#!/usr/bin/env bash
# Author:  Oliver Ladner <oli@lugh.ch>
# License: LGPL
#
# Checks if given IP is listed on various DNSBL found on:
# - http://multirbl.valli.org/list/
# - http://mxtoolbox.com
# - http://www.anti-abuse.org
#
# Requires these commands: host, dig, awk, tr, dirname
# - We can't rely on host/dig return codes!

# Return codes:
# 0  = no listings
# 1  = listed in 1 RBL
# 10 = listed in 10 or more RBLs

# Define all DNSBL to test against
dnsbl=(
cblplus.anti-spam.org.cn
0spam.fusionzero.com
0spam-killlist.fusionzero.com
b.barracudacentral.org
#bl.deadbeef.com
dnsbl.ahbl.org
ircbl.ahbl.org
#tor.ahbl.org
bsb.empty.us
l2.apews.org
#bl.emailbasura.org
bl.spamcannibal.org
bl.spamcop.net
blackholes.five-ten-sg.com
blacklist.woody.ch
bogons.cymru.com
cbl.abuseat.org
cdl.anti-spam.org.cn
combined.rbl.msrbl.net
db.wpbl.info
combined.abuse.ch
drone.abuse.ch
spam.abuse.ch
httpbl.abuse.ch
dnsbl-1.uceprotect.net
dnsbl-2.uceprotect.net
dnsbl-3.uceprotect.net
#dnsbl.cyberlogic.net
dnsbl.inps.de
dnsbl.njabl.org
dnsbl.sorbs.net
dul.dnsbl.sorbs.net
http.dnsbl.sorbs.net
misc.dnsbl.sorbs.net
smtp.dnsbl.sorbs.net
socks.dnsbl.sorbs.net
spam.dnsbl.sorbs.net
zombie.dnsbl.sorbs.net
dnsrbl.swinog.ch
uribl.swinog.ch
#duinv.aupads.org
dul.ru
dyna.spamrats.com
#dynip.rothen.com
#fl.chickenboner.biz
hostkarma.junkemailfilter.com
images.rbl.msrbl.net
ips.backscatterer.org
ix.dnsbl.manitu.net
korea.services.net
noptr.spamrats.com
#ohps.dnsbl.net.au
#omrs.dnsbl.net.au
#opm.blitzed.org
orvedb.aupads.org
#osps.dnsbl.net.au
#osrs.dnsbl.net.au
#owfs.dnsbl.net.au
#owps.dnsbl.net.au
phishing.rbl.msrbl.net
#probes.dnsbl.net.au
#proxy.bl.gweep.ca
#proxy.block.transip.nl
psbl.surriel.com
rbl.efnet.org
rbl.interserver.net
#rdts.dnsbl.net.au
#relays.bl.gweep.ca
#relays.bl.kundenserver.de
#relays.nether.net
relaytest.kundenserver.de
#residential.block.transip.nl
#ricn.dnsbl.net.au
#rmst.dnsbl.net.au
short.rbl.jp
spam.rbl.msrbl.net
spam.spamrats.com
spamlist.or.kr
spamrbl.imp.ch
#t3direct.dnsbl.net.au
tor.dnsbl.sectoor.de
torserver.tor.dnsbl.sectoor.de
ubl.lashback.com
ubl.unsubscore.com
virbl.bit.nl
virbl.dnsbl.bit.nl
virus.rbl.jp
virus.rbl.msrbl.net
web.dnsbl.sorbs.net
wormrbl.imp.ch
zen.spamhaus.org
#abuse.rfc-ignorant.org
#bogusmx.rfc-ignorant.org
#dsn.rfc-ignorant.org
#postmaster.rfc-ignorant.org
#whois.rfc-ignorant.org
)

# No need to edit anything below this line

DNSBLCOUNT=${#dnsbl[*]}

if [ -z $1 ]; then
       echo "Usage: $(basename $0) <ip-address> <fqdn>"
       exit 1
fi

INPUT=$1
# If $INPUT is a DNS name, get IP
if [ $(echo $INPUT | grep -c '[a-z]') -gt 0 ]; then
	INPUT=$(dig +short $INPUT | tail -1)
fi
LISTED=0

# Reverse an ip
function ip_reverse {
       # FIXME dumb
       INPUT=$(echo $INPUT | tr -s "." " ")
       INPUT=$(echo $INPUT | awk '{for (i=NF;i>=1;i--) printf $i" "} END{print ""}')
       OUTPUT=$(echo $INPUT | tr -s " " ".")
       echo $OUTPUT
}

# Query the RBL
function check_rbl {
       ARG=$1
       if [ "$ARG" = "reachability" ]; then
               RETURNED=$(host $a | grep -c NXDOMAIN)

               if [ $RETURNED -gt 0 ]; then
                       echo "$a ($b) not reachable, thus ignored."
                       # Delete this entry from the array via id
                       unset dnsbl[$b]
               fi
               WHATSLEFT=${#dnsbl[@]}
       fi

       if [ "$ARG" = "node" ]; then
       # dig lookup with reversed ip
       QUERY=$(dig -t ANY +noauthority +noadditional +nostats $(ip_reverse).$i | grep -E -w '(status:|TXT|(A|CNAME))')
       QUERY_END=$(echo $QUERY | awk '{ print $NF }')


       case $QUERY in

       *NXDOMAIN*)
               #echo "Not in $i"
               ;;
       #*127.0.0.2)
       #        echo "$(ip_reverse) LISTED in $i"
       #        ;;

       # Almost all DNSBLs got a TXT record for listed IPs, we want these
       *TXT*)
               REASON_REMOTE=$(echo $QUERY | grep TXT | cut -d'"' -f2 | head -1)
               echo "LISTED in $i ($REASON_REMOTE) "
               LISTED=$(($LISTED+1))
               ;;
       # For those DNSBLs with no TXT record, just indicate the listing
       *)
               echo "LISTED in $i (no reason provided)"
               LISTED=$(($LISTED+1))
               ;;
       esac
       fi
}

echo -e "Mailserver:\t$INPUT ($(dig -t TXT +short +noauthority +noadditional +nostats $(ip_reverse).zz.countries.nerd.dk | grep '[a-z]' ))"

# dnsbl array counter
b=-1

# First check if the RBL is reachable
for a in "${dnsbl[@]}"; do
       b=$(($b+1))
       check_rbl reachability
done

echo -e "DNSBLs:\t\t$DNSBLCOUNT ($WHATSLEFT reachable)"

# Then query
for i in "${dnsbl[@]}"; do
       check_rbl node
done

PERC=$(echo "scale=3; ($LISTED / $WHATSLEFT) * 100" | bc)
echo -e "Listings:\t$LISTED ($PERC %)"

# Set return code
if [ $LISTED -gt 0 ]; then
	if [ $LISTED -eq 1 ]; then
		exit 1
	elif [ $LISTED -ge 10 ]; then
		exit 10
	fi
else
	exit 0
fi