From: Frank Brehm Date: Fri, 17 May 2013 13:29:36 +0000 (+0200) Subject: Current state X-Git-Url: https://git.uhu-banane.org/?a=commitdiff_plain;h=88333688bdeed8326d074406edbcdbec58a68162;p=config%2Fhelga%2Fetc.git Current state --- diff --git a/.gitignore b/.gitignore index bac291d..5bbdacb 100644 --- a/.gitignore +++ b/.gitignore @@ -40,6 +40,7 @@ sv/*/log/supervise/* *.pyo init.d/.depend.* openvpn/openvpn-status.log +/mail/aliases.db # editor temp files *~ diff --git a/conf.d/udev b/conf.d/udev index 667cc8b..41f6b9b 100644 --- a/conf.d/udev +++ b/conf.d/udev @@ -11,6 +11,15 @@ # in /etc/conf.d/rc: rc_plug_services="!*" #rc_coldplug="YES" +# We can create a /dev/root symbolic link to point to the root device in +# some situations. This is on by default because some software relies on +# it,. However, this software should be fixed to not do this. +# For more information, see +# https://bugs.gentoo.org/show_bug.cgi?id=438380. +# If you are not using any affected software, you do not need this, so +# feel free to turn it off. +#rc_dev_root_symlink="YES" + # Expert options: # Timeout in seconds to wait for processing of uevents at boot. diff --git a/config-archive/etc/logrotate.d/ulogd.dist.new b/config-archive/etc/logrotate.d/ulogd.dist.new index b3fb6d1..5e43711 100644 --- a/config-archive/etc/logrotate.d/ulogd.dist.new +++ b/config-archive/etc/logrotate.d/ulogd.dist.new @@ -1,7 +1,18 @@ -/var/log/ulogd.log /var/log/ulogd.syslogemu /var/log/ulogd.pktlog /var/log/ulogd.pcap { - missingok - sharedscripts +/var/log/ulogd/ulogd.log { + notifempty + size 1M + create 0640 ulogd postrotate - /bin/killall -HUP ulogd 2> /dev/null || true + /etc/init.d/ulogd reopen_logs > /dev/null + endscript +} + +/var/log/ulogd/ulogd_syslogemu.log { + rotate 12 + size 5M + notifempty + create 0640 ulogd + postrotate + /etc/init.d/ulogd reopen_logs > /dev/null endscript } diff --git a/config-archive/etc/ulogd.conf b/config-archive/etc/ulogd.conf index ae01bd2..599d49b 100644 --- a/config-archive/etc/ulogd.conf +++ b/config-archive/etc/ulogd.conf @@ -11,7 +11,7 @@ # logfile for status messages logfile="/var/log/ulogd/daemon.log" -# loglevel: debug(1), info(3), notice(5), error(7) or fatal(8) +# loglevel: debug(1), info(3), notice(5), error(7) or fatal(8) (default 5) loglevel=3 ###################################################################### @@ -27,24 +27,29 @@ loglevel=3 plugin="/usr/lib64/ulogd/ulogd_inppkt_NFLOG.so" plugin="/usr/lib64/ulogd/ulogd_inppkt_ULOG.so" +#plugin="/usr/lib64/ulogd/ulogd_inppkt_UNIXSOCK.so" plugin="/usr/lib64/ulogd/ulogd_inpflow_NFCT.so" plugin="/usr/lib64/ulogd/ulogd_filter_IFINDEX.so" plugin="/usr/lib64/ulogd/ulogd_filter_IP2STR.so" plugin="/usr/lib64/ulogd/ulogd_filter_IP2BIN.so" +#plugin="/usr/lib64/ulogd/ulogd_filter_IP2HBIN.so" plugin="/usr/lib64/ulogd/ulogd_filter_PRINTPKT.so" plugin="/usr/lib64/ulogd/ulogd_filter_HWHDR.so" plugin="/usr/lib64/ulogd/ulogd_filter_PRINTFLOW.so" #plugin="/usr/lib64/ulogd/ulogd_filter_MARK.so" plugin="/usr/lib64/ulogd/ulogd_output_LOGEMU.so" -#plugin="/usr/lib64/ulogd/ulogd_output_SYSLOG.so" -#plugin="/usr/lib64/ulogd/ulogd_output_XML.so" -#plugin="/usr/lib64/ulogd/ulogd_output_OPRINT.so" +plugin="/usr/lib64/ulogd/ulogd_output_SYSLOG.so" +plugin="/usr/lib64/ulogd/ulogd_output_XML.so" +#plugin="/usr/lib64/ulogd/ulogd_output_SQLITE3.so" +plugin="/usr/lib64/ulogd/ulogd_output_GPRINT.so" #plugin="/usr/lib64/ulogd/ulogd_output_NACCT.so" #plugin="/usr/lib64/ulogd/ulogd_output_PCAP.so" #plugin="/usr/lib64/ulogd/ulogd_output_PGSQL.so" #plugin="/usr/lib64/ulogd/ulogd_output_MYSQL.so" #plugin="/usr/lib64/ulogd/ulogd_output_DBI.so" plugin="/usr/lib64/ulogd/ulogd_raw2packet_BASE.so" +plugin="/usr/lib64/ulogd/ulogd_inpflow_NFACCT.so" +plugin="/usr/lib64/ulogd/ulogd_output_GRAPHITE.so" # this is a stack for logging packet send by system via LOGEMU stack=log1:NFLOG,base1:BASE,ifi1:IFINDEX,ip2str1:IP2STR,print1:PRINTPKT,emu1:LOGEMU @@ -58,11 +63,14 @@ stack=ulog1:ULOG,base1:BASE,ip2str1:IP2STR,print1:PRINTPKT,emu1:LOGEMU # this is a stack for packet-based logging via LOGEMU with filtering on MARK #stack=log2:NFLOG,mark1:MARK,base1:BASE,ifi1:IFINDEX,ip2str1:IP2STR,print1:PRINTPKT,emu1:LOGEMU +# this is a stack for packet-based logging via GPRINT +#stack=log1:NFLOG,gp1:GPRINT + # this is a stack for flow-based logging via LOGEMU #stack=ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,emu1:LOGEMU -# this is a stack for flow-based logging via OPRINT -#stack=ct1:NFCT,op1:OPRINT +# this is a stack for flow-based logging via GPRINT +#stack=ct1:NFCT,gp1:GPRINT # this is a stack for flow-based logging via XML #stack=ct1:NFCT,xml1:XML @@ -70,6 +78,12 @@ stack=ulog1:ULOG,base1:BASE,ip2str1:IP2STR,print1:PRINTPKT,emu1:LOGEMU # this is a stack for logging in XML #stack=log1:NFLOG,xml1:XML +# this is a stack for accounting-based logging via XML +#stack=acct1:NFACCT,xml1:XML + +# this is a stack for accounting-based logging to a Graphite server +#stack=acct1:NFACCT,graphite1:GRAPHITE + # this is a stack for NFLOG packet-based logging to PCAP #stack=log2:NFLOG,base1:BASE,pcap1:PCAP @@ -82,6 +96,9 @@ stack=ulog1:ULOG,base1:BASE,ip2str1:IP2STR,print1:PRINTPKT,emu1:LOGEMU # this is a stack for logging packets to syslog after a collect via NFLOG #stack=log3:NFLOG,base1:BASE,ifi1:IFINDEX,ip2str1:IP2STR,print1:PRINTPKT,sys1:SYSLOG +# this is a stack for logging packets to syslog after a collect via NuFW +#stack=nuauth1:UNIXSOCK,base1:BASE,ip2str1:IP2STR,print1:PRINTPKT,sys1:SYSLOG + # this is a stack for flow-based logging to MySQL #stack=ct1:NFCT,ip2bin1:IP2BIN,mysql2:MYSQL @@ -91,19 +108,33 @@ stack=ulog1:ULOG,base1:BASE,ip2str1:IP2STR,print1:PRINTPKT,emu1:LOGEMU # this is a stack for flow-based logging to PGSQL without local hash #stack=ct1:NFCT,ip2str1:IP2STR,pgsql3:PGSQL +# this is a stack for flow-based logging to SQLITE3 +#stack=ct1:NFCT,sqlite3_ct:SQLITE3 + +# this is a stack for logging packet to SQLITE3 +#stack=log1:NFLOG,sqlite3_pkt:SQLITE3 # this is a stack for flow-based logging in NACCT compatible format #stack=ct1:NFCT,ip2str1:IP2STR,nacct1:NACCT +# this is a stack for accounting-based logging via GPRINT +#stack=acct1:NFACCT,gp1:GPRINT + [ct1] #netlink_socket_buffer_size=217088 #netlink_socket_buffer_maxsize=1085440 #netlink_resync_timeout=60 # seconds to wait to perform resynchronization #pollinterval=10 # use poll-based logging instead of event-driven +# If pollinterval is not set, NFCT plugin will work in event mode +# In this case, you can use the following filters on events: +#accept_src_filter=192.168.1.0/24,1:2::/64 # source ip of connection must belong to these networks +#accept_dst_filter=192.168.1.0/24 # destination ip of connection must belong to these networks +#accept_proto_filter=tcp,sctp # layer 4 proto of connections [ct2] #netlink_socket_buffer_size=217088 #netlink_socket_buffer_maxsize=1085440 +#reliable=1 # enable reliable flow-based logging (may drop packets) hash_enable=0 # Logging of system packet through NFLOG @@ -145,20 +176,29 @@ numeric_label=1 # you can label the log info based on the packet verdict nlgroup=1 #numeric_label=0 # optional argument +[nuauth1] +socket_path="/run/nuauth_ulogd2.sock" + [emu1] file="/var/log/ulogd/syslogemu.log" sync=1 [op1] file="/var/log/ulogd/oprint.log" -#file="/var/log/ulogd_oprint.log" sync=1 +[gp1] +file="/var/log/ulogd/gprint.log" +sync=1 +timestamp=1 + [xml1] directory="/var/log/ulogd/" sync=1 [pcap1] +#default file is /var/log/ulogd/ulogd.pcap +#file=/var/log/ulogd/ulogd.pcap sync=1 [mysql1] @@ -173,7 +213,7 @@ procedure="INSERT_PACKET_FULL" db="nulog" host="localhost" user="nupik" -table="ulog" +table="conntrack" pass="changeme" procedure="INSERT_CT" @@ -182,6 +222,7 @@ db="nulog" host="localhost" user="nupik" table="ulog" +#schema="public" pass="changeme" procedure="INSERT_PACKET_FULL" @@ -190,6 +231,7 @@ db="nulog" host="localhost" user="nupik" table="ulog2_ct" +#schema="public" pass="changeme" procedure="INSERT_CT" @@ -198,9 +240,19 @@ db="nulog" host="localhost" user="nupik" table="ulog2_ct" +#schema="public" pass="changeme" procedure="INSERT_OR_REPLACE_CT" +[pgsql4] +db="nulog" +host="localhost" +user="nupik" +table="nfacct" +#schema="public" +pass="changeme" +procedure="INSERT_NFACCT" + [dbi1] db="ulog2" dbtype="pgsql" @@ -210,6 +262,16 @@ table="ulog" pass="ulog2" procedure="INSERT_PACKET_FULL" +[sqlite3_ct] +table="ulog_ct" +db="/var/log/ulogd/ulogd.sqlite3db" +buffer=200 + +[sqlite3_pkt] +table="ulog_pkt" +db="/var/log/ulogd/ulogd.sqlite3db" +buffer=200 + [sys2] facility=LOG_LOCAL2 @@ -218,3 +280,17 @@ sync = 1 [mark1] mark = 1 + +[acct1] +pollinterval = 2 +# If set to 0, we don't reset the counters for each polling (default is 1). +#zerocounter = 0 +# Set timestamp (default is 0, which means not set). This timestamp can be +# interpreted by the output plugin. +#timestamp = 1 + +[graphite1] +host="127.0.0.1" +port="2003" +# Prefix of data name sent to graphite server +prefix="netfilter.nfacct" diff --git a/config-archive/etc/ulogd.conf.1 b/config-archive/etc/ulogd.conf.1 new file mode 100644 index 0000000..ae01bd2 --- /dev/null +++ b/config-archive/etc/ulogd.conf.1 @@ -0,0 +1,220 @@ +# Example configuration for ulogd +# $Id: ulogd.conf,v 1.3 2010/10/12 07:51:44 root Exp $ +# Adapted to Debian by Achilleas Kotsis + +[global] +###################################################################### +# GLOBAL OPTIONS +###################################################################### + + +# logfile for status messages +logfile="/var/log/ulogd/daemon.log" + +# loglevel: debug(1), info(3), notice(5), error(7) or fatal(8) +loglevel=3 + +###################################################################### +# PLUGIN OPTIONS +###################################################################### + +# We have to configure and load all the plugins we want to use + +# general rules: +# 1. load the plugins _first_ from the global section +# 2. options for each plugin in seperate section below + + +plugin="/usr/lib64/ulogd/ulogd_inppkt_NFLOG.so" +plugin="/usr/lib64/ulogd/ulogd_inppkt_ULOG.so" +plugin="/usr/lib64/ulogd/ulogd_inpflow_NFCT.so" +plugin="/usr/lib64/ulogd/ulogd_filter_IFINDEX.so" +plugin="/usr/lib64/ulogd/ulogd_filter_IP2STR.so" +plugin="/usr/lib64/ulogd/ulogd_filter_IP2BIN.so" +plugin="/usr/lib64/ulogd/ulogd_filter_PRINTPKT.so" +plugin="/usr/lib64/ulogd/ulogd_filter_HWHDR.so" +plugin="/usr/lib64/ulogd/ulogd_filter_PRINTFLOW.so" +#plugin="/usr/lib64/ulogd/ulogd_filter_MARK.so" +plugin="/usr/lib64/ulogd/ulogd_output_LOGEMU.so" +#plugin="/usr/lib64/ulogd/ulogd_output_SYSLOG.so" +#plugin="/usr/lib64/ulogd/ulogd_output_XML.so" +#plugin="/usr/lib64/ulogd/ulogd_output_OPRINT.so" +#plugin="/usr/lib64/ulogd/ulogd_output_NACCT.so" +#plugin="/usr/lib64/ulogd/ulogd_output_PCAP.so" +#plugin="/usr/lib64/ulogd/ulogd_output_PGSQL.so" +#plugin="/usr/lib64/ulogd/ulogd_output_MYSQL.so" +#plugin="/usr/lib64/ulogd/ulogd_output_DBI.so" +plugin="/usr/lib64/ulogd/ulogd_raw2packet_BASE.so" + +# this is a stack for logging packet send by system via LOGEMU +stack=log1:NFLOG,base1:BASE,ifi1:IFINDEX,ip2str1:IP2STR,print1:PRINTPKT,emu1:LOGEMU + +# this is a stack for packet-based logging via LOGEMU +stack=log2:NFLOG,base1:BASE,ifi1:IFINDEX,ip2str1:IP2STR,print1:PRINTPKT,emu1:LOGEMU + +# this is a stack for ULOG packet-based logging via LOGEMU +stack=ulog1:ULOG,base1:BASE,ip2str1:IP2STR,print1:PRINTPKT,emu1:LOGEMU + +# this is a stack for packet-based logging via LOGEMU with filtering on MARK +#stack=log2:NFLOG,mark1:MARK,base1:BASE,ifi1:IFINDEX,ip2str1:IP2STR,print1:PRINTPKT,emu1:LOGEMU + +# this is a stack for flow-based logging via LOGEMU +#stack=ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,emu1:LOGEMU + +# this is a stack for flow-based logging via OPRINT +#stack=ct1:NFCT,op1:OPRINT + +# this is a stack for flow-based logging via XML +#stack=ct1:NFCT,xml1:XML + +# this is a stack for logging in XML +#stack=log1:NFLOG,xml1:XML + +# this is a stack for NFLOG packet-based logging to PCAP +#stack=log2:NFLOG,base1:BASE,pcap1:PCAP + +# this is a stack for logging packet to MySQL +#stack=log2:NFLOG,base1:BASE,ifi1:IFINDEX,ip2bin1:IP2BIN,mac2str1:HWHDR,mysql1:MYSQL + +# this is a stack for logging packet to PGsql after a collect via NFLOG +#stack=log2:NFLOG,base1:BASE,ifi1:IFINDEX,ip2str1:IP2STR,mac2str1:HWHDR,pgsql1:PGSQL + +# this is a stack for logging packets to syslog after a collect via NFLOG +#stack=log3:NFLOG,base1:BASE,ifi1:IFINDEX,ip2str1:IP2STR,print1:PRINTPKT,sys1:SYSLOG + +# this is a stack for flow-based logging to MySQL +#stack=ct1:NFCT,ip2bin1:IP2BIN,mysql2:MYSQL + +# this is a stack for flow-based logging to PGSQL +#stack=ct1:NFCT,ip2str1:IP2STR,pgsql2:PGSQL + +# this is a stack for flow-based logging to PGSQL without local hash +#stack=ct1:NFCT,ip2str1:IP2STR,pgsql3:PGSQL + + +# this is a stack for flow-based logging in NACCT compatible format +#stack=ct1:NFCT,ip2str1:IP2STR,nacct1:NACCT + +[ct1] +#netlink_socket_buffer_size=217088 +#netlink_socket_buffer_maxsize=1085440 +#netlink_resync_timeout=60 # seconds to wait to perform resynchronization +#pollinterval=10 # use poll-based logging instead of event-driven + +[ct2] +#netlink_socket_buffer_size=217088 +#netlink_socket_buffer_maxsize=1085440 +hash_enable=0 + +# Logging of system packet through NFLOG +[log1] +# netlink multicast group (the same as the iptables --nflog-group param) +# Group O is used by the kernel to log connection tracking invalid message +group=0 +#netlink_socket_buffer_size=217088 +#netlink_socket_buffer_maxsize=1085440 +# set number of packet to queue inside kernel +#netlink_qthreshold=1 +# set the delay before flushing packet in the queue inside kernel (in 10ms) +#netlink_qtimeout=100 + +# packet