Blacklist check with email alerts

**fulltilt** · Nov 22nd 2016

This script checks your IP address against a list of RBL servers and send an email if a match is found.

nano /root/blacklistcheck
copy, paste & edit email, from and hosts

Shell-Script

#!/bin/bash
if
[ -f /root/mailqsend ] ; then
EMAIL="toYour@email.com"
WARNING="Host1 Blacklisted - please check"
echo "Host1 blacklisted check the mailsystem" | mail -a "From: postmaster@myhost.com" $EMAIL -s "$WARNING"
rm /root/mailqsend
fi
# IPs or hostnames to check if none provided as arguments to the script
hosts='
103.207.236.190
'
# Locally maintained list of DNSBLs to check
LocalList='
bl.score.senderscore.com
b.barracudacentral.org
bl.spamcannibal.org
bl.spamcop.net
dnsbl.sorbs.net
drone.abuse.ch
dul.dnsbl.sorbs.net
dyna.spamrats.com
http.dnsbl.sorbs.net
pbl.spamhaus.org
relays.bl.kundenserver.de
sbl.spamhaus.org
smtp.dnsbl.sorbs.net
socks.dnsbl.sorbs.net
spam.abuse.ch
spam.dnsbl.sorbs.net
xbl.spamhaus.org
zen.spamhaus.org
zombie.dnsbl.sorbs.net
'
# pipe delimited exclude list for remote lists
Exclude='^dnsbl.mailer.mobi$|^foo.bar$|^bar.baz$'
# Remotely maintained list of DNSBLs to check
WPurl="http://en.wikipedia.org/wiki/Comparison_of_DNS_blacklists"
WPlst=$(curl -s $WPurl | egrep "<td>([a-z]+\.){1,7}[a-z]+</td>" | sed -r 's|</?td>||g;/$Exclude/d')
# ---------------------------------------------------------------------
HostToIP()
{
if ( echo "$host" | egrep -q "[a-zA-Z]" ); then
IP=$(host "$host" | awk '/[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+/ {print$NF}')
else
IP="$host"
fi
}
Repeat()
{
printf "%${2}s\n" | sed "s/ /${1}/g"
}
Reverse()
{
echo $1 | awk -F. '{print$4"."$3"."$2"."$1}'
}
Check()
{
result=$(dig +short $rIP.$BL)
if [ -n "$result" ]; then
echo -e "MAY BE LISTED \t $BL (answer = $result)"
touch /root/mailqsend
else
echo -e "NOT LISTED \t $BL"
fi
}
if [ -n "$1" ]; then
hosts=$@
fi
if [ -z "$hosts" ]; then
hosts=$(netstat -tn | awk '$4 ~ /[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+/ && $4 !~ /127.0.0/ {gsub(/:[0-9]+/,"",$4);} END{print$4}')
fi
for host in $hosts; do
HostToIP
rIP=$(Reverse $IP)
# remote list
echo; Repeat - 100
echo " checking $IP against BLs from $WPurl"
Repeat - 100
for BL in $WPlst; do
Check
done
# local list
echo; Repeat - 100
echo " checking $IP against BLs from a local list"
Repeat - 100
for BL in $LocalList; do
Check
done
done

Display More

chmod +x /root/blacklistcheck

add a cron job f.ex. every hour
/root/blacklistcheck

**KH2015** · Nov 22nd 2016

Another "Tool"

Shell-Script

#!/bin/sh
#
# dnsbl-check-standalone.sh
#
# By Damon Tajeddini (dta)
# # 10.03.2009
#
MAIL_RCPT="check.s.p.am@youtdomain.de"
DNSBLlist=`grep -v ^# <<!
b.barracudacentral.org
cbl.abuseat.org
#dnsbl.ahbl.org
#ircbl.ahbl.org
virbl.dnsbl.bit.nl
blackholes.five-ten-sg.com
dnsbl.inps.de
ix.dnsbl.manitu.net
no-more-funn.moensted.dk
combined.njabl.org
dnsbl.njabl.org
dnsbl.sorbs.net
bl.spamcannibal.org
bl.spamcop.net
sbl.spamhaus.org
xbl.spamhaus.org
pbl.spamhaus.org
dnsbl-1.uceprotect.net
!`
# reverse IP address bytes
convertIP()
{
set `IFS=".";echo $1`
echo $4.$3.$2.$1
}
usage()
{
echo "Usage: $0 [-H host|-p]"
echo " -H IP address to check"
echo " -p Print list of DNSBLs"
}
# Checks the IP with list of DNSBL servers
check()
{
for i in $DNSBLlist
do
if dig $ip_arpa.$i +short | grep -q "^127.0.0."
then
mail -s "** Service Alert: $ip found on $i **" $MAIL_RCPT <<!
*** DNSBL WARNING ***
Service: $progname
Checker-Host: `hostname`
Date/Time: `date`
Additional Info: DNSBL-Alarm: Folgende $ip ist gelistet bei $i
!
echo "IP Listed in $i"
fi
done
} # check
case $1 in
-H)
if [ -z "$2" ]; then
echo "ip address missing"
fi
ip=$2
ip_arpa=`convertIP $ip`
check;;
-p)
for i in $DNSBLlist
do
echo $i
done
;;
--help)
usage
;;
*)
if [ -z "$1" ]; then
usage
fi
echo "unknown command: $1"
;;
esac

Display More

Blacklist check with email alerts

Share

Daily visitors