0063 | block IP ต่างประเทศ ไม่ให้ FTP เข้ามาได้

June 11th, 2009 by icez | Posted in IP Network, Linux | 4 Comments »

บทความสิ้นคิด ก๊อปวางก็ใช้งานได้ทันทีไม่ต้องปรุง (ยิ่งกว่ามาม่าอีก)

iptables -D INPUT -p tcp --dport 21 -j FTPFILTER
iptables -N FTPFILTER
iptables -F FTPFILTER
iptables -A FTPFILTER -j REJECT
for i in `wget -qO - http://www.icez.net/files/thaiiplist`; do
iptables -I FTPFILTER -s $i -j ACCEPT
done
iptables -A INPUT -p tcp --dport 21 -j FTPFILTER

เสร็จแล้วอย่าลืมสั่ง save iptables ด้วยนะครับ
Redhat/CentOS/Fedora: service iptables save
Debian/Ubuntu: iptables-save

ขอบคุณรายการ ip ประเทศไทย จาก http://software77.net/geo-ip/

Tags: ,

0062 | qmailtoaster patch for spamassassin SPF validation

June 7th, 2009 by icez | Posted in Misc | No Comments »

จดไว้เผื่อไว้ใช้ build ใหม่

qmail-spf.patch

diff -rua qmail-1.03.orig/qmail-qmqpd.c qmail-1.03/qmail-qmqpd.c
--- qmail-1.03.orig/qmail-qmqpd.c       1998-06-15 18:53:16.000000000 +0800
+++ qmail-1.03/qmail-qmqpd.c    2004-06-06 05:21:02.000000000 +0800
@@ -53,6 +53,8 @@
   }
 }
 
+char envelope_from[1000];
+
 void getcomma()
 {
   char ch;
@@ -78,7 +80,7 @@
   if (!local) local = env_get("TCPLOCALIP");
   if (!local) local = "unknown";
 
-  received(&qq,"QMQP",local,remoteip,remotehost,remoteinfo,(char *) 0);
+  received(&qq,"QMQP",local,remoteip,remotehost,remoteinfo,(char *) 0,envelope_from);
 }
 
 char buf[1000];
@@ -132,9 +134,11 @@
   }
   getcomma();
 
-  if (getbuf())
+  envelope_from[0]=0;
+  if (getbuf()){
     qmail_from(&qq,buf);
-  else {
+    str_copy(envelope_from,buf);
+  } else {
     qmail_from(&qq,"");
     qmail_fail(&qq);
     flagok = 0;
diff -rua qmail-1.03.orig/received.c qmail-1.03/received.c
--- qmail-1.03.orig/received.c  1998-06-15 18:53:16.000000000 +0800
+++ qmail-1.03/received.c       2004-06-06 05:14:39.000000000 +0800
@@ -37,7 +37,7 @@
 /* "Received: from relay1.uu.net (HELO uunet.uu.net) (7@192.48.96.5)\n" */
 /* "  by silverton.berkeley.edu with SMTP; 26 Sep 1995 04:46:54 -0000\n" */
 
-void received(qqt,protocol,local,remoteip,remotehost,remoteinfo,helo)
+void received(qqt,protocol,local,remoteip,remotehost,remoteinfo,helo,envelope_from)
 struct qmail *qqt;
 char *protocol;
 char *local;
@@ -45,6 +45,7 @@
 char *remotehost;
 char *remoteinfo;
 char *helo;
+char *envelope_from;
 {
   struct datetime dt;
 
@@ -63,6 +64,9 @@
   safeput(qqt,remoteip);
   qmail_puts(qqt,")\n  by ");
   safeput(qqt,local);
+  qmail_puts(qqt," (envelope-from ");
+  safeput(qqt,envelope_from);
+  qmail_puts(qqt,")\n\t");
   qmail_puts(qqt," with ");
   qmail_puts(qqt,protocol);
   qmail_puts(qqt,"; ");

qmail-spf2.patch

--- qmail-smtpd.c       2009-06-07 12:46:04.000000000 +0700
+++ qmail-smtpd.c.new   2009-06-07 12:39:42.000000000 +0700
@@ -831,7 +831,7 @@
   qp = qmail_qp(&qqt);
   out("354 go ahead\r\n");
 
-  received(&qqt,protocol,local,remoteip,remotehost,remoteinfo,fakehelo);
+  received(&qqt,protocol,local,remoteip,remotehost,remoteinfo,fakehelo,mailfrom.s);
   spfreceived();
   blast(&hops);
   hops = (hops >= MAXHOPS);
« Previous Entries
Next Entries »