saw that... My concern was typing all of those into the system one by one by one... Its okay if I gotta do it :-) My hope was that someone already has - and that they could put out that part of their xml file - so the community could all benefit. I would think you could write a perl script to convert those into a segment of XML that you could then paste into a saved config. Then reload that config. -- Joe Laffey| Visual Effects for Film and Video LAFFEY Computer Imaging | - St. Louis, MO | Show Reel http://LAFFEY.tv/?e11861 USA | - . |-*- Digital Fusion Plugins -*- --
Re: [pfSense Support] dansguardian + pfsense
-Original Message- From: RB [EMAIL PROTECTED] To: support@pfsense.com Date: Tue, 23 Sep 2008 09:22:04 -0600 Subject: Re: [pfSense Support] dansguardian + pfsense I want to use dansguardian I know very well dansguardian Please help I want a chocolate pony with sprinkles, but likely won't get one by COB. Your original message stated Or prefer another any content filter package, which squid+squidguard fulfills. If you absolutely insist on dansguardian, you have 5 options: 1. Hope someone else has done the work and wait for them to respond 2. Set it up as a second, in-line system 3. Install the squid package on pfSense and have it point at an existing dansguardian system as its parent proxy 4. Make a package yourself 5. Pay someone (read the bounty page on the forum) to package it up for you and publish the results 6.- Try with comixwall, http://comixwall.org/index.php? option=com_contenttask=viewid=35Itemid=48 bye. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] blocking spammers xml
Claus Marxmeier wrote: already doing that for hacker networks and spamlinkdests with 2 embedded pfsense from database in netsecdb.de to use /8 would be a little bit tooo cruel, wouldn't it? better yet, just look up the IP in apnic and if it's there, deny it (and cache) :-) - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] blocking spammers xml
I hate when I hit the wrong hot key to fast. This http://countries.nerd.dk/isolist.txt has an entire list as well. Here is my thougth - wondering if you could help I am thinking of a few addons - here is the first one. An addon that queries http://countries.nerd.dk/isolist.txt - or even a mirror we setup (perhaps on pfsense or our our servers here - we host a number of mirrors including the North American TER for typo3) this would import the country changes when someone wants to do it (manually or on cron - or schedule) Then - people could dynamically build aliases much easier this way. They could pull in say an entire list of countries or just one country and then use those to build rules against. Now - i might need help to clean this idea up. Once we have it hashed out - I would be willing to pay $100 towards a bounty to get this done... I dont want to post the bounty on the forums till I have the wording just right... Glenn On Sep 23, 2008, at 11:13 AM, Glenn Kelley wrote: I would love to pull in all that fun stuff from this nice tool http://blacklist.linuxadmin.org/ Of course that makes the iptables ruleset. I am very interested in how we could do this easily for the entire community Wish I knew code better - write a little script to create all of these. :-) On Sep 23, 2008, at 10:47 AM, Derrick Conner wrote: Darn good idea! I'm going to set that up right now. Thanks! Don't know why this didn't come to me. Derrick -Original Message- From: Glenn Kelley [mailto:[EMAIL PROTECTED] Sent: Monday, September 22, 2008 11:21 PM To: support@pfsense.com Subject: Re: [pfSense Support] blocking spammers xml I did these a little different... in XML I added in filters section filters rule typeblock/type interfacewan/interface max-src-nodes/ max-src-states/ statetimeout/ statetypekeep state/statetype os/os protocoltcp/udp/protocol source addressspammers/address /source destination any/ port25/port /destination descrspammers/descr /rule /filters then below the rules / filters section aliases alias namespammers/name