[Xymon] dnsbl

Robert Schetterer robert at schetterer.org
Wed Jun 13 20:16:43 CEST 2012 

Am 13.06.2012 20:10, schrieb Michael Baydoun:
> Anyone have a custom test to monitor if you appear on mail blacklists,
> reputation lists, or the like?
> If so, willing to share?
> 
> 
> _______________________________________________
> Xymon mailing list
> Xymon at xymon.com
> http://lists.xymon.com/mailman/listinfo/xymon
> 

try i.e such like this

http://www.heise.de/netze/artikel/Verdrehte-Abfrage-223890.html

--------------------------

#!/bin/sh
#
# dnsbl-check-standalone.sh
#
# By Damon Tajeddini (dta)
# # 10.03.2009
#
MAIL_RCPT="postmaster at example.com"

DNSBLlist=`grep -v ^# <<!
cbl.abuseat.org
dnsbl.ahbl.org
ircbl.ahbl.org
virbl.dnsbl.bit.nl
blackholes.five-ten-sg.com
dnsbl.inps.de
ix.dnsbl.manitu.net
no-more-funn.moensted.dk
combined.njabl.org
dnsbl.njabl.org
dnsbl.sorbs.net
bl.spamcannibal.org
bl.spamcop.net
sbl.spamhaus.org
xbl.spamhaus.org
pbl.spamhaus.org
dnsbl-1.uceprotect.net
# dnsbl-2.uceprotect.net
# dnsbl-3.uceprotect.net
psbl.surriel.com
l2.apews.org
dnsrbl.swinog.ch
db.wpbl.info
!`

# reverse IP address bytes
convertIP()
{
 set `IFS=".";echo $1`
 echo $4.$3.$2.$1
}

usage()
{
 echo "Usage: $0 [-H <host>|-p]"
 echo " -H IP address to check"
 echo " -p Print list of DNSBLs"
 exit 3
}

# Checks the IP with list of DNSBL servers
check()
{
 for i in $DNSBLlist
 do
 if dig $ip_arpa.$i +short | grep -q "^127.0.0."
 then
 mail -s "** Service Alert: $ip found on $i **" $MAIL_RCPT <<!
 *** DNSBL WARNING ***
 Service: $progname
 Host: `hostname`
 Date/Time: `date`
 Additional Info: DNSBL-Alarm: $ip is listed on $i
!
 fi
 done
 exit
} # check

case $1 in
 -H)
 if [ -z "$2" ]; then
 echo "ip address missing"
 exit
 fi
 ip=$2
 ip_arpa=`convertIP $ip`
 check;;

 -p)
 for i in $DNSBLlist
 do
 echo $i
 done
 exit;;

 --help)
 usage
 exit;;

 *)
 if [ -z "$1" ]; then
 usage
 fi
 echo "unknown command: $1"
 exit;;
esac

-------------------

or perhaps for crate your own  xymon scirpt this is more easy to adapt

http://www.heise.de/netze/artikel/Verdrehte-Abfrage-223890.html

i.e

---------------
#!/bin/sh

DNSBLlist="ix.dnsbl.manitu.net
bl.spamcannibal.org
xbl.spamhaus.org"

set `IFS=".";echo $1`
ip_arpa=$4.$3.$2.$1

for l in $DNSBLlist
do
  if nslookup $ip_arpa.$l | grep -q "Address: 127.0.0."
  then
    echo "$1 steht auf $l"
  fi
done
--------------------------
-- 
Best Regards
MfG Robert Schetterer

More information about the Xymon mailing list