scripts/rblcheck.sh

#!/usr/bin/env bash
# Author:  Oliver Ladner <oli@lugh.ch>
# License: LGPL
#
# Checks if given IP is listed on various DNSBL found on:
# - http://multirbl.valli.org/list/
# - http://mxtoolbox.com
# - http://www.anti-abuse.org
#
# Requires these commands: host, dig, awk, tr, dirname
# - We can't rely on host/dig return codes!

# Return codes:
# 0  = no listings
# 1  = listed in 1 RBL
# 10 = listed in 10 or more RBLs

# Define all DNSBL to test against
dnsbl=(
rbl.lugh.ch
0spam.fusionzero.com
0spam-killlist.fusionzero.com
combined.abuse.ch
drone.abuse.ch
spam.abuse.ch
httpbl.abuse.ch
uribl.zeustracker.abuse.ch
ipbl.zeustracker.abuse.ch
contacts.abuse.net
rbl.abuse.ro
uribl.abuse.ro
abuse-contacts.abusix.org
dnsbl.ahbl.org
ircbl.ahbl.org
rhsbl.ahbl.org
all.s5h.net
spam.dnsbl.anonmails.de
list.anonwhois.net
dnsbl.anticaptcha.net
orvedb.aupads.org
rsbl.aupads.org
l1.apews.org
l2.apews.org
aspews.ext.sorbs.net
ips.backscatterer.org
b.barracudacentral.org
bb.barracudacentral.org
list.bbfh.org
l1.bbfh.ext.sorbs.net
l2.bbfh.ext.sorbs.net
l3.bbfh.ext.sorbs.net
l4.bbfh.ext.sorbs.net
bbm.2ch.net
niku.2ch.net
bbx.2ch.net
all.ascc.dnsbl.bit.nl
all.v6.ascc.dnsbl.bit.nl
all.dnsbl.bit.nl
ipv6.all.dnsbl.bit.nl
bitonly.dnsbl.bit.nl
blacklist.netcore.co.in
rbl.blakjak.net
list.blogspambl.com
bsb.empty.us
bsb.spamlookup.net
query.bondedsender.org
plus.bondedsender.org
dnsbl.burnt-tech.com
blacklist.sci.kun.nl
whitelist.sci.kun.nl
dul.blackhole.cantv.net
hog.blackhole.cantv.net
rhsbl.blackhole.cantv.net
rot.blackhole.cantv.net
spam.blackhole.cantv.net
cbl.anti-spam.org.cn
cblplus.anti-spam.org.cn
cblless.anti-spam.org.cn
cdl.anti-spam.org.cn
cml.anti-spam.org.cn
cbl.abuseat.org
rbl.choon.net
rwl.choon.net
zz.countries.nerd.dk
dnsbl.cyberlogic.net
bogons.cymru.com
v4.fullbogons.cymru.com
v6.fullbogons.cymru.com
origin.asn.cymru.com
origin6.asn.cymru.com
peer.asn.cymru.com
tor.dan.me.uk
torexit.dan.me.uk
ex.dnsbl.org
in.dnsbl.org
rbl.dns-servicios.com
dnsbl.ipocalypse.net
dnsbl.mags.net
dnsbl.mcu.edu.tw
dnsbl.othello.ch
dnsbl.rv-soft.info
list.dnswl.org
vote.drbl.caravan.ru
vote.drbldf.dsbl.ru
vote.drbl.gremlin.ru
work.drbl.caravan.ru
work.drbldf.dsbl.ru
work.drbl.gremlin.ru
dnsbl.dronebl.org
rbl.efnet.org
rbl.efnetrbl.org
tor.efnet.org
bl.emailbasura.org
rbl.fasthosts.co.uk
fnrbl.fast.net
forbidden.icm.edu.pl
88.blacklist.zap
hil.habeas.com
accredit.habeas.com
sa-accredit.habeas.com
hul.habeas.com
sohul.habeas.com
hostkarma.junkemailfilter.com
nobl.junkemailfilter.com
lookup.dnsbl.iip.lu
spamrbl.imp.ch
wormrbl.imp.ch
dnsbl.inps.de
dnswl.inps.de
intercept.datapacket.net
rbl.interserver.net
any.dnsl.ipquery.org
backscat.dnsl.ipquery.org
netblock.dnsl.ipquery.org
relay.dnsl.ipquery.org
single.dnsl.ipquery.org
rbl.ipv6wl.eu
iadb.isipp.com
iadb2.isipp.com
iddb.isipp.com
wadb.isipp.com
whitelist.rbl.ispa.at
mail-abuse.blacklist.jippg.org
dnsbl.justspam.org
dnsbl.kempt.net
spamlist.or.kr
admin.bl.kundenserver.de
relays.bl.kundenserver.de
schizo-bl.kundenserver.de
spamblock.kundenserver.de
worms-bl.kundenserver.de
spamguard.leadmon.net
dnsbl.madavi.de
c10.rbl.hk
bl.mailspike.net
rep.mailspike.net
wl.mailspike.net
z.mailspike.net
cidr.bl.mcafee.com
rbl.megarbl.net
dnsbl.forefront.microsoft.com
bl.mipspace.com
combined.rbl.msrbl.net
images.rbl.msrbl.net
phishing.rbl.msrbl.net
spam.rbl.msrbl.net
virus.rbl.msrbl.net
web.rbl.msrbl.net
rbl.mw-internet.net