logging through NFLOG for group 1 +[log2] +# netlink multicast group (the same as the iptables --nflog-group param) +group=1 # Group has to be different from the one use in log1 +#netlink_socket_buffer_size=217088 +#netlink_socket_buffer_maxsize=1085440 +# If your kernel is older than 2.6.29 and if a NFLOG input plugin with +# group 0 is not used by any stack, you need to have at least one NFLOG +# input plugin with bind set to 1. If you don't do that you may not +# receive any message from the kernel. +#bind=1 + +# packet logging through NFLOG for group 2, numeric_label is +# set to 1 +[log3] +# netlink multicast group (the same as the iptables --nflog-group param) +group=2 # Group has to be different from the one use in log1/log2 +numeric_label=1 # you can label the log info based on the packet verdict +#netlink_socket_buffer_size=217088 +#netlink_socket_buffer_maxsize=1085440 +#bind=1 + +[ulog1] +# netlink multicast group (the same as the iptables --ulog-nlgroup param) +nlgroup=1 +#numeric_label=0 # optional argument + +[emu1] +file="/var/log/ulogd/syslogemu.log" +sync=1 + +[op1] +file="/var/log/ulogd/oprint.log" +#file="/var/log/ulogd_oprint.log" +sync=1 + +[xml1] +directory="/var/log/ulogd/" +sync=1 + +[pcap1] +sync=1 + +[mysql1] +db="nulog" +host="localhost" +user="nupik" +table="ulog" +pass="changeme" +procedure="INSERT_PACKET_FULL" + +[mysql2] +db="nulog" +host="localhost" +user="nupik" +table="ulog" +pass="changeme" +procedure="INSERT_CT" + +[pgsql1] +db="nulog" +host="localhost" +user="nupik" +table="ulog" +pass="changeme" +procedure="INSERT_PACKET_FULL" + +[pgsql2] +db="nulog" +host="localhost" +user="nupik" +table="ulog2_ct" +pass="changeme" +procedure="INSERT_CT" + +[pgsql3] +db="nulog" +host="localhost" +user="nupik" +table="ulog2_ct" +pass="changeme" +procedure="INSERT_OR_REPLACE_CT" + +[dbi1] +db="ulog2" +dbtype="pgsql" +host="localhost" +user="ulog2" +table="ulog" +pass="ulog2" +procedure="INSERT_PACKET_FULL" + +[sys2] +facility=LOG_LOCAL2 + +[nacct1] +sync = 1 + +[mark1] +mark = 1 diff --git a/config-archive/etc/ulogd.conf.dist.new b/config-archive/etc/ulogd.conf.dist.new index bd72e6b..e9bed91 100644 --- a/config-archive/etc/ulogd.conf.dist.new +++ b/config-archive/etc/ulogd.conf.dist.new @@ -1,5 +1,4 @@ # Example configuration for ulogd -# $Id$ # Adapted to Debian by Achilleas Kotsis [global] @@ -9,10 +8,10 @@ # logfile for status messages -logfile="/var/log/ulogd.log" +logfile="/var/log/ulogd/ulogd.log" -# loglevel: debug(1), info(3), notice(5), error(7) or fatal(8) -loglevel=1 +# loglevel: debug(1), info(3), notice(5), error(7) or fatal(8) (default 5) +# loglevel=1 ###################################################################### # PLUGIN OPTIONS @@ -27,10 +26,12 @@ loglevel=1 plugin="/usr/lib64/ulogd/ulogd_inppkt_NFLOG.so" #plugin="/usr/lib64/ulogd/ulogd_inppkt_ULOG.so" +#plugin="/usr/lib64/ulogd/ulogd_inppkt_UNIXSOCK.so" plugin="/usr/lib64/ulogd/ulogd_inpflow_NFCT.so" plugin="/usr/lib64/ulogd/ulogd_filter_IFINDEX.so" plugin="/usr/lib64/ulogd/ulogd_filter_IP2STR.so" plugin="/usr/lib64/ulogd/ulogd_filter_IP2BIN.so" +#plugin="/usr/lib64/ulogd/ulogd_filter_IP2HBIN.so" plugin="/usr/lib64/ulogd/ulogd_filter_PRINTPKT.so" plugin="/usr/lib64/ulogd/ulogd_filter_HWHDR.so" plugin="/usr/lib64/ulogd/ulogd_filter_PRINTFLOW.so" @@ -38,13 +39,16 @@ plugin="/usr/lib64/ulogd/ulogd_filter_PRINTFLOW.so" plugin="/usr/lib64/ulogd/ulogd_output_LOGEMU.so" plugin="/usr/lib64/ulogd/ulogd_output_SYSLOG.so" plugin="/usr/lib64/ulogd/ulogd_output_XML.so" -#plugin="/usr/lib64/ulogd/ulogd_output_OPRINT.so" +#plugin="/usr/lib64/ulogd/ulogd_output_SQLITE3.so" +plugin="/usr/lib64/ulogd/ulogd_output_GPRINT.so" #plugin="/usr/lib64/ulogd/ulogd_output_NACCT.so" #plugin="/usr/lib64/ulogd/ulogd_output_PCAP.so" #plugin="/usr/lib64/ulogd/ulogd_output_PGSQL.so" #plugin="/usr/lib64/ulogd/ulogd_output_MYSQL.so" #plugin="/usr/lib64/ulogd/ulogd_output_DBI.so" plugin="/usr/lib64/ulogd/ulogd_raw2packet_BASE.so" +plugin="/usr/lib64/ulogd/ulogd_inpflow_NFACCT.so" +plugin="/usr/lib64/ulogd/ulogd_output_GRAPHITE.so" # this is a stack for logging packet send by system via LOGEMU #stack=log1:NFLOG,base1:BASE,ifi1:IFINDEX,ip2str1:IP2STR,print1:PRINTPKT,emu1:LOGEMU @@ -58,11 +62,14 @@ plugin="/usr/lib64/ulogd/ulogd_raw2packet_BASE.so" # this is a stack for packet-based logging via LOGEMU with filtering on MARK #stack=log2:NFLOG,mark1:MARK,base1:BASE,ifi1:IFINDEX,ip2str1:IP2STR,print1:PRINTPKT,emu1:LOGEMU +# this is a stack for packet-based logging via GPRINT +#stack=log1:NFLOG,gp1:GPRINT + # this is a stack for flow-based logging via LOGEMU #stack=ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,emu1:LOGEMU -# this is a stack for flow-based logging via OPRINT -#stack=ct1:NFCT,op1:OPRINT +# this is a stack for flow-based logging via GPRINT +#stack=ct1:NFCT,gp1:GPRINT # this is a stack for flow-based logging via XML #stack=ct1:NFCT,xml1:XML @@ -70,6 +77,12 @@ plugin="/usr/lib64/ulogd/ulogd_raw2packet_BASE.so" # this is a stack for logging in XML #stack=log1:NFLOG,xml1:XML +# this is a stack for accounting-based logging via XML +#stack=acct1:NFACCT,xml1:XML + +# this is a stack for accounting-based logging to a Graphite server +#stack=acct1:NFACCT,graphite1:GRAPHITE + # this is a stack for NFLOG packet-based logging to PCAP #stack=log2:NFLOG,base1:BASE,pcap1:PCAP @@ -82,6 +95,9 @@ plugin="/usr/lib64/ulogd/ulogd_raw2packet_BASE.so" # this is a stack for logging packets to syslog after a collect via NFLOG #stack=log3:NFLOG,base1:BASE,ifi1:IFINDEX,ip2str1:IP2STR,print1:PRINTPKT,sys1:SYSLOG +# this is a stack for logging packets to syslog after a collect via NuFW +#stack=nuauth1:UNIXSOCK,base1:BASE,ip2str1:IP2STR,print1:PRINTPKT,sys1:SYSLOG + # this is a stack for flow-based logging to MySQL #stack=ct1:NFCT,ip2bin1:IP2BIN,mysql2:MYSQL @@ -91,19 +107,33 @@ plugin="/usr/lib64/ulogd/ulogd_raw2packet_BASE.so" # this is a stack for flow-based logging to PGSQL without local hash #stack=ct1:NFCT,ip2str1:IP2STR,pgsql3:PGSQL +# this is a stack for flow-based logging to SQLITE3 +#stack=ct1:NFCT,sqlite3_ct:SQLITE3 + +# this is a stack for logging packet to SQLITE3 +#stack=log1:NFLOG,sqlite3_pkt:SQLITE3 # this is a stack for flow-based logging in NACCT compatible format #stack=ct1:NFCT,ip2str1:IP2STR,nacct1:NACCT +# this is a stack for accounting-based logging via GPRINT +#stack=acct1:NFACCT,gp1:GPRINT + [ct1] #netlink_socket_buffer_size=217088 #netlink_socket_buffer_maxsize=1085440 #netlink_resync_timeout=60 # seconds to wait to perform resynchronization #pollinterval=10 # use poll-based logging instead of event-driven +# If pollinterval is not set, NFCT plugin will work in event mode +# In this case, you can use the following filters on events: +#accept_src_filter=192.168.1.0/24,1:2::/64 # source ip of connection must belong to these networks +#accept_dst_filter=192.168.1.0/24 # destination ip of connection must belong to these networks +#accept_proto_filter=tcp,sctp # layer 4 proto of connections [ct2] #netlink_socket_buffer_size=217088 #netlink_socket_buffer_maxsize=1085440 +#reliable=1 # enable reliable flow-based logging (may drop packets) hash_enable=0 # Logging of system packet through NFLOG @@ -145,19 +175,29 @@ numeric_label=1 # you can label the log info based on the packet verdict nlgroup=1 #numeric_label=0 # optional argument +[nuauth1] +socket_path="/run/nuauth_ulogd2.sock" + [emu1] -file="/var/log/ulogd_syslogemu.log" +file="/var/log/ulogd/ulogd_syslogemu.log" sync=1 [op1] -file="/var/log/ulogd_oprint.log" +file="/var/log/ulogd/ulogd_oprint.log" +sync=1 + +[gp1] +file="/var/log/ulogd/ulogd_gprint.log" sync=1 +timestamp=1 [xml1] -directory="/var/log/" +directory="/var/log/ulogd/" sync=1 [pcap1] +#default file is /var/log/ulogd/ulogd.pcap +#file=/var/log/ulogd/ulogd.pcap sync=1 [mysql1] @@ -172,7 +212,7 @@ procedure="INSERT_PACKET_FULL" db="nulog" host="localhost" user="nupik" -table="ulog" +table="conntrack" pass="changeme" procedure="INSERT_CT" @@ -181,6 +221,7 @@ db="nulog" host="localhost" user="nupik" table="ulog" +#schema="public" pass="changeme" procedure="INSERT_PACKET_FULL" @@ -189,6 +230,7 @@ db="nulog" host="localhost" user="nupik" table="ulog2_ct" +#schema="public" pass="changeme" procedure="INSERT_CT" @@ -197,9 +239,19 @@ db="nulog" host="localhost" user="nupik" table="ulog2_ct" +#schema="public" pass="changeme" procedure="INSERT_OR_REPLACE_CT" +[pgsql4] +db="nulog" +host="localhost" +user="nupik" +table="nfacct" +#schema="public" +pass="changeme" +procedure="INSERT_NFACCT" + [dbi1] db="ulog2" dbtype="pgsql" @@ -209,11 +261,36 @@ table="ulog" pass="ulog2" procedure="INSERT_PACKET_FULL" +[sqlite3_ct] +table="ulog_ct" +db="/var/log/ulogd/ulogd.sqlite3db" +buffer=200 + +[sqlite3_pkt] +table="ulog_pkt" +db="/var/log/ulogd/ulogd.sqlite3db" +buffer=200 + [sys2] facility=LOG_LOCAL2 [nacct1] sync = 1 +#file = /var/log/ulogd/ulogd_nacct.log [mark1] mark = 1 + +[acct1] +pollinterval = 2 +# If set to 0, we don't reset the counters for each polling (default is 1). +#zerocounter = 0 +# Set timestamp (default is 0, which means not set). This timestamp can be +# interpreted by the output plugin. +#timestamp = 1 + +[graphite1] +host="127.0.0.1" +port="2003" +# Prefix of data name sent to graphite server +prefix="netfilter.nfacct" diff --git a/csh.env b/csh.env index 67ce897..5c65a43 100644 --- a/csh.env +++ b/csh.env @@ -6,7 +6,6 @@ setenv CONFIG_PROTECT '/var/bind /usr/share/gnupg/qualified.txt /usr/share/openv setenv CONFIG_PROTECT_MASK '/etc/gentoo-release /etc/sandbox.d /etc/php/cli-php5.3/ext-active/ /etc/php/cgi-php5.3/ext-active/ /etc/php/apache2-php5.3/ext-active/ /etc/php/cli-php5.4/ext-active/ /etc/php/cgi-php5.4/ext-active/ /etc/php/apache2-php5.4/ext-active/ /etc/fonts/fonts.conf ${EPREFIX}/etc/gconf /etc/terminfo /etc/ca-certificates.conf /etc/texmf/web2c /etc/texmf/language.dat.d /etc/texmf/language.def.d /etc/texmf/updmap.d /etc/revdep-rebuild' setenv EDITOR '/usr/bin/vim' setenv GCC_SPECS '' -setenv GDK_USE_XFT '1' setenv GSETTINGS_BACKEND 'gconf' setenv GUILE_LOAD_PATH '/usr/share/guile/1.8' setenv HG '/usr/bin/hg' diff --git a/env.d/50gtk2 b/env.d/50gtk2 deleted file mode 100644 index 078151c..0000000 --- a/env.d/50gtk2 +++ /dev/null @@ -1 +0,0 @@ -GDK_USE_XFT=1 diff --git a/eselect/postgresql/slots/9.2/base b/eselect/postgresql/slots/9.2/base index b5f9c30..286352f 100644 --- a/eselect/postgresql/slots/9.2/base +++ b/eselect/postgresql/slots/9.2/base @@ -1 +1 @@ -postgres_ebuilds="${postgres_ebuilds} postgresql-base-9.2.3-r1" +postgres_ebuilds="${postgres_ebuilds} postgresql-base-9.2.4" diff --git a/eselect/postgresql/slots/9.2/docs b/eselect/postgresql/slots/9.2/docs index f9796e6..a895eaa 100644 --- a/eselect/postgresql/slots/9.2/docs +++ b/eselect/postgresql/slots/9.2/docs @@ -1 +1 @@ -postgres_ebuilds="${postgres_ebuilds} postgresql-docs-9.2.3" +postgres_ebuilds="${postgres_ebuilds} postgresql-docs-9.2.4" diff --git a/gtk-2.0/x86_64-pc-linux-gnu/gtk.immodules b/gtk-2.0/x86_64-pc-linux-gnu/gtk.immodules index a02825b..68d3839 100644 --- a/gtk-2.0/x86_64-pc-linux-gnu/gtk.immodules +++ b/gtk-2.0/x86_64-pc-linux-gnu/gtk.immodules @@ -1,6 +1,6 @@ # GTK+ Input Method Modules file # Automatically generated file, do not edit -# Created by gtk-query-immodules-2.0 from gtk+-2.24.12 +# Created by gtk-query-immodules-2.0 from gtk+-2.24.16 # # ModulesPath = /root/.gtk-2.0/2.10.0/x86_64-pc-linux-gnu/immodules:/root/.gtk-2.0/2.10.0/immodules:/root/.gtk-2.0/x86_64-pc-linux-gnu/immodules:/root/.gtk-2.0/immodules:/usr/lib64/gtk-2.0/2.10.0/x86_64-pc-linux-gnu/immodules:/usr/lib64/gtk-2.0/2.10.0/immodules:/usr/lib64/gtk-2.0/x86_64-pc-linux-gnu/immodules:/usr/lib64/gtk-2.0/immodules # diff --git a/init.d/clamd b/init.d/clamd index 12257e1..d1ad2e2 100755 --- a/init.d/clamd +++ b/init.d/clamd @@ -1,7 +1,7 @@ #!/sbin/runscript -# Copyright 1999-2012 Gentoo Foundation +# Copyright 1999-2013 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/app-antivirus/clamav/files/clamd.initd-r2,v 1.1 2012/12/11 18:38:00 eras Exp $ +# $Header: /var/cvsroot/gentoo-x86/app-antivirus/clamav/files/clamd.initd-r3,v 1.1 2013/03/01 08:18:17 eras Exp $ daemon_clamd="/usr/sbin/clamd" daemon_freshclam="/usr/bin/freshclam" @@ -31,11 +31,13 @@ get_config() { start() { local clamd_socket=$(get_config clamd LocalSocket /var/run/clamav/clamd.sock) + local clamd_user=$(get_config clamd User clamav) + local freshclam_user=$(get_config freshclam DatabaseOwner clamav) logfix if [ "${START_CLAMD}" = "yes" ]; then checkpath --quiet --mode 755 \ - --owner $(get_config clamd User clamav):root \ + --owner "${clamd_user}":"${clamd_user}" \ --directory `dirname ${clamd_socket}` if [ -S "${clamd_socket}" ]; then rm -f ${clamd_socket} @@ -99,7 +101,7 @@ logfix() { local logfile=$(get_config clamd LogFile) if [ -n "${logfile}" ]; then checkpath --quiet \ - --owner $(get_config clamd User clamav):root \ + --owner "${clamd_user}":"${clamd_user}" \ --mode 640 \ --file ${logfile} fi @@ -111,7 +113,7 @@ logfix() { local logfile=$(get_config freshclam UpdateLogFile) if [ -n "${logfile}" ]; then checkpath --quiet \ - --owner $(get_config freshclam DatabaseOwner clamav):root \ + --owner "${freshclam_user}":"${freshclam_user}" \ --mode 640 \ --file ${logfile} fi diff --git a/init.d/udev b/init.d/udev index af0a40e..8f07d8f 100755 --- a/init.d/udev +++ b/init.d/udev @@ -7,11 +7,9 @@ description="udev manages device permissions and symbolic links in /dev" extra_started_commands="reload" description_reload="Reload the udev rules and databases" -rc_coldplug=${rc_coldplug:-${RC_COLDPLUG:-YES}} -udev_debug="${udev_debug:-no}" udev_monitor="${udev_monitor:-no}" -udev_monitor_keep_running="${udev_monitor_keep_running:-no}" -udev_settle_timeout="${udev_settle_timeout:-60}" +udevmonitor_log=/run/udevmonitor.log +udevmonitor_pid=/run/udevmonitor.pid depend() { @@ -53,7 +51,7 @@ start_pre() fi fi - if yesno "${udev_debug}"; then + if yesno "${udev_debug:-NO}"; then command_args="${command_args} --debug 2> /run/udevdebug.log" fi @@ -89,9 +87,6 @@ start_udevmonitor() { yesno "${udev_monitor}" || return 0 - udevmonitor_log=/run/udevmonitor.log - udevmonitor_pid=/run/udevmonitor.pid - einfo "udev: Running udevadm monitor ${udev_monitor_opts} to log all events" start-stop-daemon --start --stdout "${udevmonitor_log}" \ --make-pidfile --pidfile "${udevmonitor_pid}" \ @@ -100,23 +95,28 @@ start_udevmonitor() populate_dev() { - if get_bootparam "nocoldplug" ; then - rc_coldplug="NO" - ewarn "Skipping udev coldplug as requested in kernel cmdline" + if yesno ${rc_dev_root_symlink:-yes}; then + ebegin "Generating a rule to create a /dev/root symlink" + /lib/udev/dev-root-link.sh + eend $? fi - ebegin "Populating /dev with existing devices through uevents" - if ! yesno "${rc_coldplug}"; then - # Do not run any init-scripts, Bug #206518 - udevadm control --property=do_not_run_plug_service=1 + get_bootparam "nocoldplug" && rc_coldplug="no" + if ! yesno ${rc_coldplug:-${RC_COLDPLUG:-yes}}; then + einfo "Setting /dev permissions and symbolic links" + udevadm trigger --attr-match=dev --action=add + ewarn "Skipping udev coldplug sequence" + return 0 fi + + ebegin "Populating /dev with existing devices through uevents" udevadm trigger --type=subsystems --action=add udevadm trigger --type=devices --action=add eend $? + ebegin "Waiting for uevents to be processed" - udevadm settle --timeout=${udev_settle_timeout} + udevadm settle --timeout=${udev_settle_timeout:-60} eend $? - udevadm control --property=do_not_run_plug_service= return 0 } @@ -124,7 +124,7 @@ stop_udevmonitor() { yesno "${udev_monitor}" || return 0 - if yesno "${udev_monitor_keep_running}"; then + if yesno "${udev_monitor_keep_running:-no}"; then ewarn "udev: udevmonitor is still running and writing into ${udevmonitor_log}" else einfo "udev: Stopping udevmonitor: Log is in ${udevmonitor_log}" diff --git a/init.d/ulogd b/init.d/ulogd index e2f76a1..9206f8d 100755 --- a/init.d/ulogd +++ b/init.d/ulogd @@ -1,36 +1,43 @@ #!/sbin/runscript -# Copyright 1999-2012 Gentoo Foundation +# Copyright 1999-2013 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/app-admin/ulogd/files/ulogd,v 1.5 2012/01/01 01:01:06 idl0r Exp $ +# $Header: /var/cvsroot/gentoo-x86/app-admin/ulogd/files/ulogd-2.init,v 1.1 2013/03/20 08:38:18 pinkbyte Exp $ -extra_started_commands="reload" +ULOGD_PIDFILE="/run/ulogd.pid" +ULOGD_EXEC="/usr/sbin/ulogd" +ULOGD_OPTS="-u ulogd" + +extra_started_commands="reload reopen_logs" depend() { need net } -checkconfig() { - if [ ! -e /etc/ulogd.conf ]; then - eerror "You need /etc/ulogd.conf" - return 1 - fi -} - start() { - checkconfig || return 1 - ebegin "Starting ulogd" - start-stop-daemon --start --quiet --exec /usr/sbin/ulogd -- -u ulogd -d >/dev/null 2>&1 + ebegin "Starting ${SVCNAME}" + start-stop-daemon --start --quiet \ + --make-pidfile \ + --pidfile ${ULOGD_PIDFILE} \ + --background \ + --exec ${ULOGD_EXEC} \ + -- ${ULOGD_OPTS} eend $? } stop() { - ebegin "Stopping ulogd" - start-stop-daemon --stop --quiet --exec /usr/sbin/ulogd >/dev/null 2>&1 + ebegin "Stopping ${SVCNAME}" + start-stop-daemon --stop --pidfile ${ULOGD_PIDFILE} eend $? } reload() { - ebegin "Reloading ulogd.conf file" - killall -HUP ulogd &>/dev/null + ebegin "Reloading ${SVCNAME} configuration" + start-stop-daemon --signal USR1 --pidfile ${ULOGD_PIDFILE} + eend $? +} + +reopen_logs() { + ebegin "Reopening ${SVCNAME} logfiles" + start-stop-daemon --signal HUP --pidfile ${ULOGD_PIDFILE} eend $? } diff --git a/portage b/portage index cf41e94..2f0a09d 160000 --- a/portage +++ b/portage @@ -1 +1 @@ -Subproject commit cf41e943483c42cddf3cc4fea567ed7bee89f87a +Subproject commit 2f0a09dd5451eb31ab3889414105db42f6dd61ba diff --git a/postfix/body_checks b/postfix/body_checks index 04328dc..0fd6cbe 100644 --- a/postfix/body_checks +++ b/postfix/body_checks @@ -50,6 +50,7 @@ # [Immer mit aufsteiger Nummer sauber eintragen!] # # +/http:\/\/slpia.lk/ REJECT Body-Spamscutz 1158 /http:\/\/www.direkt-sicher.com\/starten\/privatkunde/ REJECT Body-Spamschutz 1157 /Unser ING-DIBA Sicherheits Bereich investiert sehr viel Zeit,/ REJECT Body-Spamschutz 1156 /ürzlich zeigen unsere Aufzeichnungen, dass Ihr Postbank-Konto möglich durch einen Dritten unbefugten Zutritt./ REJECT Body-Spamschutzregel 1155 diff --git a/postfix/header_checks b/postfix/header_checks index f9961bc..e3b2ba3 100644 --- a/postfix/header_checks +++ b/postfix/header_checks @@ -81,6 +81,7 @@ # [Immer mit aufsteiger Nummer sauber eintragen!] # +/^X-PHP-Script: www.dorstroy-spb.ru\/templates\/beez\/back.php/ REJECT Header-Spamschutzregel 1179 # HPLS:2013031310000105 /^Received:.*test@sideaitalia.com@.*/ REJECT Header-Spamschutzregel 1178 /^Subject: inolar.com/ REJECT Header-Spamschutzregel 1177 diff --git a/postfix/maps/aliases b/postfix/maps/aliases index 3d3d90f..a197cc9 100644 --- a/postfix/maps/aliases +++ b/postfix/maps/aliases @@ -30,6 +30,7 @@ hostmaster: root lp: root mail: root mailer-daemon: postmaster +me: frank nagios: root named: root news: usenet diff --git a/postfix/maps/aliases.db b/postfix/maps/aliases.db index 03ad439..bb9f3b7 100644 Binary files a/postfix/maps/aliases.db and b/postfix/maps/aliases.db differ diff --git a/postfix/maps/virtual_alias_maps b/postfix/maps/virtual_alias_maps index ac2d4b5..ee212d8 100644 --- a/postfix/maps/virtual_alias_maps +++ b/postfix/maps/virtual_alias_maps @@ -10,6 +10,7 @@ # alfred-1980@uhu-banane.net frank +me@uhu-banane.de frank alfred@uhu-banane.net frank, frank.brehm.61@googlemail.com frak@brehm-online.com frank@brehm-online.com nacho.libre@uhu-banane.de noreply diff --git a/postfix/maps/virtual_alias_maps.db b/postfix/maps/virtual_alias_maps.db index 366f942..684dc6b 100644 Binary files a/postfix/maps/virtual_alias_maps.db and b/postfix/maps/virtual_alias_maps.db differ diff --git a/postfix/old/body_checks.2013-03-11_10:59:21 b/postfix/old/body_checks.2013-03-11_10:59:21 new file mode 100644 index 0000000..04328dc --- /dev/null +++ b/postfix/old/body_checks.2013-03-11_10:59:21 @@ -0,0 +1,696 @@ +# Version 4.0 +# +# Das Postfix-Buch - Sichere Mailserver mit Linux +# http://www.postfixbuch.de +# +# Heinlein Professional Linux Support GmbH +# http://www.heinlein-support.de +# +# Downloadquelle dieser Datei: http://www.postfixbuch.de/web/service/checks/ +# +# +# Verwendung der Filtersammlung auf eigene Gefahr. +# +# Es handelt sich dabei um einen tagesaktuellen Auszug der beim +# ISP "JPBerlin.de" genutzten Filterregeln. Bitte pruefen Sie vor einem +# Einsatz bei Ihnen ganz genau, ob diese Regeln noch aktuell und sinnvoll +# sind und ob Sie sie einsetzen