Tools page
These are released under GPL v2.
SpamStats, a tool to generate statistics on a {exim/postfix/sendmail}/spamd system.
HeadersFilter hides mail hops from your internal network to the outside world, removing some [customised] headers from emails that travel through it.
Reverse proxy rules for apache, especially usefull for an apache reverse proxy configuration.
A script that generates statistics about spam you receive at your site.
Spamstats Homepage has now changed to INL
This may be useful if you have outgoing mail relays on your network, and you want to hide them from outside networks.
By default, each mailer adds informations in headers of emails that travel through it.
You probably want to install this on your last mail hop to the internet
You definelely must edit the script and configure it to suit your needs.
Of course, this script might break your headers if misconfigured (or if there are bugs I did not see).
It should be extensively tested before it is set in production
It works fine on at least one production server with several thousands daily outgoing mails, and the mailer (postfix) load is really ok.
The design of this script is very light (no use of Mime perl modules which take ages to load).
This only looks at headers, and cares not about the rest of emails. It just pipes its input to output once it has detected it has gone through headers.
Included a Postfix master.cf file that describes how to have it run. Easy!
IN
Email messages must be given into STDIN. You must call this with any arguments you would send to sendmail. Arguments will be directly passed to sendmail.
See sample master.cf file for practical setup.
OUT
Email with filtered headers is sent to /usr/lib/sendmail
WARNING : program will silentely fail if /usr/lib/sendmail does not exist, your emails will be lost, you will get fired by your angry boss! Not my fault.
BUGS
Logs nothing.
It would be useful to have this log into syslog, maybe just one line per email to say things are fine or not.
At the present state, this would require to use and load perl Syslog module for every email going through, which is not acceptable.
I need to write a daemonized version, a bit like spamd works. Or a tiny SMTP daemon. Maybe one day... :-)
Download
headers_filter Version 0.2a (current)
Postfix master.cf sample file
Latest bugs fixes :
0.2a: 03 Dec 2002 Any email which recipient or sender contained a "&" was badly treated, due to "&" being interpreted.
These are mod_rewrite rules, that can be used to secure an Apache reverse proxy or web server configuration.
Most of these rules, if not all, are based on Snort rules. Using them as proposed here can possibly make some stuff unreachable on your servers... So test them !
The base principle of this is simple : use mod_rewrite to detect known-attacks URLs, and forbid them on your server.
It is of course very easy to customize these to protect specifical sites, or CGIs, at your site.
This is perfectible work, you are invited to send author feedback, patches to make these better !
To use these :
Untar the rules.tar.gz file in your /etc/apache[2] directory, this will create a security/ subdir.
Dont forget to customize your security/403.conf file.
It must look like :
RewriteRule .* http://error.foo.bar/unauthorized [P]
Where the URL "http://error.foo.bar/unauthorized" is a URL at your site that denies access and issues a 403 error.
This file is included from each file in the security/ subdir.
Of course, you can create other HTTP errors, such as 404, etc. and customize the rules in the security/ subdir to call the ones you want, on the occasion you choose.
Default of this package is to call the 403 one for each denied request.
Add :
RewriteEngine On
Include security/rules/all.conf
in your VirtualHost or site definition section.
Important note : You must not use the ProxyPass directive to proxify your hosts.
Use the RewriteRule with the [P] switch else the filtering rules will not apply!
Download
rules-1.1.tar.gz : The actual rules
build_rpconf.sh : A simple shell script that generates recursively "all.conf" files so you don't have to bother maintaining them when you add/modify rule files. Beware you must NOT create other files than rule files in the security/rules tree if you use this script !
Also, you probably want to benchmark your performances if you decide to use these. These rules do work fine at least on one production reverse proxy.
Latest bugs fixes / features :
| 1.1 | Updated to latest snort web rules (added 3) 11 June 2003 |
| 1.0b | Fixed rules/products/iis/readmeeml.conf which didnt fit snort rule #1284 11 June 2003 |
If you use these tools, I would appreciate to receive your feedback on them.
|