====== Postfix map script for Dshield IP list ======

This is a little script I made for the fun of it. I don't know if it is usefull - it depends on who is behind the attaching IP ranges in the Dshield list. I intended it to be used as a RBL/Blackhole list so when someone from the list tries to deliver mail to you they will be denied access. I assume that the IP ranges are bad guys either trying to spam you or attack you.

You can read more about what Dshield is all about here http://www.dshield.org

Normally I use the Dshield IP list in my firewall rulebase, I think it was more intended for that but hopefully it just might also be usefull with Postfix. Give it a shot.

===== Postfix configuration =====

To make the script work you have to add the following to your main.cf file:

<code>
smtpd_client_restrictions =
        check_client_access hash:/etc/postfix/whitelisted_ips
        check_client_access hash:/etc/postfix/dshield_block_networks      <- put it in here
        reject_rbl_client relays.ordb.org
        reject_rbl_client sbl.spamhaus.org
        reject_rbl_client xbl.spamhaus.org
        ...
        ...
        ...
        ...
</code>

===== The script =====
Call it what you like and have it run as a cronjob once a day, that should be sufficient as the list is only updated every 2-3 days.

Check the paths in the script and align them to your environment. I'm using a smtp code 450 so if someone unintentionally is on the list they might be able to deliver mail later on after an update of the list. Also remember to make the script executable.

<file>
#!/bin/bash
#Made by Thomas D Dahlmann (domingo@domingo.dk) 28/7-2006
#Tiny script that downloads the latest dshield textfile and converts it to a Postfix mapfile.
#The idea is that this mapfile is used in the smtpd_client_restriction as a check_client_access line.
#Run it as a cron job once a day.

DOWNLOAD_DIRECTORY="/etc/postfix"
DSHIELD_URL="http://feeds.dshield.org/block.txt"
OUT_FILE="dshield_list"
OUT_FILE_FULL_PATH=$DOWNLOAD_DIRECTORY/$OUT_FILE
POSTFIX_MAP_FILE="dshield_block_networks"
POSTFIX_MAP_FILE_FULL_PATH=$DOWNLOAD_DIRECTORY/$POSTFIX_MAP_FILE
DSHIELD_DOWNLOAD_FILENAME="dshield_block.txt"
DSHIELD_FILENAME_FULL_PATH=$DOWNLOAD_DIRECTORY/$DSHIELD_DOWNLOAD_FILENAME

wget -O $DSHIELD_FILENAME_FULL_PATH $DSHIELD_URL >/dev/null 2>&1

cat $DSHIELD_FILENAME_FULL_PATH |egrep -v "#|Start"|egrep [1234567890]|awk '{print $1}'|sed 's/$/\/24/' > $OUT_FILE_FULL_PATH

cp /dev/null $POSTFIX_MAP_FILE_FULL_PATH

for i in $( cat $OUT_FILE_FULL_PATH ); do
        echo "$i        450 Try again Hacker-wanna-be-Jack" >> $POSTFIX_MAP_FILE_FULL_PATH
done

postmap $POSTFIX_MAP_FILE_FULL_PATH
</file>