moechten! +# +# +# Setzen Sie in /etc/postfix/main.cf einfach +# +# body_checks = pcre:/etc/postfix/body_checks oder +# oder +# body_checks = regexp:/etc/postfix/body_checks +# +# und fuehren Sie "rcpostfix reload" aus. +# +# Tipp: pcre ist ein Drittel schneller als regexp! +# +# + +# +# Die Nummern hinter dem REJECT tauchen spaeter iM SMTP-Error oder im Log +# auf, um die Filter-Regel wiederzufinden, die den Block ausgeloest hat. +# Es kann stattdessen auch einfacher Text benutzt werden. +# + + +# +# +# Tagesaktuelle, nur voruebergehende Regelungen: +# =============================================== +# [Immer mit Timestamp (!) und ggf. Ticket-Nummer eintragen!] +# + +# +# +# Dauerhaft genutzte Regelungen: +# =============================================== +# [Immer mit aufsteiger Nummer sauber eintragen!] +# +# +/http:\/\/www.direkt-sicher.com\/starten\/privatkunde/ REJECT Body-Spamschutz 1157 +/Unser ING-DIBA Sicherheits Bereich investiert sehr viel Zeit,/ REJECT Body-Spamschutz 1156 +/ürzlich zeigen unsere Aufzeichnungen, dass Ihr Postbank-Konto möglich durch einen Dritten unbefugten Zutritt./ REJECT Body-Spamschutzregel 1155 +/We are the department of Asian Domain Registration Service in China. Here I have something/ REJECT Body-Spamschutzregel 1154 +/schicken Sie bitte einen Brief auf Violet@arbeitdeutschland.com/ REJECT Body-Spamschutzregel 1153 +/Dear RandomForename_/ REJECT Body-Spamscutzregel 1152 +/http:\/\/defiteq.com\/qms\/upload/ REJECT Body-Spamscutzregel 1151 +/mail.iphone.mn/ REJECT Body-Spamscutzregel 1150 +/http:\/\/www.safe-slh.com/ REJECT Body-Spamschutzregel 1149 +/Sie konnen Ihre Postsendung in unserer Postabteilung personlich kriegen/ REJECT Body-Spamschutzregel 1148 +/Sie sollen dieses Postetikett drucken lassen/ REJECT Body-Spamschutzregel 1147 +/Wenn dies nicht sofort machen Sie Ihre E-Mail-Adresse deaktiviert von unserem Server\./ REJECT Body-Spamschutzregel 1146 +/^Message-ID:*@vps332995.netsons.net/ REJECT Body-Spamschutzregel 1145 +/dildodaddy/ REJECT Body-Spamschutzregel 1144 +/mehreren fehlgeschlagenen TAN-Eingeben/ REJECT Body-Spamschutzregel 1143 +/filename\=\"c.g.euromilion.pdf\"/ REJECT Body-Spamscutzregel 1142 +/^Bei Interesse bitten wir um folgende$/ REJECT Body-Spamscutzregel 1141 +/palmandmore\.de/ REJECT Body-Spamschutzregel 1140 +/kundenverifikationservice\.u2m\.ru\/VERIFY\.PHP REJECT/ Body-Spamschutzregel 1139 +/co.cc\/aff\/item.php\?usn\=(aeb1|dap1|dvg1)\&i\=it\_ep\&e\=admin\@groupon.de/ REJECT Body-Spamschutzregel 1138 +/You Are Guaranteed To Get Paid Instantly For Each Email You Process!/ REJECT Body-Spamschutzregel 1137 +/I (talk|speak) 2 \'languages\'. Now i\'m 24. I/ REJECT Body-Spamschutzregel 1136 +/My nickname \"Kuma\"\! \:\) I/ REJECT Body-Spamschutzregel 1135 +/http:\/\/free.fr\/support\/verification\/compte\// REJECT Body-Spamschutzregel 1134 +/http:\/\/sonofages.free.fr\/images\/LogoCreditMutuel.png/ REJECT Body-Spamschutzregel 1133 +/ucc.edu.ni/ REJECT Body-Spamschutzregel 1132 +/7figureincome\.php/ REJECT Body-Spamschutzregel 1131 +/Cher Client Verified by Visa/ REJECT Body-Spamschutzregel 1130 +/^From: "Topillen Apotheke" / REJECT Body-Spamschutzregel 1129 +/^Aufgrund mehrerer Phishing Versuche, unsere Visa und Mastercard/ REJECT Body-Spamschutzregel 1128 +/^ Phishing Departament/ REJECT Body-Spamschutzregel 1127 +/We wish to invest between $5Million-$100Million in any viable projects/ REJECT Body-Spamschutzregel 1126 +/God bless you as you get back to me/ REJECT Body-Spamschutzregel 1125 +/www.(b|B)ien(e|E)tremag.com/ REJECT Body-Spamschutzregel 1124 +/Sehr geehrte Sparkasse Card/ REJECT Body-Spamschutzregel 1123 +/zigaretten-discount.info/ REJECT Body-Spamschutzregel 1122 +/zigaretten-discount\[punkt\]info/ REJECT Body-Spamschutzregel 1121 +/Guten Tag Mitglied [0-9]{5}/ REJECT Body-Spamschutzregel 1120 +/elenx.innovacon.com\/.e\/e.php/ REJECT Body-Spamschutzregel 1119 +/www.sniperrs.de\/modules\/Forums\/admin/ REJECT Body-Spamschutzregel 1118 +/boxneufnet.com\/id\/oragne.fr\/Identifiant/ REJECT Body-Spamschutzregel 1117 +/www.colellsa.com\/img\/quienes\/pabo\/paypal-fr/ REJECT Body-Spamschutzregel 1116 +/dekmor.cmu.ac.th\/sticker\/upload\/Logs\/Login\/webscrcmd/ REJECT Body-Spamschutzregel 1115 +/ektoschronou.com/ REJECT Body-Spamschutzregel 1114 +/ulouwaio.com/ REJECT Body-Spamschutzregel 1113 +/logonature.com.nu/ REJECT Body-Spamschutzregel 1112 +/suinlop.com/ REJECT Body-Spamschutzregel 1111 +/soudoorpo.com/ REJECT Body-Spamschutzregel 1110 +/GOOGLE AUSSTATTUNGSFONDS 20.?.? GEWINNER ANMELDEFORMULAR FUER ZAHLUNG/ REJECT Body-Spamschutzregel 1109 +/Anbieter: Privacy GG Limited, 99 Albert Street, Belize City, CA/ REJECT Body-Spamschutzregel 1108 +/^Die Nachricht wurde durch Interads 24 Ltd/ REJECT Body-Spamschutzregel 1107 +/www.sommer-mit-kollegen.de/ REJECT Body-Spamschutzregel 1006 +# Ein Spammer versenden immer Austragungslinks, die auf "/ausa" enden: +/^www.*\/ausa$/ REJECT Body-Spamschutzregel 1105 +/KlickTel Telefonbuch OEM/ REJECT Body-Spamschutzregel 1104 +/www.klicktel24.org/ REJECT Body-Spamschutzregel 1103 +/Klicken Sie hier, und fühlen Sie sich endlich gut behandelt:/ REJECT Body-Spamschutzregel 1102 +/maryjanemax@yahoo.co.uk/ REJECT Body-Spamschutzregel 1101 +/http.*muqugeh\.cn/ REJECT Body-Spamschutzregel 1100 +/Bei uns bekommen Sie Ihren Kredit schnell, unbürokratisch, diskret und natürlich ohne Bankauskunft./ REJECT Body-Spamschutzregel 1099 +/INTERNATIONAL LOTTERIE PROMOTION SPIELGEMEINSCHAFT/ REJECT Body-Spamschutzregel 1098 +/Leider st=F6ren Sie.=20/ REJECT Body-Spamschutzregel 1097 +/Sie haben dieses Email erhalten, weil Sie im Newsletter von Promohouse Ltd eingetragen sind/ REJECT Body-Spamschutzregel 1096 +/ATTN: Beneficiar/ REJECT Body-Spamschutzregel 1095 +/www.hedonismails.de/ REJECT Body-Spamschutzregel 1094 +/www.globadressen.(com|net|org|info)/ REJECT Body-Spamschutzregel 1093 +/elegalal.nextmail.ru/ REJECT Body-Spamschutzregel 1092 +/http:\/\/www.switzerlandpussy.eu/ REJECT Body-Spamschutzregel 1082 +/Die jungen Girls fliegen nur so auf die langen/ REJECT Body-Spamschutzregel 1081 +/\*\*\*\* Commercial use of this software is prohibited \*\*\*\*/ REJECT Body-Spamschutzregel 1080 +/I finded your email in internet and I decide to ask you for help/ REJECT Body-Spamschutzregel 1079 +/Details und moegliche Schritte zur Entsperrung finden Sie/ REJECT Body-Spamschutzregel 1078 +/^Amount Won:/ REJECT Body-Spamschutzregel 1077 +/AWARD WINNING NOTICE/i REJECT Body-Spamschutzregel 1076 +/mixvarejo.com/ REJECT Body-Spamschutzregel 1075 +/www.global-db.(com|net|org)/ REJECT Body-Spamschutzregel 1074 +/^I am Barrister/ REJECT Body-Spamschutzregel 1073 +/respublica@gaucherepublicaine.org/ REJECT Body-Spamschutzregel 1072 +/NEU - Vi Super Active/ REJECT Body-Spamschutzregel 1071 +/anhaltende Versagensangste und wiederholte peinliche Situationen/ REJECT Body-Spamschutzregel 1070 +/Schulfreunde Vermittlungs Service AG/ REJECT Body-Spamschutzregel 1068 +/Multimedia Telegramm/ REJECT Body-Spamschutzregel 1067 +/http.