scripts/rblcheck.sh

#!/usr/bin/env bash
# Author:  Oliver Ladner <oli@lugh.ch>
# License: LGPL
#
# Checks if given IP is listed on various DNSBL found on:
# - http://multirbl.valli.org/list/
# - http://mxtoolbox.com
# - http://www.anti-abuse.org
#
# Requires these commands: host, dig, awk, tr, dirname
# - We can't rely on host/dig return codes!

# Return codes:
# 0  = no listings
# 1  = listed in 1 RBL
# 10 = listed in 10 or more RBLs

# Define all DNSBL to test against
dnsbl=(
cblplus.anti-spam.org.cn
0spam.fusionzero.com
0spam-killlist.fusionzero.com
b.barracudacentral.org
#bl.deadbeef.com
dnsbl.ahbl.org
ircbl.ahbl.org
#tor.ahbl.org
bsb.empty.us
l2.apews.org
#bl.emailbasura.org
bl.spamcannibal.org
bl.spamcop.net
blackholes.five-ten-sg.com
blacklist.woody.ch
bogons.cymru.com
cbl.abuseat.org
cdl.anti-spam.org.cn
combined.rbl.msrbl.net
db.wpbl.info
combined.abuse.ch
drone.abuse.ch
spam.abuse.ch
httpbl.abuse.ch
dnsbl-1.uceprotect.net
dnsbl-2.uceprotect.net
dnsbl-3.uceprotect.net
#dnsbl.cyberlogic.net
dnsbl.inps.de
dnsbl.njabl.org
dnsbl.sorbs.net
dul.dnsbl.sorbs.net
http.dnsbl.sorbs.net
misc.dnsbl.sorbs.net
smtp.dnsbl.sorbs.net
socks.dnsbl.sorbs.net
spam.dnsbl.sorbs.net
zombie.dnsbl.sorbs.net
dnsrbl.swinog.ch
uribl.swinog.ch
#duinv.aupads.org
dul.ru
dyna.spamrats.com
#dynip.rothen.com
#fl.chickenboner.biz
hostkarma.junkemailfilter.com
images.rbl.msrbl.net
ips.backscatterer.org
ix.dnsbl.manitu.net
korea.services.net
noptr.spamrats.com
#ohps.dnsbl.net.au
#omrs.dnsbl.net.au
#opm.blitzed.org
orvedb.aupads.org
#osps.dnsbl.net.au
#osrs.dnsbl.net.au
#owfs.dnsbl.net.au
#owps.dnsbl.net.au
phishing.rbl.msrbl.net
#probes.dnsbl.net.au
#proxy.bl.gweep.ca
#proxy.block.transip.nl
psbl.surriel.com
rbl.efnet.org
rbl.interserver.net
#rdts.dnsbl.net.au
#relays.bl.gweep.ca
#relays.bl.kundenserver.de
#relays.nether.net
relaytest.kundenserver.de
#residential.block.transip.nl
#ricn.dnsbl.net.au
#rmst.dnsbl.net.au
short.rbl.jp
spam.rbl.msrbl.net
spam.spamrats.com
spamlist.or.kr
spamrbl.imp.ch
#t3direct.dnsbl.net.au
tor.dnsbl.sectoor.de
torserver.tor.dnsbl.sectoor.de
ubl.lashback.com
ubl.unsubscore.com
virbl.bit.nl
virbl.dnsbl.bit.nl
virus.rbl.jp
virus.rbl.msrbl.net
web.dnsbl.sorbs.net
wormrbl.imp.ch
zen.spamhaus.org
abuse.rfc-ignorant.org
bogusmx.rfc-ignorant.org
dsn.rfc-ignorant.org
postmaster.rfc-ignorant.org
whois.rfc-ignorant.org
)

# No need to edit anything below this line

DNSBLCOUNT=${#dnsbl[*]}

if [ -z $1 ]; then
       echo "Usage: $(basename $0) <ip-address>"
       exit 1
fi

INPUT=$1
# If $INPUT is a DNS name, get IP
if [ $(echo $INPUT | grep -c '[a-z]') -gt 0 ]; then
	INPUT=$(dig +short $INPUT | tail -1)
fi
LISTED=0

