#!/usr/bin/env bash # Author: Oliver Ladner # License: LGPL # # Checks if given IP is listed on any of the "major" DNSBL. # I used this list: http://spamlinks.net/filter-dnsbl-lists.htm # # Requires these commands: host, dig, awk, tr, dirname # - We can't rely on host/dig return codes! # Return codes: # 0 = no listings # 4 = listed # Define all DNSBL to test against dnsbl=(b.barracudacentral.org bl.deadbeef.com #bl.emailbasura.org bl.spamcannibal.org bl.spamcop.net blackholes.five-ten-sg.com blacklist.woody.ch bogons.cymru.com cbl.abuseat.org cdl.anti-spam.org.cn combined.abuse.ch combined.rbl.msrbl.net db.wpbl.info dnsbl-1.uceprotect.net dnsbl-2.uceprotect.net dnsbl-3.uceprotect.net dnsbl.ahbl.org dnsbl.cyberlogic.net dnsbl.inps.de dnsbl.njabl.org dnsbl.sorbs.net dnsrbl.swinog.ch #duinv.aupads.org dul.dnsbl.sorbs.net dul.ru dyna.spamrats.com #dynip.rothen.com #fl.chickenboner.biz hostkarma.junkemailfilter.com http.dnsbl.sorbs.net images.rbl.msrbl.net ips.backscatterer.org ircbl.ahbl.org ix.dnsbl.manitu.net korea.services.net misc.dnsbl.sorbs.net noptr.spamrats.com #ohps.dnsbl.net.au #omrs.dnsbl.net.au #opm.blitzed.org orvedb.aupads.org #osps.dnsbl.net.au #osrs.dnsbl.net.au #owfs.dnsbl.net.au #owps.dnsbl.net.au phishing.rbl.msrbl.net #probes.dnsbl.net.au #proxy.bl.gweep.ca #proxy.block.transip.nl psbl.surriel.com rbl.efnet.org rbl.interserver.net #rdts.dnsbl.net.au #relays.bl.gweep.ca relays.bl.kundenserver.de #relays.nether.net relaytest.kundenserver.de #residential.block.transip.nl #ricn.dnsbl.net.au #rmst.dnsbl.net.au short.rbl.jp smtp.dnsbl.sorbs.net socks.dnsbl.sorbs.net spam.abuse.ch spam.dnsbl.sorbs.net spam.rbl.msrbl.net spam.spamrats.com spamlist.or.kr spamrbl.imp.ch #t3direct.dnsbl.net.au #tor.ahbl.org tor.dnsbl.sectoor.de torserver.tor.dnsbl.sectoor.de ubl.lashback.com ubl.unsubscore.com virbl.bit.nl virbl.dnsbl.bit.nl virus.rbl.jp virus.rbl.msrbl.net web.dnsbl.sorbs.net wormrbl.imp.ch zen.spamhaus.org zombie.dnsbl.sorbs.net) # No need to edit anything below this line DNSBLCOUNT=${#dnsbl[*]} if [ -z $1 ]; then echo "Usage: $(basename $0) " exit 1 fi INPUT=$1 # If $INPUT is a DNS name, get IP if [ $(echo $INPUT | grep -c '[a-z]') -gt 0 ]; then INPUT=$(dig +short $INPUT | tail -1) fi LISTED=0 # Reverse an ip function ip_reverse { # FIXME dumb INPUT=$(echo $INPUT | tr -s "." " ") INPUT=$(echo $INPUT | awk '{for (i=NF;i>=1;i--) printf $i" "} END{print ""}') OUTPUT=$(echo $INPUT | tr -s " " ".") echo $OUTPUT } # Query the RBL function check_rbl { ARG=$1 if [ "$ARG" = "reachability" ]; then RETURNED=$(host $a | grep -c NXDOMAIN) if [ $RETURNED -gt 0 ]; then echo "$a ($b) not reachable, thus ignored." # Delete this entry from the array via id unset dnsbl[$b] fi WHATSLEFT=${#dnsbl[@]} fi if [ "$ARG" = "node" ]; then # dig lookup with reversed ip QUERY=$(dig -t ANY +noauthority +noadditional +nostats $(ip_reverse).$i | grep -E -w '(status:|TXT|(A|CNAME))') QUERY_END=$(echo $QUERY | awk '{ print $NF }') case $QUERY in *NXDOMAIN*) #echo "Not in $i" ;; #*127.0.0.2) # echo "$(ip_reverse) LISTED in $i" # ;; # Almost all DNSBLs got a TXT record for listed IPs, we want these *TXT*) REASON_REMOTE=$(echo $QUERY | grep TXT | cut -d'"' -f2 | head -1) echo "LISTED in $i ($REASON_REMOTE) " LISTED=$(($LISTED+1)) ;; # For those DNSBLs with no TXT record, just indicate the listing *) echo "LISTED in $i (no reason provided)" LISTED=$(($LISTED+1)) ;; esac fi } echo -e "Mailserver:\t$INPUT" # dnsbl array counter b=-1 # First check if the RBL is reachable for a in "${dnsbl[@]}"; do b=$(($b+1)) check_rbl reachability done echo -e "DNSBLs:\t\t$DNSBLCOUNT ($WHATSLEFT reachable)" # Then query for i in "${dnsbl[@]}"; do check_rbl node done PERC=$(echo "scale=3; ($LISTED / $WHATSLEFT) * 100" | bc) echo -e "Listings:\t$LISTED ($PERC %)" # Set return code if [ $LISTED -gt 0 ]; then exit 4 fi