address66.0.0.0/8 66.0.0.0/8 78.0.0.0/8 79.0.0.0/8 80.0.0.0/8 81.0.0.0/8 82.0.0.0/8 83.0.0.0/8 84.0.0.0/8 85.0.0.0/8 86.0.0.0/8 87.0.0.0/8 88.0.0.0/8 89.0.0.0/8 90.0.0.0/8 91.0.0.0/8 92.0.0.0/8 93.0.0.0/8 94.0.0.0/8 95.0.0.0/8 116.0.0.0/8 121.0.0.0/8 122.0.0.0/8 123.0.0.0/8 124.0.0.0/8 125.0.0.0/8 194.0.0.0/8 195.0.0.0/8 200.0.0.0/8 201.0.0.0/8 202.0.0.0/8 203.0.0.0/8 210.0.0.0/8 190.0.0.0/8/address descrSMTP Block Known Spam Networks/descr typenetwork/type detailsmtp block spam Canada||smtp block Spam Canada||smtp block Spam Amsterdam||smtp block Spam Amsterdam||smtp block Spam Amsterdam|| smtp block Spam Amsterdam||smtp block Spam Amsterdam||smtp block Spam Amsterdam||smtp block Spam Amsterdam||smtp block Spam Amsterdam||smtp block Spam Amsterdam||smtp block Spam Amsterdam||smtp block Spam Amsterdam||smtp block Spam Amsterdam||smtp block Spam Amsterdam||smtp block Spam Amsterdam||smtp block Spam Amsterdam||smtp block Spam Amsterdam||smtp block Spam Amsterdam||smtp block Spam Amsterdam||smtp block Spam Asia||smtp block Spam Amsterdam||smtp block Spam Amsterdam|| smtp block Spam Amsterdam||smtp block Spam Amsterdam||smtp block Spam Amsterdam||smtp block Spam Amsterdam||smtp block Spam Amsterdam||smtp block Spam Mexico||smtp block Spam Mexico||smtp block Spam Mexico|| smtp block Spam Mexico||smtp block Spam Mexico||smtp block Spam Mexico||/detail /alias /aliases Seems to work well. On Sep 22, 2008, at 9:25 PM, Derrick Conner wrote: I've attached my cleaned up XML of all the subnets I block. Feel free to post it, or whatever you want to do with it. I would have sent it to Joe Laffey, but I think my spam filter got him. Derrick -Original Message- From: Glenn Kelley [mailto:[EMAIL PROTECTED] Sent: Monday, September 22, 2008 10:43 AM To: support@pfsense.com Subject: Re: [pfSense Support] blockign china I would need to know perl . I have given my wife a few of those in the past hmmm going to her jewlery box all kidding aside - i think your right. I will see what I can come up w/ - i think this might help the pfsense community @ large. In fact - it seems simple enough - it might make a very simple pkg just a thought - I think if it were a pkg - it could then parse those lists every month or so - cron job 1 time per
Re: [pfSense Support] blocking spammers xml
Im kinda new on this - so your advice is greatly appreciated. I am sure their is a better way - thus the reason for discussion :-) Im far from an expert ... my wife tells me I am not perfect either... Boo Hiss :-) My thought is - this community - which appears to be an excellent resource of great people - will be able to help me become perfect - and an expert. (ok bad joke) Anyhow - seeing what others are doing should help. I am thinking /8 would be cruel - however if your find blocking that entire region from your network - then who cares... guess its good for some and not good for others... We for example colocate for a company based out of China... We therefore would need to use these to actually allow traffic to their IP Block but want to block that traffic from the rest of our network... On a side note - PIX eat your heart out. I am running this on a Quad Core Xeon and ... it has zero load... blowing the doors off of the pix running in line w/ it. had the system sitting on the side... and voila - instant firewall We also run vYatta and man does that kick but as well. time to perhaps once we have this 100% put that puppy (pix) on eBay Hat's off to the MonoWall and pFsense dev teams. Glenn On Sep 23, 2008, at 11:38 AM, Paul Mansfield wrote: Claus Marxmeier wrote: already doing that for hacker networks and spamlinkdests with 2 embedded pfsense from database in netsecdb.de to use /8 would be a little bit tooo cruel, wouldn't it? better yet, just look up the IP in apnic and if it's there, deny it (and cache) :-) - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] importing from multiple iptables ... BOUNTY $100