relays.nether.net
trusted.nether.net
unsure.nether.net
ix.dnsbl.manitu.net
dnsbl.njabl.org
bhnc.njabl.org
combined.njabl.org
no-more-funn.moensted.dk
nospam.ant.pl
wl.nszones.com
dyn.nszones.com
sbl.nszones.com
bl.nszones.com
ubl.nszones.com
dnsbl.openresolvers.org
blacklist.mail.ops.asp.att.net
blacklist.sequoia.ops.asp.att.net
rbl.orbitrbl.com
netblock.pedantic.org
spam.pedantic.org
pofon.foobar.hu
rbl.polarcomm.net
safe.dnsbl.prs.proofpoint.com
dnsbl.proxybl.org
psbl.surriel.com
whitelist.surriel.com
list.quorum.to
all.rbl.jp
dyndns.rbl.jp
short.rbl.jp
url.rbl.jp
virus.rbl.jp
rbl.schulte.org
rbl.zenon.net
access.redhawk.org
dnsbl.rizon.net
dynip.rothen.com
asn.routeviews.org
aspath.routeviews.org
dul.ru
dnsbl.rymsho.ru
rhsbl.rymsho.ru
dyn.sbg-rbl.org
dyn2.sbg-rbl.org
sbg.sbg-rbl.org
tor.dnsbl.sectoor.de
exitnodes.tor.dnsbl.sectoor.de
query.senderbase.org
sa.senderbase.org
bl.score.senderscore.com
bl.shlink.org
dmm.shlink.org
dyn.shlink.org
rhsbl.shlink.org
rhswl.shlink.org
wl.shlink.org
blackholes.scconsult.com
dnsbl.solid.net
dnsbl.sorbs.net
problems.dnsbl.sorbs.net
proxies.dnsbl.sorbs.net
relays.dnsbl.sorbs.net
safe.dnsbl.sorbs.net
nomail.rhsbl.sorbs.net
badconf.rhsbl.sorbs.net
dul.dnsbl.sorbs.net
zombie.dnsbl.sorbs.net
block.dnsbl.sorbs.net
escalations.dnsbl.sorbs.net
http.dnsbl.sorbs.net
misc.dnsbl.sorbs.net
smtp.dnsbl.sorbs.net
socks.dnsbl.sorbs.net
rhsbl.sorbs.net
spam.dnsbl.sorbs.net
recent.spam.dnsbl.sorbs.net
new.spam.dnsbl.sorbs.net
old.spam.dnsbl.sorbs.net
web.dnsbl.sorbs.net
korea.services.net
geobl.spameatingmonkey.net
origin.asn.spameatingmonkey.net
backscatter.spameatingmonkey.net
badnets.spameatingmonkey.net
bl.spameatingmonkey.net
fresh.spameatingmonkey.net
fresh10.spameatingmonkey.net
fresh15.spameatingmonkey.net
bl.ipv6.spameatingmonkey.net
netbl.spameatingmonkey.net
uribl.spameatingmonkey.net
urired.spameatingmonkey.net
singlebl.spamgrouper.com
netblockbl.spamgrouper.com
geobl.spamanalysis.org
bl.spamcannibal.org
dnsbl.spam-champuru.livedoor.com
bl.spamcop.net
dbl.spamhaus.org
_vouch.dwl.spamhaus.org
pbl.spamhaus.org
sbl.spamhaus.org
sbl-xbl.spamhaus.org
swl.spamhaus.org
xbl.spamhaus.org
zen.spamhaus.org
feb.spamlab.com
rbl.spamlab.com
all.spamrats.com
dyna.spamrats.com
noptr.spamrats.com
spam.spamrats.com
spamsources.fabel.dk
badhost.stopspam.org
block.stopspam.org
dnsbl.stopspam.org
dul.pacifier.net
bl.summersault.com
wl.summersault.com
multi.surbl.org
xs.surbl.org
srn.surgate.net
dnsbl.swiftbl.org
dnsrbl.swinog.ch
uribl.swinog.ch
rbl.tdk.net
bl.technovision.dk
st.technovision.dk
dob.sibl.support-intelligence.net
dbl.tiopan.com
bl.tiopan.com
opm.tornevall.org
spamtrap.trblspam.com
r.mail-abuse.com
q.mail-abuse.com
rbl2.triumf.ca
wbl.triumf.ca
truncate.gbudb.net
wl.trusted-forwarder.org
dunk.dnsbl.tuxad.de
hartkore.dnsbl.tuxad.de
dnsbl-0.uceprotect.net
dnsbl-1.uceprotect.net
dnsbl-2.uceprotect.net
dnsbl-3.uceprotect.net
ubl.unsubscore.com
black.uribl.com
grey.uribl.com
multi.uribl.com
red.uribl.com
white.uribl.com
free.v4bl.org
ip.v4bl.org
virbl.dnsbl.bit.nl
nlwhitelist.dnsbl.bit.nl
dnsbl.webequipped.com
ips.whitelisted.org
blacklist.woody.ch
ipv6.blacklist.woody.ch
uri.blacklist.woody.ch
db.wpbl.info
bl.blocklist.de
dnsbl.zapbl.net
rhsbl.zapbl.net
zebl.zoneedit.com
ban.zebl.zoneedit.com
blackholes.five-ten-sg.com
relaytest.kundenserver.de
torserver.tor.dnsbl.sectoor.de
ubl.lashback.com
virbl.bit.nl
)

