### Setting up Guardian Ops Steps Source: https://abusix.com/docs/setting-up-guardian-ops Provides a list of initial setup steps for the Guardian Ops platform. These steps guide users through essential configurations for managing network abuse. ```APIDOC GuardianOps Setup: - Get started by forwarding your abuse reports URL: https://abusix.com/docs/abusehq/get-started-by-forwarding-your-abuse-reports/ Description: Instructions on how to begin by sending abuse reports to the system. - Create user accounts URL: https://abusix.com/docs/abusehq/create-user-accounts/ Description: Guide for creating new user accounts within the Abusix platform. - Enable 2FA URL: https://abusix.com/docs/abusehq/enable-2fa-at-app-abusix-com/ Description: Steps to activate Two-Factor Authentication for enhanced security. - Configure your mail settings URL: https://abusix.com/docs/abusehq/configure-your-mail-settings/ Description: Details on how to set up and customize email configurations for the service. ``` -------------------------------- ### Example Python Code for API Post Source: https://abusix.com/docs/global-reporting/getting-started-with-the-abusix-global-reporting-service This snippet demonstrates how to use example code to post abuse report data to the Abusix API. It serves as a practical guide for integrating with the service. ```Python # This is a placeholder for example Python code. # The actual code would involve: # 1. Preparing data according to XARF schema. # 2. Making an HTTP POST request to the Abusix API endpoint (https://app.abusix.com). # 3. Including necessary authentication (e.g., API Key). # 4. Handling the response from the API. # Example structure (conceptual): # import requests # import json # api_url = "https://app.abusix.com/api/v1/reports" # api_key = "YOUR_API_KEY" # report_data = { # "report_type": "spam", # "source_ip": "192.0.2.1", # "timestamp": "2023-10-27T10:00:00Z", # "details": "Example report details..." # # ... other XARF compliant fields # } # headers = { # "Content-Type": "application/json", # "Authorization": f"Bearer {api_key}" # } # try: # response = requests.post(api_url, headers=headers, data=json.dumps(report_data)) # response.raise_for_status() # Raise an exception for bad status codes # print("Report submitted successfully:", response.json()) # except requests.exceptions.RequestException as e: # print(f"Error submitting report: {e}") # For actual implementation, refer to the example code at: https://github.com/abusix/global-reporting ``` -------------------------------- ### SHA-1 Hashing Example Source: https://abusix.com/docs/abusix-mail-intelligence/beta-zones An example demonstrating how a BTC Wallet address is converted into its SHA-1 hash, as used in the btc-wallets beta zone. ```text SHA-1(15GWKdT8e1o6GcDTZMQZRiZng2Q6dLX8Aw) -> e108c5b4bde457dcc35f009d05a21fa383eda04c ``` -------------------------------- ### Example rbldnsd Configuration File Source: https://abusix.com/docs/abusix-mail-intelligence/using-rsync-and-rbldnsd A complete example of a working rbldnsd configuration file. It includes the ABUSIX_ZONE environment variable and the RBLDNSD variable, which defines the server options and all the zone entries. ```shell ABUSIX_ZONE="mail.abusix.zone" RBLDNSD="- -a -f -b 0.0.0.0/5353 -r /var/lib/rbldnsd -l +logs/query.log -s +logs/stats.log \ black.$ABUSIX_ZONE:combined:zones/abusix/black.zone \ exploit.$ABUSIX_ZONE:combined:zones/abusix/exploit.zone \ dynamic.$ABUSIX_ZONE:combined:zones/abusix/dynamic.zone \ white.$ABUSIX_ZONE:combined:zones/abusix/white.zone \ authbl.$ABUSIX_ZONE:combined:zones/abusix/authbl.zone \ dblack.$ABUSIX_ZONE:combined:zones/abusix/dblack.zone \ shorthash.$ABUSIX_ZONE:combined:zones/abusix/shorthash.zone \ dishash.$ABUSIX_ZONE:combined:zones/abusix/diskhash.zone \ nod.$ABUSIX_ZONE:combined:zones/abusix/nod.zone \ combined.