Mail-SpamCannibal
view release on metacpan or search on metacpan
for command line details.
configuring IPTABLES for dbtarpit
In the iptables configuration file (usually rc.iptables), place the
filter for dbtarpit as the first entry in the INPUT chain. do not insert
other entries ahead of this rule.
i.e.
IPTABLES = "/usr/local/spamcannibal/bin/iptables"
INET_IFACE="eth0" # or your internet device
...
$IPTABLES -A INPUT -p tcp -i $INET_IFACE --dport 25 -j QUEUE
This rule will send tcp packets destined for port 25 from the internet
to the dbtarpit daemon. If the IP address of the packet is not found in
the database, the packet is returned to the chain untouched. If the IP
address is found in the database, the packet is dropped and the
connection tarpitted.
If the target host is not the host that will process the connection,
i.e. you are using NAT on a dual-homed bastion host, then the following
rules would apply.
i.e.
TARGET = "1.2.3.4"
LAN_IFACE = "eth1"
$IPTABLES -t nat -p tcp --dport 25 -j DNAT --to $TARGET
If the incoming IP address is virtual (i.e. eth0:n) then simply add the
virtual IP address -d $VIRTUAL_DEST_IP to the above rules.
and in the FORWARD chain
$IPTABLES $IPTABLES -A FORWARD -p tcp -o $LAN_IFACE \
--dport 10025 -d $TARGET -j QUEUE
$IPTABLES $IPTABLES -A FORWARD -p tcp -o $LAN_IFACE \
--dport 10025 -d $TARGET -j ACCEPT
WARNING: if the dbtarpit daemon is not running, packets destined for
port 25 are silently dropped by IPTABLES.
Mail::SpamCannibal
Before installing SpamCannibal, you must edit the configuration the
install script to indicate the location and executable name for the PGP
binary you will use on your system.
Edit the file executableTestPath.conf. The contents of the file looks
like this:
#
# put the path to the pgp executable
# in this file in "quotes"
#
# i.e.
# /usr/local/bin/pgp
# /usr/local/bin/gpg
sub privacyexecutables {
return qw (
/usr/local/bin/gpg
/usr/local/bin/pgp
);
}
1;
Include only the executables you have installed on your system.
Now you can proceed with a standard perl module installation by typing:
perl Makefile.PL
#####################################################
SpamCannibal comes with a preselected set of defaults
that should work for almost all installations.
#####################################################
spamcannibal db environment directory : [/var/run/dbtarpit]
spamcannibal user (must already exist) : [spam]
spamcannibal user home directory : [/usr/local/spamcannibal]
spamcannibal tarpit database name : [tarpit]
spamcannibal archive database name : [archive]
spamcannibal black list contrib name : [blcontrib]
spamcannibal evidence database name : [evidence]
spamcannibal default umask (007) : [007]
If you wish to support additional databases, edit
the rc.xxxx startup scripts for the appropriate program.
make
make test
make install
SpamCannibal setup
SpamCannibal can be run entirely on a single host or the dbtarpit and
dnsbls daemons can be run on one host with the public and administrative
web services running on a seperate host.
Additional security can be provided by running dbtarpit/dnsbls daemons
in a DMZ. Access restrictions for zone transfer can be provide by using
BIND as the distribution DNS and updating the slave DNS servers from the
dnsbls server with no outside access. Users are invited to write an
expanded FAQ or installation procedure and submit it for inclusion with
this documentation package.
rDNS setup
There are three methods to set up SpamCannibal rDNS. There are
advantages to each and disadvantages to each method. With all methods, a
zone file is available that can be copied for http or ftp download to
mirror providers.
example 1: rDNS direct
This method is the simplest and must be used to provide service for the
following two methods. The dnsbls daemon is run on port 53.
and the dnsbls.conf file for details.
The advantage to this method is that it is that setup is minimized and
no additional daemons are required.
finishes using the databases.
* Installing optional Country Code and Flags display.
Download and install the two Geo::xxx modules from CPAN
SpamCannibal will automatically detect the presence of the modules and
display a country code and flag if Whois and Lookup IP address's are
found in the GeoIp database.
