Country Block
-
This is odd but I thought I'd at least ask in case I forgot something. I just switched bsd boxes as I needed more pci slots and everything has been set up running smooth now for a few weeks. It appears that I'm getting more foreign spam than I did before. Coincidentally, I used to receive maybe 3 a week and their IPs would be here in the US anyway. Now, it seems I get about 10/day from IPs listed under different countries.
My question is, does Country Block also block spam from different countries that happen to come from relays outside the US, if selected? Maybe just a weird coincidence but I gave CB all the credit!
The difference is that the old bsd box had 1.7 and this one is the latest 1.9 version. I also have outbound blocked now (not before) on all NICs (WAN, server, backup server, son's) except the one for my personal lan as not to interfere with my browsing. Whitelist is still empty. Email settings are also added now but every time I test I get a Warning fsockopen() error. Thoughts?
UPDATE 1:
Just a quick thought - I used to have IP Blocklist on the old box with a few .gz installed…but I eventually had it disabled as it was blocking a lot of stuff and then CB came out. It just seems that if I checked a certain country under CB then I wouldn't see anymore email from that country...UPDATE 2:
Well I installed IP-Blocklist and it didn't block the spam but it did a few other sites which I'll need to clean up. Weird. Why would I be getting spam in from countries that are blocked? Well I went ahead and uninstalled the package, rebooted pfsense, reinstalled Country Block, and just re-configured it. The only difference I have on this box vs. the old one is that (besides not being version 1.7) I have block outbound checked and I only have the first option under "Interfaces" unchecked which is LAN.UPDATE 3:
Well I just checked Country Block…damn more foreign spam. This time I'm going to unblock outgoing, select all my interfaces, and then reboot. That's it, everything is as it was on the old box outside of this being a newer version. I'm stumped if this doesn't work.UPDATE 4:
Well I'm confused now…I'm still receiving spam from all sorts of countries. Any ideas as to what I could be doing wrong? -
This is odd but I thought I'd at least ask in case I forgot something. I just switched bsd boxes as I needed more pci slots and everything has been set up running smooth now for a few weeks. It appears that I'm getting more foreign spam than I did before. Coincidentally, I used to receive maybe 3 a week and their IPs would be here in the US anyway. Now, it seems I get about 10/day from IPs listed under different countries.
My question is, does Country Block also block spam from different countries that happen to come from relays outside the US, if selected? Maybe just a weird coincidence but I gave CB all the credit!
The difference is that the old bsd box had 1.7 and this one is the latest 1.9 version. I also have outbound blocked now (not before) on all NICs (WAN, server, backup server, son's) except the one for my personal lan as not to interfere with my browsing. Whitelist is still empty. Email settings are also added now but every time I test I get a Warning fsockopen() error. Thoughts?
UPDATE 1:
Just a quick thought - I used to have IP Blocklist on the old box with a few .gz installed…but I eventually had it disabled as it was blocking a lot of stuff and then CB came out. It just seems that if I checked a certain country under CB then I wouldn't see anymore email from that country...UPDATE 2:
Well I installed IP-Blocklist and it didn't block the spam but it did a few other sites which I'll need to clean up. Weird. Why would I be getting spam in from countries that are blocked? Well I went ahead and uninstalled the package, rebooted pfsense, reinstalled Country Block, and just re-configured it. The only difference I have on this box vs. the old one is that (besides not being version 1.7) I have block outbound checked and I only have the first option under "Interfaces" unchecked which is LAN.UPDATE 3:
Well I just checked Country Block…damn more foreign spam. This time I'm going to unblock outgoing, select all my interfaces, and then reboot. That's it, everything is as it was on the old box outside of this being a newer version. I'm stumped if this doesn't work.UPDATE 4:
Well I'm confused now…I'm still receiving spam from all sorts of countries. Any ideas as to what I could be doing wrong?I've read your post over a couple times now and it doesn't make any sense to me.
I do have an idea for you to test. You mention that the LAN interface is not selected under the Interfaces tab. Select that for me and save the changes. I do recommend to everyone to have all interfaces selected.Test will all interfaces selected and let me know if that works.
-
I've read your post over a couple times now and it doesn't make any sense to me.
I do have an idea for you to test. You mention that the LAN interface is not selected under the Interfaces tab. Select that for me and save the changes. I do recommend to everyone to have all interfaces selected.Test will all interfaces selected and let me know if that works.
All interfaces have been checked since "update 4" and I'm going to re-check block outbound. I now got 245/246 countries (not US) selected and it says I am blocking 70330 Networks. I have no whitelist and no email is configured. I just removed the cron command and rebooted just in case. I'm at a loss - the only difference I have now is simply the version was 1.7 and now is 1.9. Anyone else experiencing anything with version 1.9? Is there a temporary rollback for testing?
-
I've read your post over a couple times now and it doesn't make any sense to me.
