scripts/rblcheck.sh

#!/usr/bin/env bash
# Author:  Oliver Ladner <oli@lugh.ch>
# License: LGPL
#
# Checks if given IP is listed on various DNSBL found on:
# - http://multirbl.valli.org/list/
# - http://mxtoolbox.com
# - http://www.anti-abuse.org
#
# Requires these commands: host, dig, awk, tr, dirname
# - We can't rely on host/dig return codes!

# Return codes:
# 0  = no listings
# 1  = listed in 1 RBL
# 10 = listed in 10 or more RBLs

# Define all DNSBL to test against
dnsbl=(
rbl.lugh.ch
0spam.fusionzero.com
0spam-killlist.fusionzero.com
combined.abuse.ch
drone.abuse.ch
spam.abuse.ch
httpbl.abuse.ch
uribl.zeustracker.abuse.ch
ipbl.zeustracker.abuse.ch
rbl.abuse.ro
uribl.abuse.ro
dnsbl.ahbl.org
ircbl.ahbl.org
rhsbl.ahbl.org
all.s5h.net
spam.dnsbl.anonmails.de
list.anonwhois.net
dnsbl.anticaptcha.net
orvedb.aupads.org
rsbl.aupads.org
l1.apews.org
l2.apews.org
aspews.ext.sorbs.net
ips.backscatterer.org
b.barracudacentral.org
bb.barracudacentral.org
list.bbfh.org
bbm.2ch.net
niku.2ch.net
bbx.2ch.net
all.ascc.dnsbl.bit.nl
all.v6.ascc.dnsbl.bit.nl
all.dnsbl.bit.nl
ipv6.all.dnsbl.bit.nl
bitonly.dnsbl.bit.nl
blacklist.netcore.co.in
rbl.blakjak.net
list.blogspambl.com
bsb.empty.us
bsb.spamlookup.net
query.bondedsender.org
plus.bondedsender.org
dnsbl.burnt-tech.com
blacklist.sci.kun.nl
whitelist.sci.kun.nl
dul.blackhole.cantv.net
hog.blackhole.cantv.net
cbl.anti-spam.org.cn
cblplus.anti-spam.org.cn
cblless.anti-spam.org.cn
cdl.anti-spam.org.cn
cml.anti-spam.org.cn
cbl.abuseat.org
bogons.cymru.com
v4.fullbogons.cymru.com
v6.fullbogons.cymru.com
origin.asn.cymru.com
origin6.asn.cymru.com
peer.asn.cymru.com
tor.dan.me.uk
torexit.dan.me.uk
ex.dnsbl.org
in.dnsbl.org
rbl.dns-servicios.com
dnsbl.ipocalypse.net
dnsbl.othello.ch
dnsbl.rv-soft.info
list.dnswl.org
vote.drbl.caravan.ru
vote.drbl.gremlin.ru
work.drbl.caravan.ru
work.drbl.gremlin.ru
dnsbl.dronebl.org
rbl.efnet.org
rbl.efnetrbl.org
tor.efnet.org
bl.emailbasura.org
fnrbl.fast.net
forbidden.icm.edu.pl
accredit.habeas.com
sa-accredit.habeas.com
hul.habeas.com
sohul.habeas.com
hostkarma.junkemailfilter.com
nobl.junkemailfilter.com
spamrbl.imp.ch
wormrbl.imp.ch
dnsbl.inps.de
dnswl.inps.de
any.dnsl.ipquery.org
backscat.dnsl.ipquery.org
netblock.dnsl.ipquery.org
relay.dnsl.ipquery.org
single.dnsl.ipquery.org
iadb.isipp.com
iadb2.isipp.com
iddb.isipp.com
wadb.isipp.com
mail-abuse.blacklist.jippg.org
dnsbl.justspam.org
dnsbl.kempt.net
spamlist.or.kr
admin.bl.kundenserver.de
schizo-bl.kundenserver.de
spamblock.kundenserver.de
worms-bl.kundenserver.de
spamguard.leadmon.net
dnsbl.madavi.de
bl.mailspike.net
rep.mailspike.net
wl.mailspike.net
z.mailspike.net
cidr.bl.mcafee.com