surely it's safer for the internal servers to trust the firewall (i.e. snip So, I'd say that RB is wrong and GK is right! You guys' going ape over setting up pre-emptive regional block-lists shows rather clearly what the competition is; knowing that, I'm rather indifferent to what you think is right. You are correct; the application servers receiving the attacks and providing external services should never reach out and touch the firewall. However, if you carefully read what I posted, you'll notice I stated a 'trusted host'. Ideally, that means a configuration management server (separate from the log collection server) that trawls the application logs, makes the appropriate decisions, logs them, then issues the necessary commands to the firewall. If you must, you could play budget constraints and combine the log server and configuration management server, but that's about as much consolidation as appropriate separation would allow. All that said, it just sounds like re-inventing SnortSam; maybe you guys should look into it before chasing the bounty road too far. Packaging existing software will always be cheaper than reinventing the wheel with a new script. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] importing from multiple iptables ... BOUNTY $100
sorry - did not mean to sound Ape-ish :-) I am pretty easy to get along with - or so I hope. I think your right. I thought snort was in there as a package -but sure enough - its not. Seems it dropped out. Sadly I cant find the pkg to include. Lets go back to the original question - and maybe we can figure out what software is there already to do this. We have roughly 20 or so servers - multiple subnets etc Each run cPanel On cPanel they use CSF/LFD from www.ConfigServer.com CSF is a basic frontend for iptables. LFD is the brute force detection. - CSF/LFD is actually 1 free product however. The way this system works is - the LFD will write to a log file - called deny.txt I am thinking a central system that pulls from each of the cPanel servers deny.txt file and parses out the ip's and then writes them to a log which gets sent over to the PFSense server and PF can then deny would be an excellent add on. Push / Pull - your advice is greatly appreciated. If you have a solution that would work here - like SnortSAM - i am all for it. In fact when looking @ SnortSam it is kinda doing what I am suggesting. The difference is - if something goes through snort - the local system is catching it... and therefore it is still protected in this other scenario. :-) figured if we chat about it - we can come up with something an entire community can use - I am all for debate - if it makes a better product for the community Back to the Zoo - Glenn On Sep 23, 2008, at 12:16 PM, RB wrote: ke re-inventing SnortSam; maybe you guys should look into it before chasing the bounty road too far. Packaging existing software will always be cheaper than reinventing the wheel with a new script. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Vista's DHCP Issues
I've had users complain about this, once i show them XP works fine, I tell them to contact Microsoft. I haven't had any complaints(That I know of) since I started using pfSense, but it was obvious with other Firewall vendors. Adam Tim Nelson wrote: I recently ran into an issue where one of our client's laptops would/could not get an IP address from one of our boxes running pfSense 1.2-RELEASE. Connecting via wireless or wired made no difference and other machines could connect just fine without issue. After doing some searching, I've found that Vista has some issues with DHCP. The full Microsoft Article is here: http://support.microsoft.com/kb/928233/EN-US/ In short, Vista needs to have it's DHCP broadcast flags modified to use DHCP on some routers and some non-Microsoft DHCP servers. I can only assume it is a problem with Vista and not the underlying DHCPD daemons as I don't believe any other OS's have this problem currently. Just thought I'd post this to the list as I'm assuming some of you may run into the same problem at some point. Tim Nelson Systems/Network Engineer Rockbochs Inc. (218)727-4332 x105 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] Vista's DHCP Issues
