Introduction - Welcome to CFM
๐ CFM Feature Summary
CFM is a powerful system for managing threat intelligence, spam filtering, phishing protection, and reputation data โ backed by automation and agent-based sync.
๐ก๏ธ Security & Threat Intelligence
-
Blocklist & Whitelist Management (IP & domain)
-
Reverse DNS, ASN, GeoIP, and country resolution
-
Keyword-based spam detection
-
Phishing URL detection & logging
๐ Automation & Scheduling
-
Scheduled feed imports, auto-deletion, and rule generation
-
Commands for IP list generation, rule updates, config sync
-
Cron-style job scheduling with overlap protection
๐ฐ๏ธ Agent Infrastructure (C++-Based)
-
Syncs config and rule files
-
Reports blocks, unblocks, and last seen
-
Triggers service restarts after updates
-
Integrates with unblock portal for auto-removal
-
Sends Slack alerts for offline agents
๐งช Antivirus & RBL Integration
-
Generates ClamAV signatures from phishing URLs and file hashes (MD5/SHA1/SHA256)
-
Maintains SpamAssassin-compatible phishing DB
-
Exports RBL and URIBL zones for RBLDNSD
๐ป API & External Access
-
Token-authenticated API for:
-
Checking block status
-
Reporting blocks/unblocks
-
Fetching rules/feeds
-
Submitting config/trigger reports
-
-
Optional rate limiting and IP filtering
๐ Admin Panel (Filament)
-
Dashboard with real-time widgets and charts
-
Interfaces for:
-
Spam keywords
-
Block/allow lists
-
Feed logs
-
Unblock requests
-
Agent activity
-
๐ Web Interface
-
Public-facing Unblock Request Form
-
Feed endpoints (IP, domain, phishing, etc.)
-
Admin redirect and login flow
๐ก Bonus Features
-
File-based config sync with integrity hashing
-
Config-targeting for agent groups
-
Slack alerts and activity logs
-
Multi-source feed support (manual, API, auto)
๐ Key Features
โ
Blocklist & Whitelist Management
Manage IPs and domains across multiple lists, including manual entries, feed imports, and API-reported threats.
โ Spam & Phishing Protection
-
Keyword-based spam filtering (supports Greek/Greeklish, loose/strict)
-
Maintains a live phishing URL database
-
Generates ClamAV-compatible virus definitions from phishing URLs and file hashes (MD5/SHA1/SHA256)
โ
RBL & URIBL Generator
Creates real-time blocklists and URI lists (RBLDNSD format) for DNS-based blacklisting โ used by SpamAssassin, Postfix, etc.
โ
GeoIP Intelligence for Blocklist Entries
Automatically resolves:
-
Reverse DNS (PTR)
-
ASN and ISP
-
Country and region This enables rich filtering, analytics, and decision-making.
โ
Automated Feed Processing
Processes threat feeds on a schedule with logs and rule generation.
โ
Agent Communication & API
Lightweight agents (or servers) can:
-
Report blocked IPs back to CFM
-
Fetch updates and policy
-
Submit files, triggers, logs, etc.
โ
Dashboard with Widgets & Metrics
Summarized view of:
-
Top IPs by country or source
-
Phishing trends
-
Recent feed activity
-
System health and jobs
โ
Unblock Request Portal
Public-facing form for users to request delisting โ reviewed via admin panel.
โ
Full Admin UI via Filament
Modern interface for managing:
-
Spam keywords
-
Feeds & logs
-
Phishing database
-
Block/allow lists
-
Scheduled jobs
-
Settings & tokens
โ Scheduled Jobs & Artisan Tools
-
Generate IP and domain blocklists
-
Run cleanup jobs
-
Sync filesystem configs
-
Rebuild ClamAV signatures
-
Trigger per-feed processing
โ
Agent Infrastructure (C++ Powered)
Includes high-performance C++ agents deployed on remote servers that:
-
๐ Sync configuration and rule files from CFM
-
๐ค Report blocked and unblocked IPs
-
๐งผ Remove blocks upon updates or unblocks
-
โป๏ธ Restart services (e.g., mail, firewall) when needed
-
๐งญ Report "last seen" heartbeat to monitor health
-
๐ Trigger Slack alerts if an agent goes offline
-
๐ค Integrate with the public unblock form to re-allow mistakenly blocked users
โ
Blocklist & Whitelist Management
Manage IPs and domains across multiple lists (manual, API, or feed-driven), enriched with PTR, ASN, country, and GeoIP.
โ Phishing & Spam Defense
-
Greek-aware spam keyword detection (strict/loose)
-
Maintains a phishing URL database
-
Generates ClamAV virus signatures from URLs and hashes (MD5/SHA1/SHA256)
-
Exports phishing data for SpamAssassin compatibility
โ
RBL & URIBL Generation
Creates and serves real-time DNS blacklists (RBLDNSD format) for both IP and domain-based blocklists.
โ
Scheduled Feed Ingestion & Rule Generation
Automates external feed syncing and keyword/rule building via Laravel Scheduler and Artisan commands.
โ
Admin Dashboard
Modern UI with dashboard widgets, charts, and management panels for:
-
Blocked items
-
Keyword rules
-
Feed logs
-
Unblock requests
-
Agent status
โ
Unblock Request Portal
Frontend form where blocked users can request removal โ triggers backend unblock workflows and agent sync.
โ
API Interface
Secure, token-authenticated API to:
-
Check IP/domain status
-
Report blocks/unblocks
-
Pull feed or rule updates
-
Trigger diagnostics or config checks
โ
ClamAV + CSF Integration
Outputs live files for:
-
IP blocklists (
csf.deny) -
ClamAV custom signatures
-
RBLDNSD-based DNS lists
๐ก Bonus Features
-
Slack integration for agent down alerts
-
Per-country analytics of blocked IPs
-
Top reporters / sources breakdown
-
File-based config sync and hashing
-
Agent group targeting for rules
๐ง Use Cases
-
Internal spam firewall
-
Self-hosted RBL/URIBL provider
-
CSF / UFW / iptables blocklist hub
-
Aggregator for multiple threat feeds
-
Email security gateway enhancement
-
Coordinated threat response via reporting agents
๐ก Built With
-
Laravel + Filament (UI)
-
MySQL (DB)
-
Tailwind (optional UI)
-
GeoLite2 (GeoIP)
-
Artisan + Laravel Scheduler
-
RBLDNSD & SpamAssassin compatibility
-
API-first design
No Comments