Anyone have a custom test to monitor if you appear on mail blacklists, reputation lists, or the like? If so, willing to share?
Am 13.06.2012 20:10, schrieb Michael Baydoun:
Anyone have a custom test to monitor if you appear on mail blacklists, reputation lists, or the like? If so, willing to share?
Xymon mailing list Xymon at xymon.com http://lists.xymon.com/mailman/listinfo/xymon
try i.e such like this
http://www.heise.de/netze/artikel/Verdrehte-Abfrage-223890.html
#!/bin/sh
dnsbl-check-standalone.sh
By Damon Tajeddini (dta)
# 10.03.2009
MAIL_RCPT="postmaster at example.com"
DNSBLlist=`grep -v ^# <<! cbl.abuseat.org dnsbl.ahbl.org ircbl.ahbl.org virbl.dnsbl.bit.nl blackholes.five-ten-sg.com dnsbl.inps.de ix.dnsbl.manitu.net no-more-funn.moensted.dk combined.njabl.org dnsbl.njabl.org dnsbl.sorbs.net bl.spamcannibal.org bl.spamcop.net sbl.spamhaus.org xbl.spamhaus.org pbl.spamhaus.org dnsbl-1.uceprotect.net
dnsbl-2.uceprotect.net
dnsbl-3.uceprotect.net
psbl.surriel.com l2.apews.org dnsrbl.swinog.ch db.wpbl.info !`
reverse IP address bytes
convertIP()
{
set IFS=".";echo $1
echo $4.$3.$2.$1
}
usage() { echo "Usage: $0 [-H <host>|-p]" echo " -H IP address to check" echo " -p Print list of DNSBLs" exit 3 }
Checks the IP with list of DNSBL servers
check()
{
for i in $DNSBLlist
do
if dig $ip_arpa.$i +short | grep -q "^127.0.0."
then
mail -s "** Service Alert: $ip found on $i **" $MAIL_RCPT <<!
*** DNSBL WARNING ***
Service: $progname
Host: hostname
Date/Time: date
Additional Info: DNSBL-Alarm: $ip is listed on $i
!
fi
done
exit
} # check
case $1 in
-H)
if [ -z "$2" ]; then
echo "ip address missing"
exit
fi
ip=$2
ip_arpa=convertIP $ip
check;;
-p) for i in $DNSBLlist do echo $i done exit;;
--help) usage exit;;
*) if [ -z "$1" ]; then usage fi echo "unknown command: $1" exit;; esac
or perhaps for crate your own xymon scirpt this is more easy to adapt
http://www.heise.de/netze/artikel/Verdrehte-Abfrage-223890.html
i.e
#!/bin/sh
DNSBLlist="ix.dnsbl.manitu.net bl.spamcannibal.org xbl.spamhaus.org"
set IFS=".";echo $1
ip_arpa=$4.$3.$2.$1
for l in $DNSBLlist do if nslookup $ip_arpa.$l | grep -q "Address: 127.0.0." then echo "$1 steht auf $l" fi done
-- Best Regards MfG Robert Schetterer
Hi, just wrote a little check for this not really perfect but may help others
#!/bin/sh COLUMN=rblcheck COLOR=green MSG="rblcheck status" rm -f /tmp/rblcheckfound.lst
DNSBLlist=grep -v ^# <<! cbl.abuseat.org dnsbl.ahbl.org ircbl.ahbl.org virbl.dnsbl.bit.nl blackholes.five-ten-sg.com dnsbl.inps.de ix.dnsbl.manitu.net no-more-funn.moensted.dk combined.njabl.org dnsbl.njabl.org dnsbl.sorbs.net bl.spamcannibal.org bl.spamcop.net sbl.spamhaus.org xbl.spamhaus.org pbl.spamhaus.org dnsbl-1.uceprotect.net psbl.surriel.com l2.apews.org dnsrbl.swinog.ch db.wpbl.info !
#put in here your mailservers ips
MSERVIPS=grep -v ^# <<! 1.2.3.4 !
for i in $DNSBLlist
do
for e in $MSERVIPS
do
IP=echo $e | awk 'BEGIN { FS = "." } ; { print $4 "." $3 "." $2 "."$1 }'
if dig $IP.$i +short | grep -q "^127.0.0."
then
echo "$e found on $i" >> /tmp/rblcheckfound.lst
MSG2=cat /tmp/rblcheckfound.lst
COLOR=red
fi
done
done
#send the results to hobbit so it can be graphed
$BB $BBDISP "status $MACHINE.$COLUMN $COLOR date
${MSG} ${MSG2} "
exit 0
Am 13.06.2012 20:16, schrieb Robert Schetterer:
Am 13.06.2012 20:10, schrieb Michael Baydoun:
Anyone have a custom test to monitor if you appear on mail blacklists, reputation lists, or the like? If so, willing to share?
Xymon mailing list Xymon at xymon.com http://lists.xymon.com/mailman/listinfo/xymon
try i.e such like this
http://www.heise.de/netze/artikel/Verdrehte-Abfrage-223890.html
#!/bin/sh
dnsbl-check-standalone.sh
By Damon Tajeddini (dta)
# 10.03.2009
MAIL_RCPT="postmaster at example.com"
DNSBLlist=`grep -v ^# <<! cbl.abuseat.org dnsbl.ahbl.org ircbl.ahbl.org virbl.dnsbl.bit.nl blackholes.five-ten-sg.com dnsbl.inps.de ix.dnsbl.manitu.net no-more-funn.moensted.dk combined.njabl.org dnsbl.njabl.org dnsbl.sorbs.net bl.spamcannibal.org bl.spamcop.net sbl.spamhaus.org xbl.spamhaus.org pbl.spamhaus.org dnsbl-1.uceprotect.net
dnsbl-2.uceprotect.net
dnsbl-3.uceprotect.net
psbl.surriel.com l2.apews.org dnsrbl.swinog.ch db.wpbl.info !`
reverse IP address bytes
convertIP() { set
IFS=".";echo $1echo $4.$3.$2.$1 }usage() { echo "Usage: $0 [-H <host>|-p]" echo " -H IP address to check" echo " -p Print list of DNSBLs" exit 3 }
Checks the IP with list of DNSBL servers
check() { for i in $DNSBLlist do if dig $ip_arpa.$i +short | grep -q "^127.0.0." then mail -s "** Service Alert: $ip found on $i **" $MAIL_RCPT <<! *** DNSBL WARNING *** Service: $progname Host:
hostnameDate/Time:dateAdditional Info: DNSBL-Alarm: $ip is listed on $i ! fi done exit } # checkcase $1 in -H) if [ -z "$2" ]; then echo "ip address missing" exit fi ip=$2 ip_arpa=
convertIP $ipcheck;;-p) for i in $DNSBLlist do echo $i done exit;;
--help) usage exit;;
*) if [ -z "$1" ]; then usage fi echo "unknown command: $1" exit;; esac
or perhaps for crate your own xymon scirpt this is more easy to adapt
http://www.heise.de/netze/artikel/Verdrehte-Abfrage-223890.html
i.e
#!/bin/sh
DNSBLlist="ix.dnsbl.manitu.net bl.spamcannibal.org xbl.spamhaus.org"
set
IFS=".";echo $1ip_arpa=$4.$3.$2.$1for l in $DNSBLlist do if nslookup $ip_arpa.$l | grep -q "Address: 127.0.0." then echo "$1 steht auf $l" fi done
-- Best Regards MfG Robert Schetterer
participants (2)
-
indymichaelb@gmail.com
-
robert@schetterer.org