I do have an idea for you to test. You mention that the LAN interface is not selected under the Interfaces tab. Select that for me and save the changes. I do recommend to everyone to have all interfaces selected.Test will all interfaces selected and let me know if that works.
All interfaces have been checked since "update 4" and I'm going to re-check block outbound. I now got 245/246 countries (not US) selected and it says I am blocking 70330 Networks. I have no whitelist and no email is configured. I just removed the cron command and rebooted just in case. I'm at a loss - the only difference I have now is simply the version was 1.7 and now is 1.9. Anyone else experiencing anything with version 1.9? Is there a temporary rollback for testing?
I could look and see if I have a backup of the old version but it would be moot. The underlying way that 1.9 and any other version including 1.0 works is by editing the pf firewall. 1.9 just has some nice bells and whistles but it's not to different the my first version.
Can you locate the IPs or even a single IP that continues to SPAM you? We can find out exactly what is going on if you can give me some IPs.
-
Are you hosting your own mailserver?
It doesnt work if your uplink mailexchanger is not in a blacklistet country or have CB installed. Therefore the FW is not blocking the mails….
Very simple.
-
I could look and see if I have a backup of the old version but it would be moot. The underlying way that 1.9 and any other version including 1.0 works is by editing the pf firewall. 1.9 just has some nice bells and whistles but it's not to different the my first version.
Can you locate the IPs or even a single IP that continues to SPAM you? We can find out exactly what is going on if you can give me some IPs.
Well going back probably isn't the problem as no one else is mentioning anything. It has to be something on my box here.
For some IPs:
187.0.71.242 - Brazil
84.55.115.109 - Sweden
95.153.123.72 - Moldova, Republic of
122.178.183.132 - India
110.136.188.169 - Indonesia
110.138.16.91 - Indonesia
41.182.128.63 - Namibia
95.132.175.117 - Ukraine
178.94.120.115 - (emailed twice, ?)
89.254.241.130 - Russian Federation
89.231.54.200 - Poland
110.136.251.98 - IndonesiaThese are just from spam I received last night… I go to here for IP lookup.
Are you hosting your own mailserver?
It doesnt work if your uplink mailexchanger is not in a blacklistet country or have CB installed. Therefore the FW is not blocking the mails….
Very simple.
Well I am piggy backing off my ISPs relay server settings but yes I have my own email residing on my own server/domain. Nothing overly fancy but an educational project all together. I got every country except the US selected and I seemed to be able to successfully block all spam on the old bsd box where if I unblocked a country then the next day I may have a few from that country. What is simple to you is still quite a challenge for me…thank you though for your patience.
-
Did you change mailserver software when changing bsd box?
-
Did you change mailserver software when changing bsd box?
Mailserver software…I didn't change anything on my server except the static IP so that it would reflect the new network. My server resides on Opt2. Was there a switch somewhere in the bsd box that I may have quite possibly overlooked? I did compare the two before switching them out however with all the details and human error it is quite possible.
-
Did you change mailserver software when changing bsd box?
Mailserver software…I didn't change anything on my server except the static IP so that it would reflect the new network. My server resides on Opt2. Was there a switch somewhere in the bsd box that I may have quite possibly overlooked? I did compare the two before switching them out however with all the details and human error it is quite possible.
Can you PM me the contents of /tmp/rules.debug Make sure countryblock is running before sending me the contents.
You can also email to me if you like. -
Well I plugged in the old bsd box and walla…not a piece of spam except three marked from the US. So I looked over everything and the only change I could see was the MAC address of the WAN which gave me a different IP so I cloned it to keep the old IP address and then I put the Server on LAN. We'll see what happens next.
UPDATE:
Well I got a ton of spam again. There must be some hidden change between the two as one blocks and the other doesn't. The CB, LAN, NAT, and Rules settings are all the same. -
Well I plugged in the old bsd box and walla…not a piece of spam except three marked from the US. So I looked over everything and the only change I could see was the MAC address of the WAN which gave me a different IP so I cloned it to keep the old IP address and then I put the Server on LAN. We'll see what happens next.
UPDATE:
Well I got a ton of spam again. There must be some hidden change between the two as one blocks and the other doesn't. The CB, LAN, NAT, and Rules settings are all the same.Can you zip the contents of /usr/local/www/packages/countryblock and email it to me. I will compare line by line and see what could have changed for you. Also email me your xml config. I want to replicate your issues in a virtual network over here. Your problem really intrigues me since I have no clue what the problem may be.
-
Hi everybody
First of all a great thank to Countryblock developers !
I have not understood what the email tab is used to ?
Therefore I have configured it.
SMTP auth no (All hosts on the lan can access the Postfix server)
SMTP security none
Host my_mail_server
Port 25
Username leave_blank
Password leave_blank
From email address my_own_address
To email address admin_address
Subject TestWhen I click "Save" I have a blank screen and my configuration is not saved when I come back to the email tab.