This is an issue that I honestly have never seen between my firewall and Vista. Is this something that was potentially fixed with a Windows update or is handled differently in 1.2.1? -Sean Date: Tue, 23 Sep 2008 00:49:13 -0600 From: [EMAIL PROTECTED] To: support@pfsense.com Subject: Re: [pfSense Support] Vista's DHCP Issues I've had users complain about this, once i show them XP works fine, I tell them to contact Microsoft. I haven't had any complaints(That I know of) since I started using pfSense, but it was obvious with other Firewall vendors. Adam Tim Nelson wrote: I recently ran into an issue where one of our client's laptops would/could not get an IP address from one of our boxes running pfSense 1.2-RELEASE. Connecting via wireless or wired made no difference and other machines could connect just fine without issue. After doing some searching, I've found that Vista has some issues with DHCP. The full Microsoft Article is here: http://support.microsoft.com/kb/928233/EN-US/ In short, Vista needs to have it's DHCP broadcast flags modified to use DHCP on some routers and some non-Microsoft DHCP servers. I can only assume it is a problem with Vista and not the underlying DHCPD daemons as I don't believe any other OS's have this problem currently. Just thought I'd post this to the list as I'm assuming some of you may run into the same problem at some point. Tim Nelson Systems/Network Engineer Rockbochs Inc. (218)727-4332 x105 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] Vista's DHCP Issues
I have encountered issues like this. It is not related with pfsense. Just another vista bug. Try upgrading to SP 1 and then patch to the latest patches. -Bill -Original Message- From: [EMAIL PROTECTED] [EMAIL PROTECTED] To: support@pfsense.com support@pfsense.com Sent: 9/23/08 12:49 PM Subject: Re: [pfSense Support] Vista's DHCP Issues I've had users complain about this, once i show them XP works fine, I tell them to contact Microsoft. I haven't had any complaints(That I know of) since I started using pfSense, but it was obvious with other Firewall vendors. Adam Tim Nelson wrote: I recently ran into an issue where one of our client's laptops would/could not get an IP address from one of our boxes running pfSense 1.2-RELEASE. Connecting via wireless or wired made no difference and other machines could connect just fine without issue. After doing some searching, I've found that Vista has some issues with DHCP. The full Microsoft Article is here: http://support.microsoft.com/kb/928233/EN-US/ In short, Vista needs to have it's DHCP broadcast flags modified to use DHCP on some routers and some non-Microsoft DHCP servers. I can only assume it is a problem with Vista and not the underlying DHCPD daemons as I don't believe any other OS's have this problem currently. Just thought I'd post this to the list as I'm assuming some of you may run into the same problem at some point. Tim Nelson Systems/Network Engineer Rockbochs Inc. (218)727-4332 x105 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Checked by MailWasher server (www.Firetrust.com) WARNING. No FirstAlert account found. To reduce spam further activate FirstAlert. This message can be removed by purchasing a FirstAlert Account. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] Re: DHCP server problem