$ABUSIX_ZONE:combined:zones/abusix/black.zone \ combined.$ABUSIX_ZONE:combined:zones/abusix/exploit.zone \ combined.$ABUSIX_ZONE:combined:zones/abusix/dynamic.zone" ``` -------------------------------- ### Rspamd Configuration Hint Source: https://abusix.com/docs/abusix-mail-intelligence/beta-zones A note indicating that Rspamd users should refer to Abusix setup instructions for necessary code to integrate beta list lookups. ```text Rspamd Please look at our set-up instructions for rspamd, which contains the necessary code to do these lookups. See Getting Started ``` -------------------------------- ### Python Example for AbuseHQ API Authentication Source: https://abusix.com/docs/abusehq/using-api-keys-to-access-data-in-abusehq Demonstrates how to authenticate with the AbuseHQ API using an API Key in the Authorization header with the Python requests library. It shows how to set up headers and make a GET request to a sample endpoint. ```python import requests import json headers = { 'Authorization': 'Bearer ', 'Content-Type': 'application/json', } url = 'https://.abusehq.net/api/v1/networks/tags' response = requests.request('GET', url, headers=headers) print(response.text) ``` -------------------------------- ### Rspamd Integration for Shorthash Blocklist Source: https://abusix.com/docs/abusix-mail-intelligence/production-zones Highlights the need for specific support in mail platforms to utilize the Shorthash Blocklist, mentioning Rspamd as an example that requires custom setup instructions for these lookups. ```APIDOC RspamdIntegration: Requirement: Requires support added to the mail platform for new anti-spam checks. Example: Rspamd setup instructions contain the necessary code for performing Shorthash lookups. Note: Consult specific Rspamd documentation for implementation details. ``` -------------------------------- ### Domain Blocklist DNS Query Example Source: https://abusix.com/docs/abusix-mail-intelligence/production-zones Demonstrates how to query the Domain Blocklist using the 'host' command. It shows the expected output for a query that matches multiple return codes. ```bash $ host 2.0.0.127..dblack.mail.abusix.zone. 2.0.0.127..dblack.mail.abusix.zone has address 127.0.1.1 2.0.0.127..dblack.mail.abusix.zone has address 127.0.1.2 2.0.0.127..dblack.mail.abusix.zone has address 127.0.1.3 ``` -------------------------------- ### Query Policy Blocklist via DNS Source: https://abusix.com/docs/abusix-mail-intelligence/production-zones This example demonstrates how to query the Abusix Policy Blocklist using the 'host' command. It checks if a specific IP address is listed and what the corresponding return code signifies. ```bash $ host 2.0.0.127..dynamic.mail.abusix.zone. 2.0.0.127..dynamic.mail.abusix.zone has address 127.0.0.11 2.0.0.127..dynamic.mail.abusix.zone has address 127.0.0.12 ``` -------------------------------- ### Liquid Templating Syntax Examples Source: https://abusix.com/docs/abusehq/email-templates-configuration Demonstrates basic Liquid syntax for inserting dynamic data, applying default values, and implementing conditional logic in email templates. These examples are essential for customizing content based on user or product attributes. ```Liquid {{ user.name }} ``` ```Liquid {{ user.mood | default: ‘😃’ }} ``` ```Liquid {% if product.rating >= 4 %} These shoes are awesome! {% endif %} ``` ```Liquid {% if customer.name == ‘kevin’ %} Hey Kevin! {% elsif customer.name == ‘anonymous’ %} Hey Anonymous! {% else %} Hi Stranger! {% endif %} ``` ```Liquid {% comment %} This is a block comment in Liquid {% endcomment %} ``` -------------------------------- ### Install querycontacts CLI Tool Source: https://abusix.com/docs/abuse-contact-db/getting-started-abuse-contact-db A Python-based command-line tool named 'querycontacts' is available for querying abuse contacts. It