Changes between Version 1 and Version 2 of WikiStart


Ignore:
Timestamp:
02/29/12 20:35:57 (13 years ago)
Author:
Kris Deugau
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • WikiStart

    v1 v2  
    1 = Welcome to Trac 0.12 =
     1= DeepNet DNSBL Tools =
    22
    3 Trac is a '''minimalistic''' approach to '''web-based''' management of
    4 '''software projects'''. Its goal is to simplify effective tracking and handling of software issues, enhancements and overall progress.
     3This is a set of scrirpts for maintaining your own DNS-based IP and URI blacklists for use either in a cumulative score-based filter system like [http://spamassassin.apache.org SpamAssassin] or (if you trust anyone who has access to the system) hard-blocking in your MTA.
    54
    6 All aspects of Trac have been designed with the single goal to
    7 '''help developers write great software''' while '''staying out of the way'''
    8 and imposing as little as possible on a team's established process and
    9 culture.
     5The API and UI for both the IP list and the URI list should be considered functional but incomplete.  Some changes must be done directly in the database, or a custom script written.
    106
    11 As all Wiki pages, this page is editable, this means that you can
    12 modify the contents of this page simply by using your
    13 web-browser. Simply click on the "Edit this page" link at the bottom
    14 of the page. WikiFormatting will give you a detailed description of
    15 available Wiki formatting commands.
     7These are NOT designed for a major publicly-available list similar to Spamhaus' [http://www.spamhaus.org/zen/ zen], [http://www.spamcop.net/bl.shtml SpamCop], or Barracuda's [http://www.barracudacentral.org/rbl BRBL].  If nothing else, the extra bitmask handling slows things down enough that it would take an unreasonable amount of time to maintain a multi-million-record dataset.  As of writing, a local dataset containing ~19000 IPs and ~12000 netblocks, resulting in ~20K internally-published entries, takes about 20 seconds to export to an rbldnsd-formatted file on otherwise lightly-loaded modern hardware.  Past versions of the code on the same dataset may run as long as 10 minutes.
    168
    17 "[wiki:TracAdmin trac-admin] ''yourenvdir'' initenv" created
    18 a new Trac environment, containing a default set of wiki pages and some sample
    19 data. This newly created environment also contains
    20 [wiki:TracGuide documentation] to help you get started with your project.
     9== IP blacklist ==
    2110
    22 You can use [wiki:TracAdmin trac-admin] to configure
    23 [http://trac.edgewall.org/ Trac] to better fit your project, especially in
    24 regard to ''components'', ''versions'' and ''milestones''.
     11For IP listing, the RIR allocation (from ARIN, APNIC, LACNIC, AfriNIC, or RIPE) and two levels of internal delegation are supported.  This allows tracking of how many IPs in a given block have been reported, and automatically listing the entire block if that goes beyond a certain threshold.  Additional levels of delegation could be supported with minimal changes.
    2512
     13The thresholds are defined in a database table.  No UI is currently built to modify these.  A fairly reasonable set of defaults (in production use for over a year) is provided in the initial SQL tabledef.
    2614
    27 TracGuide is a good place to start.
     15Multiple lists are supported via autodetection of the web URL that will load different database connection information.  This allows you to maintain one list for general scoring, and a second with different autolisting thresholds for hard blocking. 
    2816
    29 Enjoy! [[BR]]
    30 ''The Trac Team''
     17Data can be exported for various DNS systems.  [http://www.corpit.ru/mjt/rbldnsd.html rbldnsd] is recommended as it supports CIDR netblocks rather than forcing divisions along classful octet boundaries (leading to having to add 128 lines for a /17, for instance).
    3118
    32 == Starting Points ==
     19Manually tagging a block or netblock owner/operator for listing is possible but no UI has been implemented.
