[Xymon] dnsbl

Robert Schetterer robert at schetterer.org
Fri Jun 22 12:13:26 CEST 2012 

Hi,
just wrote a little check for this
not really perfect but may help others

#!/bin/sh
COLUMN=rblcheck
COLOR=green
MSG="rblcheck status"
rm -f /tmp/rblcheckfound.lst

DNSBLlist=`grep -v ^# <<!
cbl.abuseat.org
dnsbl.ahbl.org
ircbl.ahbl.org
virbl.dnsbl.bit.nl
blackholes.five-ten-sg.com
dnsbl.inps.de
ix.dnsbl.manitu.net
no-more-funn.moensted.dk
combined.njabl.org
dnsbl.njabl.org
dnsbl.sorbs.net
bl.spamcannibal.org
bl.spamcop.net
sbl.spamhaus.org
xbl.spamhaus.org
pbl.spamhaus.org
dnsbl-1.uceprotect.net
psbl.surriel.com
l2.apews.org
dnsrbl.swinog.ch
db.wpbl.info
!`

#put in here your mailservers ips
MSERVIPS=`grep -v ^# <<!
1.2.3.4
!`

 for i in $DNSBLlist
 do
 for e in $MSERVIPS
 do
 IP=`echo $e | awk 'BEGIN { FS = "." } ; { print $4 "." $3 "." $2 "."$1 }'`
 if dig $IP.$i +short | grep -q "^127.0.0."
 then
 echo "$e found on $i" >> /tmp/rblcheckfound.lst
 MSG2=`cat /tmp/rblcheckfound.lst`
 COLOR=red
 fi
 done
 done




#send the results to hobbit so it can be graphed
$BB $BBDISP "status $MACHINE.$COLUMN $COLOR `date`

${MSG}
${MSG2}
"

exit 0



Am 13.06.2012 20:16, schrieb Robert Schetterer:
> Am 13.06.2012 20:10, schrieb Michael Baydoun:
>> Anyone have a custom test to monitor if you appear on mail blacklists,
>> reputation lists, or the like?
>> If so, willing to share?
>>
>>
>> _______________________________________________
>> Xymon mailing list
>> Xymon at xymon.com
>> http://lists.xymon.com/mailman/listinfo/xymon
>>
> 
> try i.e such like this
> 
> http://www.heise.de/netze/artikel/Verdrehte-Abfrage-223890.html
> 
> --------------------------
> 
> #!/bin/sh
> #
> # dnsbl-check-standalone.sh
> #
> # By Damon Tajeddini (dta)
> # # 10.03.2009
> #
> MAIL_RCPT="postmaster at example.com"
> 
> DNSBLlist=`grep -v ^# <<!
> cbl.abuseat.org
> dnsbl.ahbl.org
> ircbl.ahbl.org
> virbl.dnsbl.bit.nl
> blackholes.five-ten-sg.com
> dnsbl.inps.de
> ix.dnsbl.manitu.net
> no-more-funn.moensted.dk
> combined.njabl.org
> dnsbl.njabl.org
> dnsbl.sorbs.net
> bl.spamcannibal.org
> bl.spamcop.net
> sbl.spamhaus.org
> xbl.spamhaus.org
> pbl.spamhaus.org
> dnsbl-1.uceprotect.net
> # dnsbl-2.uceprotect.net
> # dnsbl-3.uceprotect.net
> psbl.surriel.com
> l2.apews.org
> dnsrbl.swinog.ch
> db.wpbl.info
> !`
> 
> # reverse IP address bytes
> convertIP()
> {
>  set `IFS=".";echo $1`
>  echo $4.$3.$2.$1
> }
> 
> usage()
> {
>  echo "Usage: $0 [-H <host>|-p]"
>  echo " -H IP address to check"
>  echo " -p Print list of DNSBLs"
>  exit 3
> }
> 
> # Checks the IP with list of DNSBL servers
> check()
> {
>  for i in $DNSBLlist
>  do
>  if dig $ip_arpa.$i +short | grep -q "^127.0.0."
>  then
>  mail -s "** Service Alert: $ip found on $i **" $MAIL_RCPT <<!
>  *** DNSBL WARNING ***
>  Service: $progname
>  Host: `hostname`
>  Date/Time: `date`
>  Additional Info: DNSBL-Alarm: $ip is listed on $i
> !
>  fi
>  done
>  exit
> } # check
> 
> case $1 in
>  -H)
>  if [ -z "$2" ]; then
>  echo "ip address missing"
>  exit
>  fi
>  ip=$2
>  ip_arpa=`convertIP $ip`
>  check;;
> 
>  -p)
>  for i in $DNSBLlist
>  do
>  echo $i
>  done
>  exit;;
> 
>  --help)
>  usage
>  exit;;
> 
>  *)
>  if [ -z "$1" ]; then
>  usage
>  fi
>  echo "unknown command: $1"
>  exit;;
> esac
> 
> -------------------
> 
> or perhaps for crate your own  xymon scirpt this is more easy to adapt
> 
> http://www.heise.de/netze/artikel/Verdrehte-Abfrage-223890.html
> 
> i.e
> 
> ---------------
> #!/bin/sh
> 
> DNSBLlist="ix.dnsbl.manitu.net
> bl.spamcannibal.org
> xbl.spamhaus.org"
> 
> set `IFS=".";echo $1`
> ip_arpa=$4.$3.$2.$1
> 
> for l in $DNSBLlist
> do
>   if nslookup $ip_arpa.$l | grep -q "Address: 127.0.0."
>   then
>     echo "$1 steht auf $l"
>   fi
> done
> --------------------------
> 


-- 
Best Regards
MfG Robert Schetterer

More information about the Xymon mailing list