weeheavy/scripts
1
0
Fork 0
Code Pull requests Activity
scripts/rblcheck.sh

193 lines
4.3 KiB
Bash
Executable file
Raw Blame History

#!/usr/bin/env bash
# Author: Oliver Ladner <oli@lugh.ch>
# License: LGPL
#
# Checks if given IP is listed on any of the "major" DNSBL.
# I used this list: http://spamlinks.net/filter-dnsbl-lists.htm
#
# Requires these commands: host, dig, awk, tr, dirname
# - We can't rely on host/dig return codes!
# Return codes:
# 0 = no listings
# 4 = listed
# Define all DNSBL to test against
dnsbl=(b.barracudacentral.org
bl.deadbeef.com
#bl.emailbasura.org
bl.spamcannibal.org
bl.spamcop.net
blackholes.five-ten-sg.com
blacklist.woody.ch
bogons.cymru.com
cbl.abuseat.org
cdl.anti-spam.org.cn
combined.abuse.ch
combined.rbl.msrbl.net
db.wpbl.info
dnsbl-1.uceprotect.net
dnsbl-2.uceprotect.net
dnsbl-3.uceprotect.net
dnsbl.ahbl.org
dnsbl.cyberlogic.net
dnsbl.inps.de
dnsbl.njabl.org
dnsbl.sorbs.net
dnsrbl.swinog.ch
#duinv.aupads.org
dul.dnsbl.sorbs.net
dul.ru
dyna.spamrats.com
#dynip.rothen.com
#fl.chickenboner.biz
hostkarma.junkemailfilter.com
http.dnsbl.sorbs.net
images.rbl.msrbl.net
ips.backscatterer.org
ircbl.ahbl.org
ix.dnsbl.manitu.net
korea.services.net
misc.dnsbl.sorbs.net
noptr.spamrats.com
#ohps.dnsbl.net.au
#omrs.dnsbl.net.au
#opm.blitzed.org
orvedb.aupads.org
#osps.dnsbl.net.au
#osrs.dnsbl.net.au
#owfs.dnsbl.net.au
#owps.dnsbl.net.au
phishing.rbl.msrbl.net
#probes.dnsbl.net.au
#proxy.bl.gweep.ca
#proxy.block.transip.nl
psbl.surriel.com
rbl.efnet.org
rbl.interserver.net
#rdts.dnsbl.net.au
#relays.bl.gweep.ca
relays.bl.kundenserver.de
#relays.nether.net
relaytest.kundenserver.de
#residential.block.transip.nl
#ricn.dnsbl.net.au
#rmst.dnsbl.net.au
short.rbl.jp
smtp.dnsbl.sorbs.net
socks.dnsbl.sorbs.net
spam.abuse.ch
spam.dnsbl.sorbs.net
spam.rbl.msrbl.net
spam.spamrats.com
spamlist.or.kr
spamrbl.imp.ch
#t3direct.dnsbl.net.au
#tor.ahbl.org
tor.dnsbl.sectoor.de
torserver.tor.dnsbl.sectoor.de
ubl.lashback.com
ubl.unsubscore.com
virbl.bit.nl
virbl.dnsbl.bit.nl
virus.rbl.jp
virus.rbl.msrbl.net
web.dnsbl.sorbs.net
wormrbl.imp.ch
zen.spamhaus.org
zombie.dnsbl.sorbs.net)
# No need to edit anything below this line
DNSBLCOUNT=${#dnsbl[*]}
if [ -z $1 ]; then
echo "Usage: $(basename $0) <ip-address>"
exit 1
fi
INPUT=$1
# If $INPUT is a DNS name, get IP
if [ $(echo $INPUT | grep -c '[a-z]') -gt 0 ]; then
INPUT=$(dig +short $INPUT | tail -1)
fi
LISTED=0
# Reverse an ip
function ip_reverse {
# FIXME dumb
INPUT=$(echo $INPUT | tr -s "." " ")
INPUT=$(echo $INPUT | awk '{for (i=NF;i>=1;i--) printf $i" "} END{print ""}')
OUTPUT=$(echo $INPUT | tr -s " " ".")
echo $OUTPUT
}
# Query the RBL
function check_rbl {
ARG=$1
if [ "$ARG" = "reachability" ]; then
RETURNED=$(host $a | grep -c NXDOMAIN)
if [ $RETURNED -gt 0 ]; then
echo "$a ($b) not reachable, thus ignored."
# Delete this entry from the array via id
unset dnsbl[$b]
fi
WHATSLEFT=${#dnsbl[@]}
fi
if [ "$ARG" = "node" ]; then
# dig lookup with reversed ip
QUERY=$(dig -t ANY +noauthority +noadditional +nostats $(ip_reverse).$i | grep -E -w '(status:|TXT|(A|CNAME))')
QUERY_END=$(echo $QUERY | awk '{ print $NF }')
case $QUERY in
*NXDOMAIN*)
#echo "Not in $i"
;;
#*127.0.0.2)
# echo "$(ip_reverse) LISTED in $i"
# ;;
# Almost all DNSBLs got a TXT record for listed IPs, we want these
*TXT*)
REASON_REMOTE=$(echo $QUERY | grep TXT | cut -d'"' -f2 | head -1)
echo "LISTED in $i ($REASON_REMOTE) "
LISTED=$(($LISTED+1))
;;
# For those DNSBLs with no TXT record, just indicate the listing
*)
echo "LISTED in $i (no reason provided)"
LISTED=$(($LISTED+1))
;;
esac
fi
}
echo -e "Mailserver:\t$INPUT"
# dnsbl array counter
b=-1
# First check if the RBL is reachable
for a in "${dnsbl[@]}"; do
b=$(($b+1))
check_rbl reachability
done
echo -e "DNSBLs:\t\t$DNSBLCOUNT ($WHATSLEFT reachable)"
# Then query
for i in "${dnsbl[@]}"; do
check_rbl node
done
PERC=$(echo "scale=3; ($LISTED / $WHATSLEFT) * 100" | bc)
echo -e "Listings:\t$LISTED ($PERC %)"
# Set return code
if [ $LISTED -gt 0 ]; then
exit 4
fi
View git blame Copy permalink