# Introduction - Welcome to CFM ## ๐Ÿš€ CFM Feature Summary CFM is a powerful system for managing threat intelligence, spam filtering, phishing protection, and reputation data โ€” backed by automation and agent-based sync. --- ### ๐Ÿ›ก๏ธ Security & Threat Intelligence - **Blocklist & Whitelist Management** (IP & domain) - **Reverse DNS**, **ASN**, **GeoIP**, and **country resolution** - **Keyword-based spam detection** - **Phishing URL detection & logging** --- ### ๐Ÿ” Automation & Scheduling - Scheduled **feed imports**, **auto-deletion**, and **rule generation** - Commands for IP list generation, rule updates, config sync - Cron-style job scheduling with overlap protection --- ### ๐Ÿ›ฐ๏ธ Agent Infrastructure (C++-Based) - Syncs config and rule files - Reports **blocks**, **unblocks**, and **last seen** - Triggers service restarts after updates - Integrates with unblock portal for auto-removal - Sends **Slack alerts** for offline agents --- ### ๐Ÿงช Antivirus & RBL Integration - Generates **ClamAV signatures** from phishing URLs and file hashes (MD5/SHA1/SHA256) - Maintains **SpamAssassin-compatible phishing DB** - Exports **RBL and URIBL zones** for RBLDNSD --- ### ๐Ÿ’ป API & External Access - Token-authenticated API for: - Checking block status - Reporting blocks/unblocks - Fetching rules/feeds - Submitting config/trigger reports - Optional **rate limiting** and **IP filtering** --- ### ๐Ÿ“Š Admin Panel (Filament) - Dashboard with real-time widgets and charts - Interfaces for: - Spam keywords - Block/allow lists - Feed logs - Unblock requests - Agent activity --- ### ๐ŸŒ Web Interface - Public-facing **Unblock Request Form** - Feed endpoints (IP, domain, phishing, etc.) - Admin redirect and login flow --- ### ๐Ÿ’ก Bonus Features - File-based config sync with integrity hashing - Config-targeting for agent groups - Slack alerts and activity logs - Multi-source feed support (manual, API, auto) ### ๐Ÿ”‘ Key Features โœ… **Blocklist & Whitelist Management** Manage IPs and domains across multiple lists, including manual entries, feed imports, and API-reported threats. โœ… **Spam & Phishing Protection** - Keyword-based spam filtering (supports Greek/Greeklish, loose/strict) - Maintains a live phishing URL database - Generates **ClamAV-compatible** virus definitions from phishing URLs and file hashes (MD5/SHA1/SHA256) โœ… **RBL & URIBL Generator** Creates real-time blocklists and URI lists (RBLDNSD format) for DNS-based blacklisting โ€” used by SpamAssassin, Postfix, etc. โœ… **GeoIP Intelligence for Blocklist Entries** Automatically resolves: - Reverse DNS (PTR) - ASN and ISP - Country and region This enables rich filtering, analytics, and decision-making. โœ… **Automated Feed Processing** Processes threat feeds on a schedule with logs and rule generation. โœ… **Agent Communication & API** Lightweight agents (or servers) can: - Report blocked IPs back to CFM - Fetch updates and policy - Submit files, triggers, logs, etc. โœ… **Dashboard with Widgets & Metrics** Summarized view of: - Top IPs by country or source - Phishing trends - Recent feed activity - System health and jobs โœ… **Unblock Request Portal** Public-facing form for users to request delisting โ€” reviewed via admin panel. โœ… **Full Admin UI via Filament** Modern interface for managing: - Spam keywords - Feeds & logs - Phishing database - Block/allow lists - Scheduled jobs - Settings & tokens โœ… **Scheduled Jobs & Artisan Tools** - Generate IP and domain blocklists - Run cleanup jobs - Sync filesystem configs - Rebuild ClamAV signatures - Trigger per-feed processing โœ… **Agent Infrastructure (C++ Powered)** Includes high-performance **C++ agents** deployed on remote servers that: - ๐Ÿ”„ Sync configuration and rule files from CFM - ๐Ÿ“ค Report blocked and unblocked IPs - ๐Ÿงผ Remove blocks upon updates or unblocks - โ™ป๏ธ Restart services (e.g., mail, firewall) when needed - ๐Ÿงญ Report "last seen" heartbeat to monitor health - ๐Ÿ”” Trigger Slack alerts if an agent goes offline - ๐Ÿค Integrate with the public unblock form to re-allow mistakenly blocked users โœ… **Blocklist & Whitelist Management** Manage IPs and domains across multiple lists (manual, API, or feed-driven), enriched with PTR, ASN, country, and GeoIP. โœ… **Phishing & Spam Defense** - Greek-aware spam keyword detection (strict/loose) - Maintains a phishing URL database - Generates **ClamAV virus signatures** from URLs and hashes (MD5/SHA1/SHA256) - Exports phishing data for **SpamAssassin compatibility** โœ… **RBL & URIBL Generation** Creates and serves real-time DNS blacklists (RBLDNSD format) for both IP and domain-based blocklists. โœ… **Scheduled Feed Ingestion & Rule Generation** Automates external feed syncing and keyword/rule building via Laravel Scheduler and Artisan commands. โœ… **Admin Dashboard** Modern UI with dashboard widgets, charts, and management panels for: - Blocked items - Keyword rules - Feed logs - Unblock requests - Agent status โœ… **Unblock Request Portal** Frontend form where blocked users can request removal โ€” triggers backend unblock workflows and agent sync. โœ… **API Interface** Secure, token-authenticated API to: - Check IP/domain status - Report blocks/unblocks - Pull feed or rule updates - Trigger diagnostics or config checks โœ… **ClamAV + CSF Integration** Outputs live files for: - IP blocklists (`csf.deny`) - ClamAV custom signatures - RBLDNSD-based DNS lists --- ### ๐Ÿ’ก Bonus Features - Slack integration for agent down alerts - Per-country analytics of blocked IPs - Top reporters / sources breakdown - File-based config sync and hashing - Agent group targeting for rules --- --- ### ๐Ÿง  Use Cases - Internal **spam firewall** - Self-hosted **RBL/URIBL provider** - **CSF / UFW / iptables** blocklist hub - Aggregator for multiple **threat feeds** - **Email security gateway** enhancement - Coordinated threat response via **reporting agents** --- ### ๐Ÿ’ก Built With - Laravel + Filament (UI) - MySQL (DB) - Tailwind (optional UI) - GeoLite2 (GeoIP) - Artisan + Laravel Scheduler - RBLDNSD & SpamAssassin compatibility - API-first design