Paul Mansfield a écrit : Ugo Bellavance wrote: I would recommend trying tcpdump, if nothing else to be sure that the ... Funny, I only see Requests... But in the logs I see offers, acks, etc. I'll double-check my tcpdump settings another time. # tcpdump -e -i sis0 -n -s 1500 port 67 or port 68 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on sis0, link-type EN10MB (Ethernet), capture size 1500 bytes 20:12:31.443257 00:12:f0:9a:4b:1e ff:ff:ff:ff:ff:ff, ethertype IPv4 (0x0800), length 362: 0.0.0.0.68 255.255.255.255.67: BOOTP/DHCP, Request from 00:12:f0:9a:4b:1e, length: 320 well, it looks fine... so either * dhcp daemon isn't bound to the correct interface, = do netstat -an | grep udp | grep -ilisten sockstat reports dhcpd listening on all interfaces dhcpddhcpd 33059 3 dgram - /var/run/logpriv dhcpddhcpd 33059 9 stream /tmp/php-fastcgi.socket-1 dhcpddhcpd 33059 11 udp4 *:67 *:* _dhcpdhclient 391 3 dgram - /var/run/logpriv * the firewall isn't open to allow UDP port 67 and 68 in, or isn't allowing the broadcast in = check logs = check rules I'll have to look at that when I come back home. * dhcp daemon isn't running try = ps auxgw Seems to be running: # ps aux | grep dhcpd nobody 33056 0.0 0.9 1472 1132 ?? SWed10PM 32:17.24 /usr/local/sbin/dnsmasq -l /var/dhcpd/var/db/dhcpd.leases -s ugob.local dhcpd 33059 0.0 1.6 2264 1904 ?? Is Wed10PM 0:09.02 /usr/local/sbin/dhcpd -user dhcpd -group _dhcp -chroot /var/dhcpd -cf /var/dhcpd/etc/dhcpd.conf sis0 My wifi interface is bridged to sis0. Maybe I hit the vista dhcp bug... - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] blocking china
On Tue, Sep 23, 2008 at 10:40 AM, Derrick Conner [EMAIL PROTECTED] wrote: For some reason, some of the messages in here get sent to junk mail. Gmail has been sending about 10-20% of the list messages to spam the past week or so for me. I changed my filter for the lists to never move to spam, and it's been showing this message not marked as spam because of a filter on 10-20% of messages. Nothing has changed on our end, and I checked to see if we somehow got blacklisted somewhere but that's not the case. If anybody has an idea why this has started happening recently please let me know. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] blocking spammers xml
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 i have complete ripe http://www.ripe.net/, apnic http://www.apnic.net/, jpnic http://www.jpnic.net/, cnnic http://www.cnnic.net/en/index/index.htm /in netsecdb.de database / arin http://www.arin.net/, lacnic http://www.lacnic.net/, afrinic http://www.afrinic.net/, nicbr http://www.nic.br/, krnic http://www.krnic.net/english/ /import, when needed current stats: / Database STATS (refreshed every 30 minutes) Status of: 2008-09-24 00:12:00 known nets:3362078 bgp-routes:5197010 tor exits:829 open proxies:574 ad-trackers:2130 spammer nets:44166 spamlink dests:209 smtp/s nets blocked:43764 hacker-nets:673 bot-servers:74 web-spammer:653 spyware:1264 customer-nets:1092 I do not need to look up things any more :) Every 30 we currently generate: * hosts.deny files for plesk/qmail/xinetd * evil-client.cidr for postfix, * exim4_local_host_blacklist for exim4.x, * .htaccess-files for apache, * iptables-scripts for debian/SuSE and * cmdlets for use with Microsoft Exchange Server7 Series and in addition for our 2 pfsenses alias-xmls. Rulesets are fixed - only aliases extend/change. Just provide a template and i would suggest http://www.netsecdb.de/index.php?q=node/969 for source of static blocking by firewall. webserver and mta already have config files for blocking. regards, Claus Paul Mansfield schrieb: Claus Marxmeier wrote: already doing that for hacker networks and spamlinkdests with 2 embedded pfsense from database in netsecdb.de to use /8 would be a little bit tooo cruel, wouldn't it? better yet, just look up the IP in apnic and if it's there, deny it (and cache) :-) - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - -- Claus Marxmeier Hausanschrift: Johann-Kierspel-Straße 5 51491 Overath - Immekeppel [EMAIL PROTECTED] http://www.marxmeier.de Phone +49 - 2204 - 305940 Mobil +49 - 172 - 5144659 ___ This computer is protected by netsecurity-database from www.netsecdb.de ___ Hinweis: Die vorliegende E-Mail enthält möglicherweise vertrauliche Daten. Falls Ihr Name nicht in der Liste der Adressaten erscheint, beachten Sie den Inhalt der E-Mail zunächst nicht weiter, öffnen Sie keine Dateianhänge und wenden Sie sich umgehend an den Absender [EMAIL PROTECTED] Sicherheitserklärung: Der Inhalt dieser E-Mail ist ausschliesslich fuer den bezeichneten Adressaten bestimmt. Wenn Sie nicht der vorgesehene Adressat dieser E-Mail oder dessen Vertreter sein sollten, so beachten Sie bitte, dass jede Form der Kenntnisnahme, Veroeffentlichung, Vervielfaeltigung oder Weitergabe des Inhalts dieser E-Mail unzulaessig ist. Ich bitte Sie, sich in diesem Fall mit dem Absender der E-Mail in Verbindung zu setzen. Ich moechte Sie ausserdem darauf hinweisen, dass die Kommunikation per E-Mail ueber das Internet unsicher ist, da fuer unberechtigte Dritte grundsaetzlich die Moeglichkeit der Kenntnisnahme und Manipulation besteht - auch wenn diese Nachricht durch einen Schlüssel signiert wurde. This message may contain confidential and/or privileged information. If you are not the intended recipient or have received this message in error please notify the sender immediately and delete this message. Any unauthorized copying, disclosure or distribution of the material contained in this message is strictly forbidden. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFI2XBbUIsBFYVeBxARAvWxAJ0R7j/JsIZIit4E3EaGpOEkIcuHEgCaAsCg KLmHC0u5wi3DeBjA4ZjZOUA= =z/y/ -END PGP SIGNATURE- begin:vcard fn:Claus Marxmeier n:Marxmeier;Claus adr:;;Johann-Kierspel-Strasse 5;Overath-Immekeppel;NRW;51491;Deutschland email;internet:[EMAIL PROTECTED] tel;home:+49-2204-917365 tel;cell:+49-172-5144659 x-mozilla-html:FALSE url:http://ww.marxmeier.de version:2.1 end:vcard - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] blocking spammers xml
Claus Awesome... Now I guess I need to figure out how to get that imported... But this is exactly what I am looking for... I am thinking a few little things would help - but thats a great place to start ! Glenn On Sep 23, 2008, at 6:40 PM, Claus Marxmeier wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 i have complete ripe http://www.ripe.net/, apnic http://www.apnic.net/, jpnic http://www.jpnic.net/, cnnic http://www.cnnic.net/en/index/index.htm /in netsecdb.de database / arin http://www.arin.net/, lacnic http://www.lacnic.net/, afrinic http://www.afrinic.net/, nicbr http://www.nic.br/, krnic http://www.krnic.net/english/ /import, when needed current stats: / Database STATS (refreshed every 30 minutes) Status of: 2008-09-24 00:12:00 known nets:3362078 bgp-routes:5197010 tor exits:829 open proxies:574 ad-trackers:2130 spammer nets:44166 spamlink dests:209 smtp/s nets blocked:43764 hacker-nets:673 bot-servers:74 web-spammer:653 spyware:1264 customer-nets:1092 I do not need to look up things any more :) Every 30 we currently generate: * hosts.deny files for plesk/qmail/xinetd * evil-client.cidr for postfix, * exim4_local_host_blacklist for exim4.x, * .htaccess-files for apache, * iptables-scripts for debian/SuSE and * cmdlets for use with Microsoft Exchange Server7 Series and in addition for our 2 pfsenses alias-xmls. Rulesets are fixed - only aliases extend/change. Just provide a template and i would suggest http://www.netsecdb.de/index.php?q=node/969 for source of static blocking by firewall. webserver and mta already have config files for blocking. regards, Claus Paul Mansfield schrieb: Claus Marxmeier wrote: already doing that for hacker networks and spamlinkdests with 2 embedded pfsense from database in netsecdb.de to use /8 would be a little bit tooo cruel, wouldn't it? better yet, just look up the IP in apnic and if it's there, deny it (and cache) :-) - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - -- Claus Marxmeier Hausanschrift: Johann-Kierspel-Straße 5 51491 Overath - Immekeppel [EMAIL PROTECTED] http://www.marxmeier.de Phone +49 - 2204 - 305940 Mobil +49 - 172 - 5144659 ___ This computer is protected by netsecurity-database from www.netsecdb.de ___ Hinweis: Die vorliegende E-Mail enthält möglicherweise vertrauliche Daten. Falls Ihr Name nicht in der Liste der Adressaten erscheint, beachten Sie den Inhalt der E-Mail zunächst nicht weiter, öffnen Sie keine Dateianhänge und wenden Sie