*\.fdub\.biz/ REJECT Body-Spamschutzregel 1066 +/TanjaGuenther/ REJECT Body-Spamschutzregel 1065 +/www.bestnetz24.de\/letter\/ausgabe.php/ REJECT Body-Spamschutzregel 1064 +/www.db.?adressen.(com|net|org|info)/ REJECT Body-Spamschutzregel 1063 +/thomas@jthomas.es/ REJECT Body-Spamschutzregel 1062 +/Ihre Marketing Agentur Espa/ REJECT Body-Spamschutzregel 1061 +/www.pakandu.com/ REJECT Body-Spamschutzregel 1060 +/Glob.?.?.?(C|K)ontact.?.?.?Team/ REJECT Body-Spamschutzregel 1059 +/www.gc.?datenbaken.(com|net|org|info)/ REJECT Body-Spamschutzregel 1058 +/www.glc-?data.(com|net|org|info)/ REJECT Body-Spamschutzregel 1057 +/Global.?(C|K)ontact/i REJECT Body-Spamschutzregel 1056 +/www.imarketing.com.br.remove/ REJECT Body-Spamschutzregel 1055 +/Bestellen Sie jetzt und vergessen Sie Ihre Enttauschungen/ REJECT Body-Spamschutzregel 1054 +/Online Apotheke - original Qualitaet/ REJECT Body-Spamschutzregel 1053 +/Wir wissen was Frauen wollern/ REJECT Body-Spamschutzregel 1052 +/Viiiiaaaaaagra/ REJECT Body-Spamschutzregel 1051 +/Web: www.eurasianpages. com/ REJECT Body-Spamschutzregel 1050 +/^Firma Global Contact bietet Ihnen/ REJECT Body-Spamschutzregel 1049 +/www.g-adressen.net/ REJECT Body-Spamschutzregel 1048 +/NIEMALS geben Sie Ihre Passw.rter an niemanden NUR und melden Sie sich/ REJECT Body-Spamschutzregel 1047 Haspa-Pishing +/www.loteria.es/ REJECT Body-Spamschutzregel 1046 +/Girls!  Deveelop your sexual reelationship and get even MORE pleasurre!/ REJECT Body-Spamschutzregel 1045 +# Nigeria-Spam / phei 20080209 +/Ich bin bei einer routinen Überprüfung in meiner Bank/ REJECT Body-Spamschutzregel 1044 +/Ich vermute das diese E-Mail eine Überraschung für Sie sein wird/ REJECT Body-Spamschutzregel 1043 +/Ich bin bei einer routinen Überprüfung in meiner Bank / REJECT Body-Spamschutzregel 1042 +# Versendet UBE/UCE unter verbraucher@wichtig.ms +/^Ein Dienst der IT4YOU AG, Friedrichstrasse 171, Berlin - Mitte als/ REJECT Body-Spamschutzregel 1041 +# Versendet KlickTel UBE/UCE: / phei 20080204 +/^www.cdtophit.org/ REJECT Body-Spamschutzregel 1040 +/http:\/\/www\.doenertreff\.de/ REJECT Body-Spamschutzregel 1039 +/Brauchen Sie noch einen Grund um zu Vegas VIP Casino/ REJECT Body-Spamschutzregel 1038 +/glob-contact.net$/ REJECT Body-Spamschutzregel 1037: glob-contact +/^Ihr Glob-Kontakt-Team$/ REJECT Body-Spamschutzregel 1036: glob-contact +/www.feilervision.de/ REJECT Body-Spamschutzregel 1035: feilervision +/DER INVESTORALARM!/i REJECT Body-Spamschutzregel 1034 +/ES IST EIN UNGLAUBLICHES PROFITPOTENTIAL! VERLIERE DIESE CHANCE NICHT!/i REJECT Body-Spamschutzregel 1033 +/LOTTERY AND GAMING INTERNET MESSAGE CENTRE/ REJECT Body-Spamschutzregel 1033 +/I work very hard every day to be able to buy necessities for my mother/ REJECT Body-Spamschutzregel 1032 +/THE FREELOTTO COMPANY/ REJECT Body-Spamschutzregel 1031 +/BreakingMrktNews/ REJECT Body-Spamschutzregel 1030 +/China Media Crop OTC.BB CHMD/ REJECT Body-Spamschutzregel 1029 +/Weltweit gilt das nummerierte TAN-Verfahren als eines der sicherste/ REJECT Body-Spamschutzregel 1028: Postbank-Pishing +/^Marion Beckera/ REJECT Body-Spamschutzregel 1027 +/Zwecks abschließende Zustimmung für deine Verhandlung zur/ REJECT Body-Spamschutzregel 1026 +/annullieren deine on-line Übertragung® Dienstleistungen./ REJECT Body-Spamschutzregel 1025 +/www.internetloginuser.info/ REJECT Body-Spamschutzregel 1024 +/realsevgi.com/ REJECT Body-Spamschutzregel 1023 +/Um mich zu entlasten, schicke ich Ihnen das (...) Foto wieder zurück./ REJECT Body-Spamschutzregel 1022 +/Oder Ihr Provider hat die Mail falsch weiter geleitet!?/ REJECT Body-Spamschutzregel 1021 +/Versatel-Attachment-Warning.txt/ REJECT Body-Spamschutzregel 1020 +/www=2Eanaforturizm=2Ecom/ REJECT Body-Spamschutzregel 1019 +/www.anaforturizm.com/ REJECT Body-Spamschutzregel 1018 +/The Jpberlin Support Team/ REJECT Body-Spamschutzregel 1017: Pishing-Mails +/^jpberlin.de support team\./ REJECT Body-Spamschutzregel 1016: Pishing-Mails +/You have successfully updated the password of your Jpberlin account/ REJECT Body-Spamschutzregel 1015 +/www.ru4mailnow.com/ REJECT Body-Spamschutzregel 1014 +/EXPLOSIVE PICK FOR OUR MEMBERS/ REJECT Body-Spamschutzregel 1013 +/AntiVirus-System: Kein Virus erkannt/ REJECT Body-Spamschutzregel 1012 +/--- FIFA Fussball-Weltmeisterschaft 2006/ REJECT Body-Spamschutzregel 1011 +/ankara@ankararentacar.de/ REJECT Body-Spamschutzregel 1010 +/Replica Watch Models/ REJECT Body-Spamschutzregel 1009 +/Diadem Travel/ REJECT Body-Spamschutzregel 1008 +/Let the search engine experts compete/ REJECT Body-Spamschutzregel 1007 +/Wenn du sonst noch helfen willst, dann verschick diese Nachricht einfach so oft du willst./ REJECT Body-Spamschutzregel 1006 +/http:\/\/www.ehmig.net\/web_mailer/ REJECT Body-Spamschutzregel 1005 +/http:\/\/real.slon.biz/ REJECT Body-Spamschutzregel 1004 +#/im Zusammenhang mit dem Arbeitslosengeld II/ REJECT Body-Spamschutzregel 1003 +/www.inverz.org/ REJECT Body-Spamschutzregel 1002 +/www.inverz.net/ REJECT Body-Spamschutzregel 1001 + + + + + + +/We recommend you to follow the instructions in order to keep your computer safe./ REJECT Body-Spamschutzregel 1 +/Sieh Dir einfach mal ein Video an und mach dann gleich ein Treffen/ REJECT Body-Spamschutzregel 2 +#/money.*back.*guarant/ REJECT Body-Spamschutzregel 3 +/ CIALIS / REJECT Body-Spamschutzregel 4 +/www.galamed.biz/ REJECT Body-Spamschutzregel 5 +/Starts working in less than 15 min./ REJECT Body-Spamschutzregel 6 +/Adipren720/ REJECT Body-Spamschutzregel 7 +/www.lending-home.com/ REJECT Body-Spamschutzregel 8 +/bigbonus-casino.com/ REJECT Body-Spamschutzregel 9 +/Ich hab die ultimative Seite.*dich, klick doch mal an!/ REJECT Body-Spamschutzregel 10 +/www.server42.com/ REJECT Body-Spamschutzregel 11 +/seo-profits.com/ REJECT Body-Spamschutzregel 12 +/Have a great web site, but no one knows it even/ REJECT Body-Spamschutzregel 13 +/REVERZ.*D-INFO/ REJECT Body-Spamschutzregel 14 +/D-INFO.*REVERZ/ REJECT Body-Spamschutzregel 15 +/greatmaleenhancement.biz/ REJECT Body-Spamschutzregel 16 +/ Xanax / REJECT Body-Spamschutzregel 17 +/ Vic(o|0)din / REJECT Body-Spamschutzregel 18 +/ Hydr(o|0)c(o|0)d(o|0)ne / REJECT Body-Spamschutzregel 19 +/ V1agra / REJECT Body-Spamschutzregel 20 +/warehousefull.com/ REJECT Body-Spamschutzregel 21 +/No doctor visit needed/ REJECT Body-Spamschutzregel 22 +/KLICKTEL KENNT SIE!/ REJECT Body-Spamschutzregel 23 +/^www.femo-online.de/ REJECT Body-Spamschutzregel 24 +/www.land-ua.com/ REJECT Body-Spamschutzregel 25 +/Come to Loqozine/ REJECT Body-Spamschutzregel 26 +/^