can be installed using pip, which manages its dependencies and makes it accessible from your terminal. ```shell $ pip install querycontacts ``` -------------------------------- ### Spam Blocklist Query Example Source: https://abusix.com/docs/abusix-mail-intelligence/production-zones Demonstrates how to query the Abusix Mail Intelligence Spam Blocklist using the 'host' command with a reversed IP address and the API key. ```bash $ host 2.0.0.127..black.mail.abusix.zone. 2.0.0.127..black.mail.abusix.zone has address 127.0.0.2 2.0.0.127..black.mail.abusix.zone has address 127.0.0.3 2.0.0.127..black.mail.abusix.zone has address 127.0.0.200 ``` -------------------------------- ### Comparison Tool Usage and Options Source: https://abusix.com/docs/abusix-mail-intelligence/setup-of-the-comparison-tool Displays the usage instructions and available command-line options for the Abusix Comparison Tool when run without arguments. It outlines required parameters like API key and list, and optional flags for debugging and caching. ```APIDOC Usage: ami_compare.linux --apikey --list Options: --version Show version number [boolean] --apikey Guardian Mail API key [required] --list DNS suffix of the DNSBL to compare against [required] --debug Write debug output to stderr [boolean] --cache Cache result data to reduce DNS load [boolean] -h, --help Show help [boolean] Copyright 2021, Abusix Inc. Node v8.17.0 (x64) Using DNS servers: 1.1.1.1 Not enough non-option arguments: got 0, need at least 1 ``` -------------------------------- ### Abusix Documentation Overview Source: https://abusix.com/docs/getting-started-with-abuse-management Provides links to key documentation sections and resources for Abusix products and services. This includes guides on abuse management, threat intelligence, and specific tools. ```APIDOC Abusix Documentation: URL: http://docs.abusix.com Description: Detailed technical insights and guides for Abusix products. Getting Started with Abuse Management: URL: https://abusix.com/docs/getting-started-with-abuse-management/ Description: A guide to help users begin managing abuse with Abusix tools. Forwarding Abuse Data: URL: https://abusix.com/docs/abuse-insights-dashboard/forwarding-your-abuse-data/ Description: Instructions on how to forward abuse data to the Abusix Insights Dashboard. Threat Intel Lookup: URL: http://lookup.abusix.com/ Description: A free tool for real-time threat intelligence lookups. Blackhole MX: URL: https://abusix.com/blackhole-mx-anti-spam-solution/ Description: A free tool designed to combat spam and abuse. XARF: URL: https://abusix.com/xarf/ Description: A free tool for reporting and stopping cyber attacks. ``` -------------------------------- ### Make Comparison Tool Executable Source: https://abusix.com/docs/abusix-mail-intelligence/setup-of-the-comparison-tool This command makes the downloaded comparison tool binary executable on Linux systems. It's a prerequisite before running the tool. ```shell $ chmod +x ami_compare_linux ``` -------------------------------- ### Subscriber Resolver JSON Example Source: https://abusix.com/docs/abusehq/subscriber-data-model An example JSON structure representing data used by the Subscriber Resolver to associate events with specific subscribers and contracts, including custom resolver data. ```json { "subscriber": { "id": "", "resolver_data": { "": "", "": "" } }, "contract": { "id": "", "resolver_data": { "": "", "": "" } } } ``` -------------------------------- ### Welcome List Details Source: https://abusix.com/docs/abusix-mail-intelligence/production-zones Provides details for the Abusix Welcome List, including its status, types of data it handles (IPv4, IPv6, Domain), its Cloud DNS namespace, Rsync file path, return codes, and test points. ```APIDOC Welcome List: Status: Production Type: IPv4, IPv6, Domain Cloud