sich umgehend an den Absender [EMAIL PROTECTED] Sicherheitserklärung: Der Inhalt dieser E-Mail ist ausschliesslich fuer den bezeichneten Adressaten bestimmt. Wenn Sie nicht der vorgesehene Adressat dieser E-Mail oder dessen Vertreter sein sollten, so beachten Sie bitte, dass jede Form der Kenntnisnahme, Veroeffentlichung, Vervielfaeltigung oder Weitergabe des Inhalts dieser E-Mail unzulaessig ist. Ich bitte Sie, sich in diesem Fall mit dem Absender der E-Mail in Verbindung zu setzen. Ich moechte Sie ausserdem darauf hinweisen, dass die Kommunikation per E-Mail ueber das Internet unsicher ist, da fuer unberechtigte Dritte grundsaetzlich die Moeglichkeit der Kenntnisnahme und Manipulation besteht - auch wenn diese Nachricht durch einen Schlüssel signiert wurde. This message may contain confidential and/or privileged information. If you are not the intended recipient or have received this message in error please notify the sender immediately and delete this message. Any unauthorized copying, disclosure or distribution of the material contained in this message is strictly forbidden. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFI2XBbUIsBFYVeBxARAvWxAJ0R7j/JsIZIit4E3EaGpOEkIcuHEgCaAsCg KLmHC0u5wi3DeBjA4ZjZOUA= =z/y/ -END PGP SIGNATURE- claus .vcf - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] blocking china
Chris Buechler wrote: On Tue, Sep 23, 2008 at 10:40 AM, Derrick Conner [EMAIL PROTECTED] wrote: For some reason, some of the messages in here get sent to junk mail. Gmail has been sending about 10-20% of the list messages to spam the past week or so for me. I changed my filter for the lists to never move to spam, and it's been showing this message not marked as spam because of a filter on 10-20% of messages. Nothing has changed on our end, and I checked to see if we somehow got blacklisted somewhere but that's not the case. If anybody has an idea why this has started happening recently please let me know. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] I would suspect that enough people who subscribed to the list, and who are too lazy to unsubscribe simply pressed the tag as spam button on list emails so they didn't have to see them anymore. It's common enough, and very annoying. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Vista's DHCP Issues
On Mon, Sep 22, 2008 at 12:06 PM, Tim Nelson [EMAIL PROTECTED] wrote: I recently ran into an issue where one of our client's laptops would/could not get an IP address from one of our boxes running pfSense 1.2-RELEASE. Connecting via wireless or wired made no difference and other machines could connect just fine without issue. After doing some searching, I've found that Vista has some issues with DHCP. The full Microsoft Article is here: http://support.microsoft.com/kb/928233/EN-US/ In short, Vista needs to have it's DHCP broadcast flags modified to use DHCP on some routers and some non-Microsoft DHCP servers. I can only assume it is a problem with Vista and not the underlying DHCPD daemons as I don't believe any other OS's have this problem currently. This should be fixable with the always-broadcast dhcpd option. I opened a feature request. http://cvstrac.pfsense.org/tktview?tn=1814 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] blocking china
On Tue, Sep 23, 2008 at 3:30 PM, Chris Buechler [EMAIL PROTECTED] wrote: On Tue, Sep 23, 2008 at 10:40 AM, Derrick Conner [EMAIL PROTECTED] wrote: For some reason, some of the messages in here get sent to junk mail. Gmail has been sending about 10-20% of the list messages to spam the past week or so for me. I changed my filter for the lists to never move to spam, and it's been showing this message not marked as spam because of a filter on 10-20% of messages. Nothing has changed on our end, and I checked to see if we somehow got blacklisted somewhere but that's not the case. Interesting, I haven't had that problem at all with Gmail and pfsense list messages... -Dave - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]