# Reverse an ip
function ip_reverse {
       # FIXME dumb
       INPUT=$(echo $INPUT | tr -s "." " ")
       INPUT=$(echo $INPUT | awk '{for (i=NF;i>=1;i--) printf $i" "} END{print ""}')
       OUTPUT=$(echo $INPUT | tr -s " " ".")
       echo $OUTPUT
}

# Query the RBL
function check_rbl {
       ARG=$1
       if [ "$ARG" = "reachability" ]; then
               RETURNED=$(host $a | grep -c NXDOMAIN)

               if [ $RETURNED -gt 0 ]; then
                       echo "$a ($b) not reachable, thus ignored."
                       # Delete this entry from the array via id
                       unset dnsbl[$b]
               fi
               WHATSLEFT=${#dnsbl[@]}
       fi

       if [ "$ARG" = "node" ]; then
       # dig lookup with reversed ip
       QUERY=$(dig -t ANY +noauthority +noadditional +nostats $(ip_reverse).$i | grep -E -w '(status:|TXT|(A|CNAME))')
       QUERY_END=$(echo $QUERY | awk '{ print $NF }')


       case $QUERY in

       *NXDOMAIN*)
               #echo "Not in $i"
               ;;
       #*127.0.0.2)
       #        echo "$(ip_reverse) LISTED in $i"
       #        ;;

       # Almost all DNSBLs got a TXT record for listed IPs, we want these
       *TXT*)
               REASON_REMOTE=$(echo $QUERY | grep TXT | cut -d'"' -f2 | head -1)
               echo "LISTED in $i ($REASON_REMOTE) "
               LISTED=$(($LISTED+1))
               ;;
       # For those DNSBLs with no TXT record, just indicate the listing
       *)
               echo "LISTED in $i (no reason provided)"
               LISTED=$(($LISTED+1))
               ;;
       esac
       fi
}

echo -e "Mailserver:\t$INPUT ($(dig -t TXT +short +noauthority +noadditional +nostats $(ip_reverse).zz.countries.nerd.dk | grep '[a-z]' ))"

# dnsbl array counter
b=-1

# First check if the RBL is reachable
for a in "${dnsbl[@]}"; do
       b=$(($b+1))
       check_rbl reachability
done

echo -e "DNSBLs:\t\t$DNSBLCOUNT ($WHATSLEFT reachable)"

# Then query
for i in "${dnsbl[@]}"; do
       check_rbl node
done

PERC=$(echo "scale=3; ($LISTED / $WHATSLEFT) * 100" | bc)
echo -e "Listings:\t$LISTED ($PERC %)"

# Set return code
if [ $LISTED -gt 0 ]; then
	if [ $LISTED -eq 1 ]; then
		exit 1
	elif [ $LISTED -ge 10 ]; then
		exit 10
	fi
else
	exit 0
fi
initial upload 2011-01-06 14:04:33 +01:00			`#!/usr/bin/env bash`
added license and author information 2011-01-06 14:21:38 +01:00			`# Author: Oliver Ladner <oli@lugh.ch>`
			`# License: LGPL`
			`#`
DNS blacklist cleanup and more meaningful return codes 2011-09-12 22:54:17 +02:00			`# Checks if given IP is listed on various DNSBL found on:`
			`# - http://multirbl.valli.org/list/`
			`# - http://mxtoolbox.com`
			`# - http://www.anti-abuse.org`
initial upload 2011-01-06 14:04:33 +01:00			`#`
			`# Requires these commands: host, dig, awk, tr, dirname`
			`# - We can't rely on host/dig return codes!`

