The RABL (pronounced "rabble") server is a statistical, machine-automated and

up-to-the-second blackhole list server designed to monitor global network
activity and make decisions based on network spread and infection rate -
that is, abuse from an address which has been reported by a number of
participating networks. This is in far contrast to how most other
blacklists function, where fallable humans (many with political agendas) must
process thousands of reports and make decisions - many times after the fact.
The RABL is fully reactive to new threats and can block addresses within
seconds of widespread infection - good to know in this world of drone PCs
and stolen accounts. The RABL server blacklists addresses until they have
cleared a minimum duration (an hour by default) without any additional
reporting, making the appeals process as simple as "fix your junk". The RABL
is designed to function via automated machine-learning spam filters, such as
Bayesian filters. Each participating network is granted write authentication
in the blackhole list, to prevent abuse. A client tool is also provided.

PR:		ports/88446
Submitted by:	Ion-Mihai "IOnut" Tetcu <itetcu@people.tecnik93.com>

6 files changed, 171 insertions, 0 deletions

diff --git a/mail/rabl_server/Makefile b/mail/rabl_server/Makefile
new file mode 100644
index 000000000000..16bee5845bf6
--- /dev/null
+++ b/mail/rabl_server/Makefile
@@ -0,0 +1,64 @@
+# New ports collection makefile for:	rabl_server
+# Date created:				2005-10-25
+# Whom:					Ion-Mihai "IOnut" Tetcu <itetcu@people.tecnik93.com>
+#
+# $FreeBSD$
+#
+
+PORTNAME=	rabl_server
+PORTVERSION=	1.0.0
+CATEGORIES=	mail dns
+MASTER_SITES=	http://www.nuclearelephant.com/projects/rabl/sources/ \
+		http://people.tecnik93.com/~itetcu/FreeBSD/ports/${PORTNAME}/sources/
+
+MAINTAINER=	itetcu@people.tecnik93.com
+COMMENT=	Reactive Autonomous Blackhole List server
+
+USE_LIBTOOL_VER=	15
+GNU_CONFIGURE=		yes
+INSTALLS_SHLIB=		yes
+CONFIGURE_ENV=		LDFLAGS="-L${LOCALBASE}/lib"
+CONFIGURE_TARGET=	--build=${MACHINE_ARCH}-portbld-freebsd${OSREL}
+USE_REINPLACE=		yes
+
+PORTDOCS=	CHANGE README RELEASE.NOTES
+
+OPTIONS=	DEBUG "Enable DEBUG messages"	off
+
+USE_RC_SUBR=	${PORTNAME}.sh
+
+RABL_GROUP?=	bind
+
+.include <bsd.port.pre.mk>
+
+.if defined(WITH_DEBUG)
+CONFIGURE_ARGS+=	--enable-debug
+CFLAGS+=		-g -DDEBUG
+STRIP_CMD=		# empty
+.endif
+
+.pre-everything::
+	${ECHO_CMD}
+	${ECHO_CMD} "If you plan to run ${PORTNAME} as an other user that the"
+	${ECHO_CMD} "default 'bind' define RABL_GROUP to the group that user belongs"
+	${ECHO_CMD} "RABL_GROUP=${RABL_GROUP} (default: bind)"
+	${ECHO_CMD}
+
+post-patch:
+	@${REINPLACE_CMD} -e 's|-lpthread|${PTHREAD_LIBS}|g' ${WRKSRC}/configure
+
+post-install:
+	${INSTALL} -o ${SHAREOWN} -g ${RABL_GROUP} -m 0640 \
+		${WRKSRC}/${PORTNAME}.conf ${PREFIX}/etc/${PORTNAME}.conf.sample
+.if !exists(${PREFIX}/etc/${PORTNAME}.conf)
+	${INSTALL} -o ${SHAREOWN} -g ${RABL_GROUP} -m 0640 \
+		${WRKSRC}/${PORTNAME}.conf ${PREFIX}/etc
+.endif
+.if !defined(NOPORTDOCS)
+	${MKDIR} ${DOCSDIR}
+.	for i in ${PORTDOCS}
+		${INSTALL_DATA} ${WRKSRC}/${i} ${DOCSDIR}
+.	endfor
+.endif
+
+.include <bsd.port.post.mk>
diff --git a/mail/rabl_server/distinfo b/mail/rabl_server/distinfo
new file mode 100644
index 000000000000..c5eb16fc27e2
--- /dev/null
+++ b/mail/rabl_server/distinfo
@@ -0,0 +1,3 @@
+MD5 (rabl_server-1.0.0.tar.gz) = 01614728ef4fa407aec0479dd382eb18
+SHA256 (rabl_server-1.0.0.tar.gz) = 435f7e8bc6680b5d94932a8bd8058695df8a6c8ea7ff44969630c5355e01dd5f
+SIZE (rabl_server-1.0.0.tar.gz) = 311628
diff --git a/mail/rabl_server/files/patch-rabl_server.conf b/mail/rabl_server/files/patch-rabl_server.conf
new file mode 100644
index 000000000000..3d50c367e8ee
--- /dev/null
+++ b/mail/rabl_server/files/patch-rabl_server.conf
@@ -0,0 +1,32 @@
+--- rabl_server.conf.dist	Tue Oct 25 17:51:52 2005
++++ rabl_server.conf	Tue Oct 25 19:00:18 2005
+@@ -3,7 +3,7 @@
+ ##
+ 
+ # Logfile
+-Logfile rabl.log
++Logfile /var/log/rabl.log
+ 
+ # Connection Queue Size
+ Queue 32