rbl.megarbl.net
combined.rbl.msrbl.net
images.rbl.msrbl.net
phishing.rbl.msrbl.net
spam.rbl.msrbl.net
virus.rbl.msrbl.net
web.rbl.msrbl.net
rbl.mw-internet.net
ix.dnsbl.manitu.net
wl.nszones.com
dyn.nszones.com
sbl.nszones.com
bl.nszones.com
ubl.nszones.com
rbl.orbitrbl.com
netblock.pedantic.org
spam.pedantic.org
pofon.foobar.hu
rbl.polarcomm.net
dnsbl.proxybl.org
psbl.surriel.com
whitelist.surriel.com
list.quorum.to
all.rbl.jp
dyndns.rbl.jp
short.rbl.jp
url.rbl.jp
virus.rbl.jp
rbl.schulte.org
access.redhawk.org
dnsbl.rizon.net
asn.routeviews.org
aspath.routeviews.org
dul.ru
dnsbl.rymsho.ru
rhsbl.rymsho.ru
tor.dnsbl.sectoor.de
query.senderbase.org
sa.senderbase.org
bl.score.senderscore.com
bl.shlink.org
dmm.shlink.org
dyn.shlink.org
rhsbl.shlink.org
rhswl.shlink.org
wl.shlink.org
dnsbl.sorbs.net
problems.dnsbl.sorbs.net
proxies.dnsbl.sorbs.net
relays.dnsbl.sorbs.net
safe.dnsbl.sorbs.net
nomail.rhsbl.sorbs.net
badconf.rhsbl.sorbs.net
dul.dnsbl.sorbs.net
zombie.dnsbl.sorbs.net
block.dnsbl.sorbs.net
escalations.dnsbl.sorbs.net
http.dnsbl.sorbs.net
misc.dnsbl.sorbs.net
smtp.dnsbl.sorbs.net
socks.dnsbl.sorbs.net
rhsbl.sorbs.net
spam.dnsbl.sorbs.net
recent.spam.dnsbl.sorbs.net
new.spam.dnsbl.sorbs.net
old.spam.dnsbl.sorbs.net
web.dnsbl.sorbs.net
korea.services.net
origin.asn.spameatingmonkey.net
backscatter.spameatingmonkey.net
badnets.spameatingmonkey.net
bl.spameatingmonkey.net
fresh.spameatingmonkey.net
fresh10.spameatingmonkey.net
fresh15.spameatingmonkey.net
netbl.spameatingmonkey.net
uribl.spameatingmonkey.net
urired.spameatingmonkey.net
bl.spamcannibal.org
dnsbl.spam-champuru.livedoor.com
bl.spamcop.net
dbl.spamhaus.org
pbl.spamhaus.org
sbl.spamhaus.org
sbl-xbl.spamhaus.org
swl.spamhaus.org
xbl.spamhaus.org
zen.spamhaus.org
feb.spamlab.com
rbl.spamlab.com
all.spamrats.com
dyna.spamrats.com
noptr.spamrats.com
spam.spamrats.com
spamsources.fabel.dk
dul.pacifier.net
bl.summersault.com
multi.surbl.org
xs.surbl.org
srn.surgate.net
dnsrbl.swinog.ch
uribl.swinog.ch
st.technovision.dk
dob.sibl.support-intelligence.net
opm.tornevall.org
spamtrap.trblspam.com
r.mail-abuse.com
q.mail-abuse.com
rbl2.triumf.ca
wbl.triumf.ca
truncate.gbudb.net
wl.trusted-forwarder.org
dnsbl-0.uceprotect.net
dnsbl-1.uceprotect.net
dnsbl-2.uceprotect.net
dnsbl-3.uceprotect.net
ubl.unsubscore.com
black.uribl.com
grey.uribl.com
red.uribl.com
white.uribl.com
free.v4bl.org
virbl.dnsbl.bit.nl
nlwhitelist.dnsbl.bit.nl
dnsbl.webequipped.com
ips.whitelisted.org
blacklist.woody.ch
uri.blacklist.woody.ch
db.wpbl.info
bl.blocklist.de
dnsbl.zapbl.net
rhsbl.zapbl.net
blackholes.five-ten-sg.com
relaytest.kundenserver.de
torserver.tor.dnsbl.sectoor.de
virbl.bit.nl
)