When I fill in username, password after saving I click "Test" and I get the following error message :
Warning: fsockopen(): php_network_getaddresses: getaddrinfo failed: hostname nor servname provided, or not known in /usr/local/www/packages/countryblock/class.smtp.php on line 122 Warning: fsockopen(): unable to connect to none://zimbra:25 in /usr/local/www/packages/countryblock/class.smtp.php on line 122 Mailer Error: SMTP Error: Could not connect to SMTP host.
I have the same error when I replace the name of my mail server with its IP address.
Any ideas ?
Anticipated thanks.
Best regards.
Bernard
-
Hi everybody
First of all a great thank to Countryblock developers !
I have not understood what the email tab is used to ?
Therefore I have configured it.
SMTP auth no (All hosts on the lan can access the Postfix server)
SMTP security none
Host my_mail_server
Port 25
Username leave_blank
Password leave_blank
From email address my_own_address
To email address admin_address
Subject TestWhen I click "Save" I have a blank screen and my configuration is not saved when I come back to the email tab.
When I fill in username, password after saving I click "Test" and I get the following error message :
Warning: fsockopen(): php_network_getaddresses: getaddrinfo failed: hostname nor servname provided, or not known in /usr/local/www/packages/countryblock/class.smtp.php on line 122 Warning: fsockopen(): unable to connect to none://zimbra:25 in /usr/local/www/packages/countryblock/class.smtp.php on line 122 Mailer Error: SMTP Error: Could not connect to SMTP host.
I have the same error when I replace the name of my mail server with its IP address.
Any ideas ?
Anticipated thanks.
Best regards.
Bernard
Bernard,
I believe this was addressed on page 20 as I had a similar problem…go back a few pages and you should find the answer. I'll let you know when I get to this point of pfsense.
Right now I succumbed to hitting the "Factory defaults" button but this time I am incrementally setting up pfsense. Only LAN and WAN are configured leaving OPT1,2,3,4,5 offline along with configuring the Aliases, NAT, and Rules. I installed CB and wow...not a single spam since setup last night. I'm leaning towards the conclusion that there was some odd switch flipped or forgotten on the last setup as it is working now, or so it seems. Tonight I will backup my current configuration and attempt a few more settings.
I know this has been mentioned before and I believe the reason it was mentioned not done was due to a certain clearance level was needed but having a log just for CB showing what has been blocked for x hours/days would be awesome if just to confirm that stuff is blocked and that nothing has gone array with the configuration. I know the System logs --> firewall are supposed to list something but I'm not familiar with deciphering what was blocked because of CB and what was for something else.
-
I cannot for the life of me KEEP countryblock running. I've been all over this forum trying to find a resolution that works. I've implemented cron jobs to restart the app, which it does, however it doesnt appear to truly be running as, even though I have block outbound checked, I can still connect to countries that are checked. Ive tried uninstalling every package I have, reinstalling CB, restarting the box PFsense is running on, everything I can possibly think of and yet after 5-15 minutes CB just stops working. I have to manually restart it, it works, then a few minutes later its not working again even though the logs say that it was found not running, then cron restarts it, but its not actually working. Sooo frustrating.
Can anyone help? What do I need to provide?
-
I had a similar problem myself and the outbound does work but what I found is that I had to make sure ALL the interfaces are selected and then go to:
/usr/local/www/packages/countryblock/interfaces.txt
delete any text in there and replace simply with "any" (no quotes).
-
Any ideas why Country Block doesn't start automatically after a system reboot? I'm running the embedded pfsense 2.0beta4 on an alix device. I have to go in and select enable after each reboot to start it.
Thanks.
-
I had a similar problem myself and the outbound does work but what I found is that I had to make sure ALL the interfaces are selected and then go to:
/usr/local/www/packages/countryblock/interfaces.txt
delete any text in there and replace simply with "any" (no quotes).
Thanks for the assistance! I checked that file and indeed 'any' is the only text in that file.
I uninstalled lightsquid thinking that perhaps it is causing the issue, considering I see a cronjob running a lightsquid script every 15 minutes. That did not work. For some reason, every 15 minutes it shuts down even though it appears to be running. Very odd.
-
@yaw:
Any ideas why Country Block doesn't start automatically after a system reboot? I'm running the embedded pfsense 2.0beta4 on an alix device. I have to go in and select enable after each reboot to start it.
Thanks.
Have you had any other issues with CB while using the 2.0 beta of pfsense? If not I may give the beta a shot since I cannot seem to resolve my current issues with CB on 1.23.
-
Yeah the email setting page doesn't work. I get a crazy long SSL error when I try and submit a test email. I figure I'll tackle that once I figure out how to start it automatically upon reboot.
-
Good luck mate.
FWIW it appears that either squid or a misconfiguration of squid is what was causing my issue. I removed squids cron jobs and uninstalled the package again, and now CB seems to stay running. Going to test for a day and see what happens. Hopefully I can figure out how to have both co-exist happily as I like squid.