			`# Return codes:`
DNS blacklist cleanup and more meaningful return codes 2011-09-12 22:54:17 +02:00			`# 0 = no listings`
			`# 1 = listed in 1 RBL`
			`# 10 = listed in 10 or more RBLs`
initial upload 2011-01-06 14:04:33 +01:00
			`# Define all DNSBL to test against`
DNS blacklist cleanup and more meaningful return codes 2011-09-12 22:54:17 +02:00			`dnsbl=(`
			`cblplus.anti-spam.org.cn`
			`0spam.fusionzero.com`
			`0spam-killlist.fusionzero.com`
			`b.barracudacentral.org`
			`#bl.deadbeef.com`
			`dnsbl.ahbl.org`
			`ircbl.ahbl.org`
			`#tor.ahbl.org`
			`bsb.empty.us`
			`l2.apews.org`
initial upload 2011-01-06 14:04:33 +01:00			`#bl.emailbasura.org`
			`bl.spamcannibal.org`
			`bl.spamcop.net`
			`blackholes.five-ten-sg.com`
			`blacklist.woody.ch`
			`bogons.cymru.com`
			`cbl.abuseat.org`
			`cdl.anti-spam.org.cn`
			`combined.rbl.msrbl.net`
			`db.wpbl.info`
DNS blacklist cleanup and more meaningful return codes 2011-09-12 22:54:17 +02:00			`combined.abuse.ch`
Added drone.abuse.ch 2011-03-08 06:44:15 -08:00			`drone.abuse.ch`
DNS blacklist cleanup and more meaningful return codes 2011-09-12 22:54:17 +02:00			`spam.abuse.ch`
			`httpbl.abuse.ch`
initial upload 2011-01-06 14:04:33 +01:00			`dnsbl-1.uceprotect.net`
			`dnsbl-2.uceprotect.net`
			`dnsbl-3.uceprotect.net`
commented unconnectable RBLs 2011-09-04 12:41:51 +02:00			`#dnsbl.cyberlogic.net`
initial upload 2011-01-06 14:04:33 +01:00			`dnsbl.inps.de`
			`dnsbl.njabl.org`
			`dnsbl.sorbs.net`
DNS blacklist cleanup and more meaningful return codes 2011-09-12 22:54:17 +02:00			`dul.dnsbl.sorbs.net`
			`http.dnsbl.sorbs.net`
			`misc.dnsbl.sorbs.net`
			`smtp.dnsbl.sorbs.net`
			`socks.dnsbl.sorbs.net`
			`spam.dnsbl.sorbs.net`
			`zombie.dnsbl.sorbs.net`
initial upload 2011-01-06 14:04:33 +01:00			`dnsrbl.swinog.ch`
DNS blacklist cleanup and more meaningful return codes 2011-09-12 22:54:17 +02:00			`uribl.swinog.ch`
initial upload 2011-01-06 14:04:33 +01:00			`#duinv.aupads.org`
			`dul.ru`
			`dyna.spamrats.com`
			`#dynip.rothen.com`
			`#fl.chickenboner.biz`
			`hostkarma.junkemailfilter.com`
			`images.rbl.msrbl.net`
			`ips.backscatterer.org`
			`ix.dnsbl.manitu.net`
			`korea.services.net`
			`noptr.spamrats.com`
			`#ohps.dnsbl.net.au`
			`#omrs.dnsbl.net.au`
			`#opm.blitzed.org`
			`orvedb.aupads.org`
			`#osps.dnsbl.net.au`
			`#osrs.dnsbl.net.au`
			`#owfs.dnsbl.net.au`
			`#owps.dnsbl.net.au`
			`phishing.rbl.msrbl.net`
			`#probes.dnsbl.net.au`
			`#proxy.bl.gweep.ca`
			`#proxy.block.transip.nl`
			`psbl.surriel.com`
			`rbl.efnet.org`
			`rbl.interserver.net`
			`#rdts.dnsbl.net.au`
			`#relays.bl.gweep.ca`
commented unconnectable RBLs 2011-09-04 12:41:51 +02:00			`#relays.bl.kundenserver.de`
initial upload 2011-01-06 14:04:33 +01:00			`#relays.nether.net`
			`relaytest.kundenserver.de`
			`#residential.block.transip.nl`
			`#ricn.dnsbl.net.au`
			`#rmst.dnsbl.net.au`
			`short.rbl.jp`
			`spam.rbl.msrbl.net`
			`spam.spamrats.com`
			`spamlist.or.kr`
			`spamrbl.imp.ch`
			`#t3direct.dnsbl.net.au`
			`tor.dnsbl.sectoor.de`
			`torserver.tor.dnsbl.sectoor.de`
			`ubl.lashback.com`
			`ubl.unsubscore.com`
			`virbl.bit.nl`
			`virbl.dnsbl.bit.nl`
			`virus.rbl.jp`
			`virus.rbl.msrbl.net`
			`web.dnsbl.sorbs.net`
			`wormrbl.imp.ch`
			`zen.spamhaus.org`
DNS blacklist cleanup and more meaningful return codes 2011-09-12 22:54:17 +02:00			`abuse.rfc-ignorant.org`
			`bogusmx.rfc-ignorant.org`
			`dsn.rfc-ignorant.org`
			`postmaster.rfc-ignorant.org`
			`whois.rfc-ignorant.org`
			`)`
initial upload 2011-01-06 14:04:33 +01:00
			`# No need to edit anything below this line`