# No need to edit anything below this line

DNSBLCOUNT=${#dnsbl[*]}

if [ -z $1 ]; then
       echo "Usage: $(basename $0) <ip-address> <fqdn>"
       exit 1
fi

INPUT=$1
# If $INPUT is a DNS name, get IP
if [ $(echo $INPUT | grep -c '[a-z]') -gt 0 ]; then
	INPUT=$(dig +short $INPUT | tail -1)
fi
LISTED=0

# Reverse an ip
function ip_reverse {
       # FIXME dumb
       INPUT=$(echo $INPUT | tr -s "." " ")
       INPUT=$(echo $INPUT | awk '{for (i=NF;i>=1;i--) printf $i" "} END{print ""}')
       OUTPUT=$(echo $INPUT | tr -s " " ".")
       echo $OUTPUT
}

# Query the RBL
function check_rbl {
       ARG=$1
       if [ "$ARG" = "reachability" ]; then
               RETURNED=$(host $a | grep -c NXDOMAIN)

               if [ $RETURNED -gt 0 ]; then
                       echo "$a ($b) not reachable, thus ignored."
                       # Delete this entry from the array via id
                       unset dnsbl[$b]
               fi
               WHATSLEFT=${#dnsbl[@]}
       fi

       if [ "$ARG" = "node" ]; then
       # dig lookup with reversed ip
       QUERY=$(dig -t ANY +noauthority +noadditional +nostats $(ip_reverse).$i | grep -E -w '(status:|TXT|(A|CNAME))')
       QUERY_END=$(echo $QUERY | awk '{ print $NF }')


       case $QUERY in

       *NXDOMAIN*)
               #echo "Not in $i"
               ;;
       #*127.0.0.2)
       #        echo "$(ip_reverse) LISTED in $i"
       #        ;;

       # Almost all DNSBLs got a TXT record for listed IPs, we want these
       *TXT*)
               REASON_REMOTE=$(echo $QUERY | grep TXT | cut -d'"' -f2 | head -1)
               echo "LISTED in $i ($REASON_REMOTE) "
               LISTED=$(($LISTED+1))
               ;;
       # For those DNSBLs with no TXT record, just indicate the listing
       *)
               echo "LISTED in $i (no reason provided)"
               LISTED=$(($LISTED+1))
               ;;
       esac
       fi
}

echo -e "Mailserver:\t$INPUT ($(dig -t TXT +short +noauthority +noadditional +nostats $(ip_reverse).zz.countries.nerd.dk | grep '[a-z]' ))"

# dnsbl array counter
b=-1

# First check if the RBL is reachable
for a in "${dnsbl[@]}"; do
       b=$(($b+1))
       check_rbl reachability
done

echo -e "DNSBLs:\t\t$DNSBLCOUNT ($WHATSLEFT reachable)"

# Then query
for i in "${dnsbl[@]}"; do
       check_rbl node
done

PERC=$(echo "scale=2; ($LISTED / $WHATSLEFT) * 100" | bc)
echo -e "Listings:\t$LISTED ($PERC %)"

# Set return code
if [ $LISTED -gt 0 ]; then
	if [ $LISTED -eq 1 ]; then
		exit 1
	elif [ $LISTED -ge 10 ]; then
		exit 10
	fi
else
	exit 0
fi