+@@ -21,11 +21,17 @@
+ Life	86400
+ 
+ # Command to execute if being DoSed
+-DoSCMD	"echo 'block in quick from %s/32 to any' | ipf -f -"
++### be sure to tailor this to your setup befor un-commenting one of them
++# ipf
++# DoSCMD	"echo 'block in quick from %s/32 to any' | ipf -f -"
++# ipfw
++# DoSCMD	"ipfw add deny ip from %s/32 to any"
++# pf
++# DoSCMD	"echo "block quick from %s/32 to any" | pfctl -mf -"
+ 
+ # Zone file writing
+-ZoneTemplate	/var/named/rabl.mydomain.com.template
+-ZoneOutput	/var/named/rabl.mydomain.com
++ZoneTemplate	/etc/namedb/master/rabl.example.com.template
++ZoneOutput	/etc/namedb/master/rabl.example.com
+ 
+ # Users (Clients with the ability to report a spamming host)
+ # USER <uid> <secret> <acl> <permissions>
diff --git a/mail/rabl_server/files/rabl_server.sh.in b/mail/rabl_server/files/rabl_server.sh.in
new file mode 100644
index 000000000000..605872182521
--- /dev/null
+++ b/mail/rabl_server/files/rabl_server.sh.in
@@ -0,0 +1,46 @@
+#!/bin/sh
+# $FreeBSD$
+#
+
+# PROVIDE: rabl_server
+# REQUIRE: NETWORKING SERVERS
+# BEFORE: mail
+# KEYWORD: shutdown
+
+#
+# Add the following lines to /etc/rc.conf[.local] to enable rabl_server:
+#
+# rabl_server_enable="YES"
+# User variables:
+# rabl_server_conf - conf file to use (default: %%PREFIX%%/etc/${name}.conf)
+# rabl_server_user - user to run as (default: bind)
+#
+
+. %%RC_SUBR%%
+
+name=rabl_server
+rcvar=`set_rcvar`
+
+command=%%PREFIX%%/bin/${name}
+#command_args="-c ${rabl_server_conf} -u ${rabl_server_user}"
+#${name}_flags="-c ${rabl_server_conf} -u ${rabl_server_user}"
+required_files=%%PREFIX%%/etc/${name}.conf
+
+extra_commands=reload
+
+#reload()
+#{
+# kill -HUP `cat $pidfile`
+#}
+
+# set defaults
+rabl_server_enable=${rabl_server_enable:-"NO"}
+
+load_rc_config $name
+
+rabl_server_user=${rabl_server_user:-"bind"}
+rabl_server_conf=${rabl_server_conf:-"%%PREFIX%%/etc/${name}.conf"}
+
+rabl_server_flags="-c ${rabl_server_conf} -u ${rabl_server_user} &"
+
+run_rc_command "$1"
diff --git a/mail/rabl_server/pkg-descr b/mail/rabl_server/pkg-descr
new file mode 100644
index 000000000000..a4937f206496
--- /dev/null
+++ b/mail/rabl_server/pkg-descr
@@ -0,0 +1,22 @@
+The RABL (pronounced "rabble") server is a statistical, machine-automated and
+up-to-the-second blackhole list server designed to monitor global network
+activity and make decisions based on network spread and infection rate -
+that is, abuse from an address which has been reported by a number of
+participating networks. This is in far contrast to how most other
+blacklists function, where fallable humans (many with political agendas) must
+process thousands of reports and make decisions - many times after the fact.
+The RABL is fully reactive to new threats and can block addresses within
+seconds of widespread infection - good to know in this world of drone PCs
+and stolen accounts. The RABL server blacklists addresses until they have
+cleared a minimum duration (an hour by default) without any additional
+reporting, making the appeals process as simple as "fix your junk". The RABL
+is designed to function via automated machine-learning spam filters, such as
+Bayesian filters. Each participating network is granted write authentication
+in the blackhole list, to prevent abuse. A client tool is also provided.
+
+The RABL server is the server component of the blacklist. It is only
+necessary to use the server if you are running your own local RABL. If you are
+looking to simply subscribe to the public RABL, then you need the RABL client
+instead (mail/rabl_client).
+
+WWW: http://www.nuclearelephant.com/projects/rabl/
diff --git a/mail/rabl_server/pkg-plist b/mail/rabl_server/pkg-plist
new file mode 100644
index 000000000000..63f5eb41972e
--- /dev/null
+++ b/mail/rabl_server/pkg-plist
@@ -0,0 +1,4 @@
+bin/rabl_server
+@unexec if cmp -s %D/etc/rabl_server.conf %D/etc/rabl_server.conf.sample; then rm -f %D/etc/rabl_server.conf; fi
+etc/rabl_server.conf.sample
+@exec if [ ! %D/etc/rabl_server.conf ] ; then cp -p %D/%F %D/etc/rabl_server.conf