			`DNSBLCOUNT=${#dnsbl[*]}`

			`if [ -z $1 ]; then`
			`echo "Usage: $(basename $0) <ip-address>"`
			`exit 1`
			`fi`

			`INPUT=$1`
			`# If $INPUT is a DNS name, get IP`
			`if [ $(echo $INPUT \| grep -c '[a-z]') -gt 0 ]; then`
			`INPUT=$(dig +short $INPUT \| tail -1)`
			`fi`
			`LISTED=0`

			`# Reverse an ip`
			`function ip_reverse {`
			`# FIXME dumb`
			`INPUT=$(echo $INPUT \| tr -s "." " ")`
			`INPUT=$(echo $INPUT \| awk '{for (i=NF;i>=1;i--) printf $i" "} END{print ""}')`
			`OUTPUT=$(echo $INPUT \| tr -s " " ".")`
			`echo $OUTPUT`
			`}`

			`# Query the RBL`
			`function check_rbl {`
			`ARG=$1`
			`if [ "$ARG" = "reachability" ]; then`
			`RETURNED=$(host $a \| grep -c NXDOMAIN)`

			`if [ $RETURNED -gt 0 ]; then`
			`echo "$a ($b) not reachable, thus ignored."`
			`# Delete this entry from the array via id`
			`unset dnsbl[$b]`
			`fi`
			`WHATSLEFT=${#dnsbl[@]}`
			`fi`

			`if [ "$ARG" = "node" ]; then`
			`# dig lookup with reversed ip`
			`QUERY=$(dig -t ANY +noauthority +noadditional +nostats $(ip_reverse).$i \| grep -E -w '(status:\|TXT\|(A\|CNAME))')`
			`QUERY_END=$(echo $QUERY \| awk '{ print $NF }')`


			`case $QUERY in`

			`NXDOMAIN)`
			`#echo "Not in $i"`
			`;;`
			`#*127.0.0.2)`
			`# echo "$(ip_reverse) LISTED in $i"`
			`# ;;`

			`# Almost all DNSBLs got a TXT record for listed IPs, we want these`
			`TXT)`
			`REASON_REMOTE=$(echo $QUERY \| grep TXT \| cut -d'"' -f2 \| head -1)`
			`echo "LISTED in $i ($REASON_REMOTE) "`
			`LISTED=$(($LISTED+1))`
			`;;`
			`# For those DNSBLs with no TXT record, just indicate the listing`
			`*)`
			`echo "LISTED in $i (no reason provided)"`
			`LISTED=$(($LISTED+1))`
			`;;`
			`esac`
			`fi`
			`}`

DNS blacklist cleanup and more meaningful return codes 2011-09-12 22:54:17 +02:00			`echo -e "Mailserver:\t$INPUT ($(dig -t TXT +short +noauthority +noadditional +nostats $(ip_reverse).zz.countries.nerd.dk \| grep '[a-z]' ))"`
initial upload 2011-01-06 14:04:33 +01:00
			`# dnsbl array counter`
			`b=-1`

			`# First check if the RBL is reachable`
			`for a in "${dnsbl[@]}"; do`
			`b=$(($b+1))`
			`check_rbl reachability`
			`done`

			`echo -e "DNSBLs:\t\t$DNSBLCOUNT ($WHATSLEFT reachable)"`

			`# Then query`
			`for i in "${dnsbl[@]}"; do`
			`check_rbl node`
			`done`

			`PERC=$(echo "scale=3; ($LISTED / $WHATSLEFT) * 100" \| bc)`
			`echo -e "Listings:\t$LISTED ($PERC %)"`

			`# Set return code`
			`if [ $LISTED -gt 0 ]; then`
DNS blacklist cleanup and more meaningful return codes 2011-09-12 22:54:17 +02:00			`if [ $LISTED -eq 1 ]; then`
			`exit 1`
			`elif [ $LISTED -ge 10 ]; then`
			`exit 10`
			`fi`
			`else`
			`exit 0`
initial upload 2011-01-06 14:04:33 +01:00			`fi`