# No need to edit anything below this line

DNSBLCOUNT=${#dnsbl[*]}

if [ -z $1 ]; then
       echo "Usage: $(basename $0) <ip-address> <fqdn>"
       exit 1
fi

INPUT=$1
# If $INPUT is a DNS name, get IP
if [ $(echo $INPUT | grep -c '[a-z]') -gt 0 ]; then
	INPUT=$(dig +short $INPUT | tail -1)
fi
LISTED=0

# Reverse an ip
function ip_reverse {
       # FIXME dumb
       INPUT=$(echo $INPUT | tr -s "." " ")
       INPUT=$(echo $INPUT | awk '{for (i=NF;i>=1;i--) printf $i" "} END{print ""}')
       OUTPUT=$(echo $INPUT | tr -s " " ".")
       echo $OUTPUT
}

# Query the RBL
function check_rbl {
       ARG=$1
       if [ "$ARG" = "reachability" ]; then
               RETURNED=$(host $a | grep -c NXDOMAIN)

               if [ $RETURNED -gt 0 ]; then
                       echo "$a ($b) not reachable, thus ignored."
                       # Delete this entry from the array via id
                       unset dnsbl[$b]
               fi
               WHATSLEFT=${#dnsbl[@]}
       fi

       if [ "$ARG" = "node" ]; then
       # dig lookup with reversed ip
       QUERY=$(dig -t ANY +noauthority +noadditional +nostats $(ip_reverse).$i | grep -E -w '(status:|TXT|(A|CNAME))')
       QUERY_END=$(echo $QUERY | awk '{ print $NF }')


       case $QUERY in

       *NXDOMAIN*)
               #echo "Not in $i"
               ;;
       #*127.0.0.2)
       #        echo "$(ip_reverse) LISTED in $i"
       #        ;;

       # Almost all DNSBLs got a TXT record for listed IPs, we want these
       *TXT*)
               REASON_REMOTE=$(echo $QUERY | grep TXT | cut -d'"' -f2 | head -1)
               echo "LISTED in $i ($REASON_REMOTE) "
               LISTED=$(($LISTED+1))
               ;;
       # For those DNSBLs with no TXT record, just indicate the listing
       *)
               echo "LISTED in $i (no reason provided)"
               LISTED=$(($LISTED+1))
               ;;
       esac
       fi
}

echo -e "Mailserver:\t$INPUT ($(dig -t TXT +short +noauthority +noadditional +nostats $(ip_reverse).zz.countries.nerd.dk | grep '[a-z]' ))"

# dnsbl array counter
b=-1

# First check if the RBL is reachable
for a in "${dnsbl[@]}"; do
       b=$(($b+1))
       check_rbl reachability
done

echo -e "DNSBLs:\t\t$DNSBLCOUNT ($WHATSLEFT reachable)"

# Then query
for i in "${dnsbl[@]}"; do
       check_rbl node
done

PERC=$(echo "scale=2; ($LISTED / $WHATSLEFT) * 100" | bc)
echo -e "Listings:\t$LISTED ($PERC %)"

# Set return code
if [ $LISTED -gt 0 ]; then
	if [ $LISTED -eq 1 ]; then
		exit 1
	elif [ $LISTED -ge 10 ]; then
		exit 10
	fi
else
	exit 0
fi