From a2f6a3e5ffea0d7b8979d4d5a8a948f71b1407af Mon Sep 17 00:00:00 2001 From: Dan Date: Sat, 15 Jan 2022 12:22:04 +1300 Subject: [PATCH] added files --- blacklist_check.sh | 148 +++++++++++++++++++++++++++++++++++++++++++++ email_server.txt | 2 + multi_check.sh | 7 +++ 3 files changed, 157 insertions(+) create mode 100755 blacklist_check.sh create mode 100644 email_server.txt create mode 100755 multi_check.sh diff --git a/blacklist_check.sh b/blacklist_check.sh new file mode 100755 index 0000000..3b6d270 --- /dev/null +++ b/blacklist_check.sh @@ -0,0 +1,148 @@ +#!/bin/bash +# +# Check if an IP address is listed on one of the +# following blacklists. The format is chosen to +# make it easy to add or delete. The shell script +# will strip multiple white spaces. + +BLISTS=" + aspews.ext.sorbs.net + b.barracudacentral.org + bl.deadbeef.com + bl.spamcop.net + blackholes.five-ten-sg.com + blacklist.woody.ch + bogons.cymru.com + cbl.abuseat.org + cdl.anti-spam.org.cn + combined.abuse.ch + combined.rbl.msrbl.net + db.wpbl.info + dnsbl.cyberlogic.net + dnsbl.dronebl.org + dnsbl.inps.de + dnsbl.njabl.org + dnsbl.sorbs.net + drone.abuse.ch + duinv.aupads.org + dul.dnsbl.sorbs.net + dul.ru + dyna.spamrats.com + dynip.rothen.com + http.dnsbl.sorbs.net + images.rbl.msrbl.net + ips.backscatterer.org + ix.dnsbl.manitu.net + korea.services.net + misc.dnsbl.sorbs.net + noptr.spamrats.com + ohps.dnsbl.net.au + omrs.dnsbl.net.au + orvedb.aupads.org + osps.dnsbl.net.au + osrs.dnsbl.net.au + owfs.dnsbl.net.au + owps.dnsbl.net.au + pbl.spamhaus.org + phishing.rbl.msrbl.net + probes.dnsbl.net.au + proxy.bl.gweep.ca + proxy.block.transip.nl + psbl.surriel.com + rdts.dnsbl.net.au + relays.bl.gweep.ca + relays.bl.kundenserver.de + relays.nether.net + residential.block.transip.nl + ricn.dnsbl.net.au + rmst.dnsbl.net.au + sbl.spamhaus.org + short.rbl.jp + smtp.dnsbl.sorbs.net + socks.dnsbl.sorbs.net + spam.abuse.ch + spam.dnsbl.sorbs.net + spam.rbl.msrbl.net + spam.spamrats.com + spamlist.or.kr + spamrbl.imp.ch + t3direct.dnsbl.net.au + tor.dnsbl.sectoor.de + torserver.tor.dnsbl.sectoor.de + ubl.lashback.com + ubl.unsubscore.com + virbl.bit.nl + virus.rbl.jp + virus.rbl.msrbl.net + web.dnsbl.sorbs.net + wormrbl.imp.ch + xbl.spamhaus.org + zen.spamhaus.org + zombie.dnsbl.sorbs.net + dnsbl.httpbl.org + combined.njabl.org + dnsbl.spfbl.net +" +# register at http://www.projecthoneypot.org/httpbl_api.php to +# obtain an API-key +HTTPbl_API_KEY="[your_api_key]" +# simple shell function to show an error message and exit +# $0 : the name of shell script, $1 is the string passed as argument +# >&2 : redirect/send the message to stderr +ERROR() { + echo $0 ERROR: $1 >&2 + exit 2 +} + +# -- Sanity check on parameters +[ $# -ne 1 ] && ERROR 'Please specify a single IP address' +# -- if the address consists of 4 groups of minimal 1, maximal digits, +# separated by '.' +# -- reverse the order +# -- if the address does not match these criteria the variable +# 'reverse will be empty' +reverse=$(echo $1 | +sed -ne "s~^\([0-9]\{1,3\}\)\.\([0-9]\{1,3\}\)\.\([0-9]\{1,3\}\)\.\([0-9]\{1,3\}\)$~\4.\3.\2.\1~p") +if [ "x${reverse}" = "x" ] ; then + ERROR "IMHO '$1' doesn't look like a valid IP address" + exit 1 +fi + +# Assuming an IP address of 11.22.33.44 as parameter or argument +# If the IP address in $0 passes our crude regular expression +# check, the variable ${reverse} will contain 44.33.22.11 +# In this case the test will be: +# [ "x44.33.22.11" = "x" ] +# This test will fail and the program will continue +# An empty '${reverse}' means that shell argument $1 doesn't pass our +# simple IP address check. In that case the test will be: +# [ "x" = "x" ] +# This evaluates to true, so the script will call the ERROR function +# and quit +# -- do a reverse ( address -> name) DNS lookup +REVERSE_DNS=$(dig +short -x $1) +echo IP $1 NAME ${REVERSE_DNS:----} + +# -- cycle through all the blacklists +for BL in ${BLISTS} ; do + # print the UTC date (without linefeed) + printf $(env TZ=UTC date "+%Y-%m-%d_%H:%M:%S") + # show the reversed IP and append the name of the blacklist + if [ "$BL" == "dnsbl.httpbl.org" ]; + then + printf "%-50s" " ${HTTPbl_API_KEY}.${reverse}.${BL}." + else + printf "%-50s" " ${reverse}.${BL}." + fi + # use dig to lookup the name in the blacklist + # echo "$(dig +short -t a ${reverse}.${BL}. | tr 'n' ' ')" + if [ "$BL" == "dnsbl.httpbl.org" ]; + then + LISTED="$(dig +short -t a ${HTTPbl_API_KEY}.${reverse}.${BL}.)" + echo ${LISTED:----} + else + LISTED="$(dig +short -t a ${reverse}.${BL}.)" + echo ${LISTED:----} + fi +done +# --- EOT ------ diff --git a/email_server.txt b/email_server.txt new file mode 100644 index 0000000..d8af571 --- /dev/null +++ b/email_server.txt @@ -0,0 +1,2 @@ +email_server.com +second.email_server.com diff --git a/multi_check.sh b/multi_check.sh new file mode 100755 index 0000000..080da37 --- /dev/null +++ b/multi_check.sh @@ -0,0 +1,7 @@ +#!/bin/bash + +for ADDRESS in $(cat email_server.txt); + do + IP=$(nslookup $ADDRESS | grep Address | cut -d: -f2 | tail -n1); + ./blacklist_check.sh $IP; +done \ No newline at end of file