    3320
    34  * TracGuide --  Built-in Documentation
    35  * [http://trac.edgewall.org/ The Trac project] -- Trac Open Source Project
    36  * [http://trac.edgewall.org/wiki/TracFaq Trac FAQ] -- Frequently Asked Questions
    37  * TracSupport --  Trac Support
     21An IP can have a bit in a bitmask set for any one of the following:
     22* IP count exceeds automatic threshold (threshold is set for each CIDR block size)
     23  * IP count in RIR allocation
     24  * IP count in first delegation
     25  * IP count in second delegation
     26* Netblock has been manually tagged to be listed (this is useful to tag blocks marked in WHOIS as dynamic IP space - these IPs should not be sending mail directly to your MX)
     27  * RIR allocation tagged
     28  * First delegation tagged
     29  * Second delegation tagged
     30* Netblock owner/operator tagged (useful to catch new IPs assigned to netblock owners who generate lots of spam)
     31  * RIR allocation tagged
     32  * First delegation tagged
     33  * Second delegation tagged
    3834
    39 For a complete list of local wiki pages, see TitleIndex.
     35== URI blacklist ==
     36
     37URI listing is much simpler;  one or more domains can be added at a time, each at a different listing level or type.  Currently supported designations are "black", "grey", and "URL shortener".  The supplied !SpamAssassin configuration fragment uses these designations.
     38
     39== Releases ==
     40
     41No stable release has been designated.
     42
     43SVN development occasionally lurches ahead at https://secure.deepnet.cx/svn/dnsbl/trunk.
     44
     45The IP blacklist has a [https://secure.deepnet.cx/demos/dnsbl demo].  You can see the entire dataset [https://secure.deepnet.cx/demos/dnsbl/browse.cgi here].  This results in an rbldnsd data file like [https://secure.deepnet.cx/demos/dnsbl/demoexport this] (may be out of date with respect to the listing on browse.cgi).
     46
     47== Configuration ==
     48
     49The web UI takes the hostname and root path to the installation, converts non-alphanumerics to underscores, and appends `.conf` - for instance, the demo site above looks for `secure_deepnet_cx_demos_dnsbl.conf` in /etc/dnsbl.  This file contains the database connection information.
     50
     51For export, the export script requires an argument to determine which configuration to pick up.  I use symlinks with convenient short names linked to the longer filenames (`dnsbl` -> `secure_deepnet_cx_demos_dnsbl.conf`).
     52
     53Thresholds for automatically listing a block are defined in the `autolist` table.  The CIDR mask length is used on the `masklen` column to look up the IP count threshold from the `ipcount` column.
     54
     55Manual tagging of a block or block owner is done by setting the `listme` column in the `blocks` or `orgs` tables respectively to `y`.  The `comments` column gives you a place to put notes about the block - I've used this to note an "advisory" block added when I see a grouping of IPs that keep showing up in missed spam but which doesn't show in WHOIS, and to tie together apparently unrelated block owners.  It's also useful to remind you why a block might be listed in spite of being part of a squeaky-clean network otherwise (typically for blocks labelled "dynamic" in WHOIS, but not listed on eg Spamhaus' [http://www.spamhaus.org/pbl PBL]).
     56
     57All further configuration relies on the key-value "misc" table in the database.  Supported keys are:
     58
     59* blzone (default "`company.dnsbl`")[[br]]
     60  DNS zone to publish the data under.  A non-public TLD like `.dnsbl` is recommended to insure you don't leak the data beyond your own usage.
     61* bladmin (default "`systems.company.com`")[[br]]
     62  Admin contact for the zone's SOA record
     63* iplisted (default "`$ relayed a reported spam`")[[br]]
     64  String to use when a TXT lookup is done on an IP that is explicitly listed.  `$` is replaced by rbldnsd with the actual IP on the fly.
     65* blocklisted (default "`Netblock listed on one or more criteria`")[[br]]
     66  String to use when a TXT lookup is done on an IP in a block that's listed, but the IP itself isn't.
     67
     68The latter two support some customization on a per-entry basis by replacing the literal string `:ENTITY:` with the IP or block being written.