The SpamCannibal installation script sets the permissions for the
/usr/local/spamcannibal/public_html/flags
directory to 0777 if the directory is not already present so that the
web process can retrieve and write new flag images as needed from the
CIA web site. If you wish to set this directory with more restrictive
permissions, use the utilities that come with Geo::CountryFlags to
download ALL the country flags so that global write permissions are not
necessary.
SpamCannibal mail robot script sc_mailfilter.pl
SpamCannibal provides a mail header parsing script, sc_mailfilter.pl,
that examines a mail header and after eliminating known local MTA's,
identifies the originator of the mail traffic. This script can
incorporate PGP armor (recommended) to prevent unauthorized messages
from being used. Basically, if you identify a piece of mail as being
SPAM, email it to the spam user on the tarpit host system as follows:
1. unhide the headers on the spam message
2. copy the headers and beginning message body to a new message
3. encrypt the message with spam's public key
4. email the message to spam
NOTE: it is important to keep the public_key a secret. The manner in
which it is used in this application provides the security for
sending messages to add to the spamcannibal tarpit. Anyone with the
public key can send a message to sc_mailfilter.pl for inclusion in
the tarpit database. sc_mailfilter.pl will reject messages that are
not PGP armored and which do not decrypt.
WARNING: The sc_mailfilter.pl script only reads the first 10,000
characters of incoming messages. If you encode more characters than
this with PGP, you will get INVALID ARMOR errors and the submitted
spam will not be decoded. If you get this error, either don't paste
as much message into what is sent to the spam user or edit
sc_mailfilter.pl to increase the number of characters. The latter
choice make the evidence database that much bigger on the average.
Setting up sc_mailflter's PGP keys
The details of the procedure vary slightly depending on whether you
select GPG or PGP, but the basic steps are the same.
create a private/public key pair for the spamcannibal user
export the public key to a file
install the public key file in your mail client
key generation for GPG
Login as the spamcannibal user and type:
gpg --gen-key
Please select what kind of key you want:
(1) DSA and ElGamal (default)
(2) DSA (sign only)
(5) RSA (sign only)
Your selection? 1
DSA keypair will have 1024 bits.
About to generate a new ELG-E keypair.
minimum keysize is 768 bits
default keysize is 1024 bits
highest suggested keysize is 2048 bits
What keysize do you want? (1024)
Requested keysize is 1024 bits
Please specify how long the key should be valid.
0 = key does not expire
<n> = key expires in n days
<n>w = key expires in n weeks
<n>m = key expires in n months
<n>y = key expires in n years
Key is valid for? (0)
Key does not expire at all
Is this correct (y/n)? y
You need a User-ID to identify your key; the software constructs the
user id from Real Name, Comment and Email Address in this form:
"Heinrich Heine (Der Dichter) <heinrichh@duesseldorf.de>"
Real name: SpamCannibal
Email address: spam@myhost.com
Comment: eats spammers for lunch
You selected this USER-ID:
"SpamCannibal (eats spammers for lunch) <spam@myhost.com>"
Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O
You need a Passphrase to protect your secret key.
Enter password: myspampassword
Reenter password: myspampassword
(gng generates the keys...++..++++...)
gpg: /usr/local/spamcannibal .gnupg/trustdb.gpg: trustdb created
public and secret key created and signed.
key marked as ultimately trusted.
pub 1024D/EA000A1B 2003-08-28 SpamCannibal (eats spammers for lunch) <spam@myhost.com>
Key fingerprint = EBBD 0A8A 1AB4 B6E8 38B6 FFA1 E9A3 E4C8 EA00 0A1B
sub 1024g/37858C46 2003-08-28
Done!, the keys can now be found in:
ls -1 .gnupg/
gpg.conf
pubring.gpg
random_seed
secring.gpg
trustdb.gpg
Export the public key and transport it to your mail client.