<.*a href=.*img src=.*border.*><\/a><\/center>$/ REJECT Body-Spamschutzregel Check 27 +/www.gord.us/ REJECT Body-Spamschutzregel 28 +/www.reverz.org/ REJECT Body-Spamschutzregel 29 +/wonderfulaction.com/ REJECT Body-Spamschutzregel 30 +/At our pharmacy we offer/ REJECT Body-Spamschutzregel 31 +/Was ist besser als eine fette Ladung Sahne/ REJECT Body-Spamschutzregel 32 +/www.surerxmed.com/ REJECT Body-Spamschutzregel 33 +/www.surerxpills.com/ REJECT Body-Spamschutzregel 34 +/www.stifyems.com/ REJECT Body-Spamschutzregel 35 +/www.diatrus.com/ REJECT Body-Spamschutzregel 36 +/CITYNETT-NEWSLETTER/i REJECT Body-Spamschutzregel 37 +/Note: *Use *password/ REJECT Body-Spamschutzregel 38 +/ will be disabled because of improper using/ REJECT Body-Spamschutzregel 39 +/i.*don.*like.*the*.plaintext/ REJECT Body-Spamschutzregel 40 +/archive *password/ REJECT Body-Spamschutzregel 41 +# /The *Attac..* *team/ REJECT Body-Spamschutzregel 42 +/The *Attac.org *team/ REJECT Body-Spamschutzregel 43 +/The *Attac.de *team/ REJECT Body-Spamschutzregel 44 +/The *Attac-netzwerk.de *team/ REJECT Body-Spamschutzregel 45 +/The *Jpberlin.de *team/ REJECT Body-Spamschutzregel 46 +/Our main mailing server/ REJECT Body-Spamschutzregel 47 +/please update your profile at Billing Center/ REJECT Body-Spamschutzregel 48 +/WSEAS will reply to you/ REJECT Body-Spamschutzregel 49 +/de.componentsengine.net/ REJECT Body-Spamschutzregel 50 +/List von Components Engine eingetragen/ REJECT Body-Spamschutzregel 51 +/The Weekend Pill - Xialis is safer, quicker, lasts longers/ REJECT Body-Spamschutzregel +/Muzenda der �teste Sohn von Paul Muzenda bin , einem Farmer in Simba/ REJECT Body-Spamschutzregel 53 +/Alles fr die Autorennbahn/ REJECT Body-Spamschutzregel 54 +/Der Wurm nennt sich selbst "ODIN" und konnte sich bist jetzt/ REJECT Body-Spamschutzregel 55 +/NICHT ABHEBEN, SONDERN SOFORT ABWEISEN/ REJECT Body-Spamschutzregel Das ist ein HOAX, eine Falschmeldung. http://www.hoax-info.de 56 +/Es ist ein Virus, welcher alle IMEI und IMSI Daten/ REJECT Body-Spamschutzregel Das ist ein HOAX, eine Falschmeldung. http://www.hoax-info.de 57 +/Der Meister unter den Druckprogrammen: PRINTMASTER 8 GOLD/ REJECT Body-Spamschutzregel 58 +/Stellen Sie sich vor, Sie kaufen ein Produkt oder eine Dienstleistung im/ REJECT Body-Spamschutzregel 59 +/So finden Sie blitzschnell den NAMEN und ADRESS-EINTRAG zu jeder/ REJECT Body-Spamschutzregel 60 +# Rausgenommen wegen Groupon, phei, 11.3.13 +# /^TVqQAAMAAAAEAAAA\/\/8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA$/ REJECT Body-Spamschutzregel Due to recent virus attacks, we temporarily block all Win32 executable files. Please re-send your attachment in a compressed (tar, zip, rar, etc.) form. Your message has NOT been delivered. 61 +/eptember 2003, Cumulative Patch/ REJECT Body-Spamschutzregel 62 +/Ich bin gerade vor einem neuen.*sehr gef�rlichen V.rus gewarnt/ REJECT Body-Spamschutzregel 63 +/^RSLxwtYBDB6FCv8ybBcS0zp9VU5of3K4BXuwyehTM0RI9IrSjVuwP94xfn0wgOjouKWzGXHVk3qg$/ REJECT Body-Spamschutzregel This is a Sobig-Worm! 64 +/exklusives virtuelles Gratis-Rubbellos welches Sie gleich jetzt live mit/ REJECT Body-Spamschutzregel 65 +/Willkommen beim Lucky7Casino/ REJECT Body-Spamschutzregel 66 +/heutzutage spielen Kontakte und Adressdaten eine immer wichtigere Rolle./ REJECT Body-Spamschutzregel 67 +/REVERZ anhand des Datenbestands der D-Info den gesuchten/ REJECT Body-Spamschutzregel 68 +/www.privatseitennetz.com/ REJECT Body-Spamschutzregel 69 +/Outlook and Outlook Express as well as five newly/ REJECT Body-Spamschutzregel 70 +/delog@cip.informatik.uni-wuerzburg.de/ REJECT Body-Spamschutzregel 71 +/credit.hostfree2003.com/ REJECT Body-Spamschutzregel 72 +/www.mediabiz.de.ewmail/ REJECT Body-Spamschutzregel 73 +/Want to boost your sales with Internet/ REJECT Body-Spamschutzregel 74 +/talente.tripod.com.br/ REJECT Body-Spamschutzregel 75 +/schlechte Schufa-Auskunft? Bonit�sprobleme? Dann w�len Sie doch/ REJECT Body-Spamschutzregel 76 +/Diese Liste von Banken, Sparkassen Volks- und Raiffeisenbanken OHNE Schufa-Anschluss finden Sie nicht/ REJECT Body-Spamschutzregel 77 +/Gute Nachrichten. Gerade habe ich die geile \"FickShow\" gefunden:/ REJECT Body-Spamschutzregel 78 +/Gute Nachrichten. Gerade habe ich die geile "FickShow" gefunden:/ REJECT Body-Spamschutzregel 79 +/Create Professional 3D Page-Tuning/ REJECT Body-Spamschutzregel 80 +/SEXKONTAKTE ONLINE/ REJECT Body-Spamschutzregel 81 +/FREE Access to.*adult.*sites/i REJECT Body-Spamschutzregel 82 +/web-supermarket.com/i REJECT Body-Spamschutzregel 83 +/Wir haben ihre Adresse durch eines unserer Partnerunternehmen/ REJECT Body-Spamschutzregel 84 +/Wir haben ihre Adresse.*Partnerunternehmen/i REJECT 85 +/herbal-place.com/ REJECT Body-Spamschutzregel 86 +/GIO DIET-CAPS greifen hier ein durch:/ REJECT Body-Spamschutzregel 87 +/These are Free Cash Grants That you NEVER have to repay/ REJECT Body-Spamschutzregel 88 +/Wir haben unseren Zugang neu upgedadet/ REJECT Body-Spamschutzregel 89 +/Jemand der Dich sehr gut kennt wuerde gern ein Treffen mit Dir/i REJECT Body-Spamschutzregel 90 +/Wenn Du wissen willst wer Dich treffen moechte/i REJECT Body-Spamschutzregel 91 +/You Have Won a FREEE/i REJECT Body-Spamschutzregel 93 +/Click Here For All Your Favorite Pornstars/i REJECT Body-Spamschutzregel 94 +/Year the U.S. Government Gives away BILLIONS in cash grants/i REJECT Body-Spamschutzregel 95 +/Banken ohne Schufa-Auskunft/i REJECT Body-Spamschutzregel 96 +/Probleme mit der Schufa/i REJECT Body-Spamschutzregel 97 +/Laden Sie sich jetzt unsere kostenlose Zugangssoftware runter/ REJECT Body-Spamschutzregel 98 +/Genocide Is A Black-And-White Concept/ REJECT Body-Spamschutzregel 99 +/So viele Wuensche auf einmal/ REJECT Body-Spamschutzregel 100 +/diese Mail ist kein SPAM/i REJECT Body-Spamschutzregel 101 +/Sch.*ne Gr.*e von Lucky Casino/ REJECT Body-Spamschutzregel 102 +/Weil Sie oder ein anderer bei Lucky Casino/i REJECT Body-Spamschutzregel 103 +/Endlich habe ich Deine E-Mail Adresse wieder gefunden, das hat aber/i REJECT Body-Spamschutzregel 104 +/galerie kurt im hirsch/ REJECT Body-Spamschutzregel +/X-MS_Scanner: Kein Virus erkannt/ REJECT Body-Spamschutzregel Sober-Wurmsignatur +/Anti_Virus Service/ REJECT Body-Spamschutzregel Sober-Wurmsignatur + +# +# Checks gesammelt aus dem Netz von +# http://www.hispalinux.es/~data/postfix/ +# +/.*www\.removeyou\.com.*/ REJECT Body-Spamschutzregel 110 +/.*waterforge\.com.*/ REJECT Body-Spamschutzregel 111 +/.*capitalwave\.com\?subject=Please*/ REJECT Body-Spamschutzregel 112 +/\.virtmundo\.com/ REJECT Body-Spamschutzregel 113 +#/Accept Credit Cards/ REJECT Body-Spamschutzregel 114 +/Nude Celebrities/ REJECT Body-Spamschutzregel 115 +/PRODUCT or SERVICE/i REJECT Body-Spamschutzregel 116 +# /GUARANTEED!/ REJECT Body-Spamschutzregel 117 +/Amateur Girls/ REJECT Body-Spamschutzregel 118 +#/FREE MEMBERSHIP/ REJECT Body-Spamschutzregel 119 +#/bizinfo/ REJECT Body-Spamschutzregel 120 +# block iframe hack 122 +/