DNS namespace: .white.mail.abusix.zone. Rsync File: lists/white.zone Return Codes: 127.0.2.1 Test Points: 127.0.0.2, ::FFFF:7F00:2, 127.0.2.1 Description: Aggregates multiple whitelist sources including IPv4, IPv6, and domains. All sources return the same return code. Sources include DNSWL, Return-Path Whitelist (IP and Domain), and Abusix Whitelist (IP and Domain). Warning: Not for use as a 'never sends spam' list or to grant free passage; useful for excluding hosts from greylisting to avoid false positives. ``` -------------------------------- ### XARF Schemas Examples Source: https://abusix.com/docs/xarf/xarf-use-cases Provides links to example schemas for various abuse report types, including trademark, copyright, login attacks, spam, and phishing. These schemas define the uniform reporting format used by XARF. ```APIDOC Trademark Schema: URL: https://github.com/abusix/xarf/blob/master/samples/positive/2/trademark_sample.json Description: Defines the structure for reporting trademark infringement. Copyright Schema: URL: https://github.com/abusix/xarf/blob/master/samples/positive/2/copyright_sample.json Description: Defines the structure for reporting copyright violations. LogIn Attack Schema: URL: https://github.com/abusix/xarf/blob/master/samples/positive/2/loginattack_sample.json Description: Defines the structure for reporting dictionary attacks or unauthorized login attempts. Spam Schema: URL: https://github.com/abusix/xarf/blob/master/samples/positive/2/spam_sample.json Description: Defines the structure for reporting spam complaints. Phishing Schema: URL: https://github.com/abusix/xarf/blob/master/samples/positive/2/phishing_sample.json Description: Defines the structure for reporting phishing attempts. All Schemas Examples: URL: https://github.com/abusix/xarf/tree/master/samples/positive/2 Description: A collection of all available schema examples for XARF. ``` -------------------------------- ### Process Postfix Logs in Real-time with Comparison Tool Source: https://abusix.com/docs/abusix-mail-intelligence/running-the-comparison-tool This example demonstrates piping output from `tail` and `grep` commands to extract IP addresses from Postfix mail logs. The extracted IPs are then fed into the `ami_compare_linux` tool via standard input for real-time analysis. It requires GNU grep for the `--line-buffered` option for efficient processing. ```shell $ tail -f /var/log/mail.log | grep --line-buffered -P '\bconnect from\b' | grep --line-buffered -Po '\d+\.\d+\.\d+\.\d+' | ./ami_compare_linux --apikey API_KEY --list bb.barracudacentral.org - > results.csv Processed 696 items, errors 0, cache hits 0, queue length 115 Count % Unique % Blocked WL % Guardian Mail 663 95.3 240 36.2 0 0.0 bb.barracudacentral.org 423 60.8 0 0.0 0 0.0 Not Listed 33 - - - - - ``` -------------------------------- ### Run Comparison Tool Command Source: https://abusix.com/docs/abusix-mail-intelligence/running-the-comparison-tool Executes the Abusix Comparison Tool with the necessary API key and DNS list, redirecting standard output to a CSV file for analysis. The tool requires an API key, a DNS list (e.g., a domain name), and a file containing IP addresses to check. ```shell $ ./ami_compare_linux --apikey API_KEY --list bb.barracudacentral.com ips_to_test > results.csv ``` -------------------------------- ### Example Data Packet Format Source: https://abusix.com/docs/data-channels/submitting-mta-transaction-feeds-via-udp-to-data-channels Illustrates the structure of a data packet sent over UDP, showing each field separated by a line-feed character (\n). This example demonstrates the expected format for various data points like Feed ID, Timestamp, IP Address, and more. ```text txnNNN\n1540299376001\n25\n127.0.0.1\nlocalhost\nthis.is.a.test.helo\nN\nN\nN\ntest.com\n\n8c86e0ab24415f726e4def79ce9502c5 ```