gpg --armor --export SpamCannibal
gpg: please see http://www.gnupg.org/faq.html for more information
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.2.2 (GNU/Linux)
mQGiBD9ON2gRBACLXEuYYtz/wIjwGKsgcIDIz8KySCjgM8/XamKjqv+Ir7IpO2jA
o7oH3+vpvse6xvVA4yNTLAsnozojc2D9gS9U2ZwtFq3mnvP3VLOLa4CkgixoO+ET
/JkPAF+RG7lRCFVg733IxSkQE4eyuhSuu/6DIrREUNt/z6Mr4p4U1DApWwCg6Pba
uLDAeumG2XyYSsXpVAEIn4cD/03z0FPHBxpCFnZ82IykQoNH6PMtRrFjNW/0FrjK
lGa4Wger1bGwaQ846/lpYBeqVZEk7BhX7kg0uRmizZf2LRujl0uu2onbpAyvSY3u
O1DZRm+o4r3gihO9x3LrsCp0H2osSLyv0PT3s6w+2EAeQ7F/nGs9W/zQAUkTnEJi
K+w8A/9qln10T+FzF/tQHdNilEVLu9/c/pnlkQk/AXRXygvpjD4rDchaWcXDWODK
oNDIcHO7doEoox2tpHilLjHpHoJi9QBDueRuu0ATCXhXszkIQuS4trgddP5R/N8D
bmvYtuHNnyURR5bO4ZQbxVWE0029C5tyYSBndIdgWUb3OeD9ILQ4U3BhbUNhbm5p
YmFsIChlYXRzIHNwYW1tZXJzIGZvciBsdW5jaCkgPHNwYW1AbXlob3N0LmNvbT6I
XAQTEQIAHAUCP043aAcLCQgHAwIBAxUCAwMWAgECHgECF4AACgkQ6aPkyOoAChse
5gCeKKb+qx9fEDyjjGsz0t9qhRK+jkkAnR69AP97bXgjByd5tWl3zrAmsnq1uQEN
BD9ON2sQBADkDn8M6idGEuEr0PSPPI6VG/PPpMDlDf9LT8lSSpDhNLOg2msFplmM
bK6MyIZc/CKL7mnAsIURd87lvK4lRv1L5gtj0ORHP+4xYTj2CQ0EBFHfTPkRL1mU
6eZTmtkTxFn6wQQ7oVNCjMYdv3V7eaZVY4WAbUpUTMMF34w31Z27TwADBQP/WQhW
AiO+PnmOfI8i0tOXGt1XD1eem/Chtl3nqprDnf2L3aUPVijTHbj0u08VXYV4cExi
fH0vubql3xWAYmZSPEesVn5GDH8R6LH/PpqApUqzp7jiqo8C28Kwh46pLsAosB6W
GakCkwK5Owm4bUeeHrcAO2x4J/GbJp8F1MO8WUCIRQQYEQIABgUCP043awAKCRDp
o+TI6gAKG0BGAJ92+fXyJztpAIHtWCxr4/SL1P5TbACXbYNCPu/7IUgFt1bibhK5
QCnYTg==
=omfJ
-----END PGP PUBLIC KEY BLOCK-----
key generation for PGP
Login as the spamcannibal user and type:
pgp -kg
Pretty Good Privacy(tm) Version 6.5.8
(c) 1999 Network Associates Inc.
Uses the RSAREF(tm) Toolkit, which is copyright RSA Data Security, Inc.
Export of this software may be restricted by the U.S. government.
Choose the public-key algorithm to use with your new key
1) DSS/DH (a.k.a. DSA/ElGamal) (default)
2) RSA
Choose 1 or 2: 2
Pick your RSA key size:
1) 1024 bits- High commercial grade, secure for many years
2) 2048 bits- "Military" grade, secure for forseeable future
Choose 1, 2, or enter desired number of bits: 1
Generating a 1024-bit RSA key.
You need a user ID for your public key. The desired form for this
user ID is your name, followed by your E-mail address enclosed in
<angle brackets>, if you have an E-mail address.
For example: John Q. Smith <jqsmith@nai.com>
Enter a user ID for your public key: SpamCannibal <spam@myhost.com>
Enter the validity period of your signing key in days from 0 - 10950
0 is forever (the default is 0): 0
You need a pass phrase to protect your RSA secret key. Your pass phrase
can be any sentence or phrase and may have many words, spaces,
punctuation, or any other printable characters.
( run in 0.681 second using v1.01-cache-2.11-cpan-df04353d9ac )