diff options
| author | Daniel Hansson <github@hanssonit.se> | 2021-08-20 17:45:07 +0300 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2021-08-20 17:45:07 +0300 |
| commit | 54e5e833874e662fec25e55c7ee6959a7d10c384 (patch) | |
| tree | 27cabc3dd9cfe73f77fc8fdb6c97ef160417501b /static | |
| parent | ebb3fe5bbf9765770df291450922b65f7b794b81 (diff) | |
fix SC temporarily (#2089)
Diffstat (limited to 'static')
| -rw-r--r-- | static/spamhaus-drop.sh | 22 |
1 files changed, 16 insertions, 6 deletions
diff --git a/static/spamhaus-drop.sh b/static/spamhaus-drop.sh index 1213aeaa..0e3b9070 100644 --- a/static/spamhaus-drop.sh +++ b/static/spamhaus-drop.sh @@ -1,6 +1,14 @@ #!/bin/bash -## Copy of https://raw.githubusercontent.com/wallyhall/spamhaus-drop/master/spamhaus-drop +## Intially forked from cowgill, extended and improved for our mailserver needs. +## Credit: https://github.com/cowgill/spamhaus/blob/master/spamhaus.sh + +# based off the following two scripts +# http://www.theunsupported.com/2012/07/block-malicious-ip-addresses/ +# http://www.cyberciti.biz/tips/block-spamming-scanning-with-iptables.html + +# Thanks to Daniel Hansson for providing a PR motivating bringing v2 of this script. +# https://github.com/enoch85 # path to iptables IPTABLES="/sbin/iptables" @@ -32,7 +40,7 @@ die() { } usage() { - echo "Basic usage: $(basename $0) <-u> + echo "Basic usage: $(basename "$0") <-u> Additional options and arguments: -u Download blocklists and update iptables @@ -46,7 +54,7 @@ Additional options and arguments: -t Disable logging of blocklist hits in iptables -h Display this help message " - exit $EXIT_CODE + exit "$EXIT_CODE" } set_mode() { @@ -81,7 +89,7 @@ download_rules() { # get a copy of the spam list echo "Fetching '$URL' ..." curl -Ss "$URL" | grep -e "" | tee -a "$TMP_FILE" > /dev/null - if [ ${PIPESTATUS[0]} -ne 0 ]; then + if [ "${PIPESTATUS[0]}" -ne 0 ]; then if [ $SKIP_FAILED_DOWNLOADS -eq 1 ]; then echo "Failed to download '$URL' while skipping is enabled - so continuing." else @@ -123,7 +131,9 @@ update_iptables() { fi; # iterate through all known spamming hosts - for IP in $( cat "$CACHE_FILE" | grep -e "^\([0-9]\{1,3\}\.\)\{3\}[0-9]\{1,3\}\/[0-9]\{1,2\} " | cut -d' ' -f1 ); do + LASSORAW=$(cut -d ' ' -f1 $CACHE_FILE) + LASSOCLEAN="${LASSORAW//;}" + for IP in $LASSOCLEAN; do if [ $LOG_BLOCKLIST_HITS -eq 1 ]; then # add the ip address log rule to the chain $IPTABLES -A "$CHAIN" -p 0 -s "$IP" -j LOG --log-prefix "[SPAMHAUS BLOCK]" -m limit --limit 3/min --limit-burst 10 @@ -201,7 +211,7 @@ while getopts "c:l:f:usodtzh" option; do esac done -if [ ! -n "$MODE" ]; then +if [ -z "$MODE" ]; then usage 1 fi $MODE |