Created
January 17, 2012 23:40
-
-
Save jvehent/1629798 to your computer and use it in GitHub Desktop.
check-rbl.sh
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env bash | |
| DEBUG="$1" | |
| SRV="smtp.example.net smtp2.example.net smtp.example.com" | |
| # RBL list from http://www.anti-abuse.org/multi-rbl-check/ | |
| RBL="bl.spamcop.net cbl.abuseat.org b.barracudacentral.org dnsbl.invaluement.com ddnsbl.internetdefensesystems.com dnsbl.sorbs.net http.dnsbl.sorbs.net dul.dnsbl.sorbs.net misc.dnsbl.sorbs.net smtp.dnsbl.sorbs.net socks.dnsbl.sorbs.net spam.dnsbl.sorbs.net web.dnsbl.sorbs.net zombie.dnsbl.sorbs.net dnsbl-1.uceprotect.net dnsbl-2.uceprotect.net dnsbl-3.uceprotect.net pbl.spamhaus.org sbl.spamhaus.org xbl.spamhaus.org zen.spamhaus.org bl.spamcannibal.org psbl.surriel.com ubl.unsubscore.com dnsbl.njabl.org combined.njabl.org rbl.spamlab.com dnsbl.ahbl.org ircbl.ahbl.org dyna.spamrats.com noptr.spamrats.com spam.spamrats.com cbl.anti-spam.org.cn cdl.anti-spam.org.cn dnsbl.inps.de drone.abuse.ch httpbl.abuse.ch dul.ru korea.services.net short.rbl.jp virus.rbl.jp spamrbl.imp.ch wormrbl.imp.ch virbl.bit.nl rbl.suresupport.com dsn.rfc-ignorant.org ips.backscatterer.org spamguard.leadmon.net opm.tornevall.org netblock.pedantic.org black.uribl.com grey.uribl.com multi.surbl.org ix.dnsbl.manitu.net tor.dan.me.uk rbl.efnetrbl.org relays.mail-abuse.org blackholes.mail-abuse.org rbl-plus.mail-abuse.org dnsbl.dronebl.org access.redhawk.org db.wpbl.info rbl.interserver.net query.senderbase.org bogons.cymru.com" | |
| for server in $SRV | |
| do | |
| ip=$(dig +short $server) | |
| r_ip=$(echo $ip|awk -F"." '{for(i=NF;i>0;i--) printf i!=1?$i".":"%s",$i}') | |
| for rbl in $RBL | |
| do | |
| if [ ! -z "$DEBUG" ] | |
| then | |
| echo "testing $server ($ip) against $rbl" | |
| fi | |
| result=$(dig +short $r_ip.$rbl) | |
| if [ ! -z "$result" ] | |
| then | |
| echo "$server ($ip) is in $rbl with code $result" | |
| fi | |
| if [[ ! -z "$DEBUG" && -z "$result" ]] | |
| then | |
| echo "\`->negative" | |
| fi | |
| done | |
| done |
Very good script, i've tune it littler bit (get IP from network card, check)
#!/usr/bin/env bash
DEBUG="$1"
# RBL list from http://www.anti-abuse.org/multi-rbl-check/
RBL="bl.spamcop.net cbl.abuseat.org b.barracudacentral.org dnsbl.invaluement.com ddnsbl.internetdefensesystems.com dnsbl.sorbs.net http.dnsbl.sorbs.net dul.dnsbl.sorbs.net misc.dnsbl.sorbs.net smtp.dnsbl.sorbs.net socks.dnsbl.sorbs.net spam.dnsbl.sorbs.net web.dnsbl.sorbs.net zombie.dnsbl.sorbs.net dnsbl-1.uceprotect.net dnsbl-2.uceprotect.net dnsbl-3.uceprotect.net pbl.spamhaus.org sbl.spamhaus.org xbl.spamhaus.org zen.spamhaus.org bl.spamcannibal.org psbl.surriel.com ubl.unsubscore.com dnsbl.njabl.org combined.njabl.org rbl.spamlab.com dyna.spamrats.com noptr.spamrats.com spam.spamrats.com cbl.anti-spam.org.cn cdl.anti-spam.org.cn dnsbl.inps.de drone.abuse.ch httpbl.abuse.ch dul.ru korea.services.net short.rbl.jp virus.rbl.jp spamrbl.imp.ch wormrbl.imp.ch virbl.bit.nl rbl.suresupport.com dsn.rfc-ignorant.org ips.backscatterer.org spamguard.leadmon.net opm.tornevall.org netblock.pedantic.org black.uribl.com grey.uribl.com multi.surbl.org ix.dnsbl.manitu.net tor.dan.me.uk rbl.efnetrbl.org relays.mail-abuse.org blackholes.mail-abuse.org rbl-plus.mail-abuse.org dnsbl.dronebl.org access.redhawk.org db.wpbl.info rbl.interserver.net query.senderbase.org bogons.cymru.com"
for ip in `ip -o addr | awk '!/^[0-9]*: ?lo|link\/ether/ {gsub("/", " "); print $4}'`
do
for rbl in $RBL
do
if [ ! -z "$DEBUG" ]
then
echo "testing $server ($ip) against $rbl"
fi
result=$(dig +short $ip.$rbl)
if [ ! -z "$result" ]
then
echo "$server ($ip) is in $rbl with code $result"
fi
if [[ ! -z "$DEBUG" && -z "$result" ]]
then
echo "\`->negative"
fi
done
done
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I am the creator/maintainer of the invaluement.com antispam blacklists. WARNING: "dnsbl.invaluement.com" is a host name that DOES NOT WORK for lookups to our data... and NEVER HAS WORKED. If you put "dnsbl.invaluement.com" into your spam filter... it blocks EVERYTHING as it "lists the world". This is merely the host name for our web site, not for our blacklists. In the SAME way, if you put "www.spamhaus.org" as one of your RBLs, that will ALSO not work. If you want to use our blacklists, fill out a form on our web site to get a free trial, and you'll get CORRECT instructions for usage.