Giter Site home page Giter Site logo

dnsbl's Introduction

CLI DNSBL checker

Cron friendly CLI DNSBL checker utility.

Introduction

Check if a hostname or IP address is blacklisted by any of the DNSBL sevices commonly subscribed by SPAM filters.

Requires

Installation

git clone https://github.com/yds/dnsbl.git
cp dnsbl/dnsbl.yml /etc/
cp dnsbl/dnsbl /usr/local/bin/
chmod 0555 /usr/local/bin/dnsbl

Usage

Edit and install the included crontab file:

[email protected]
[email protected]
PATH=~/bin:/usr/local/bin:/usr/bin:/bin
#
#minute	hour	mday	month	wday	command
#
15,45	*	*	*	*	dnsbl example.com
  • Change the email address where BLACKLISTED alerts will be sent to and from.
  • Change dnsbl target host address to the FQDN or IP address you need to scan.

Examples

Use with FQDN or IP address

dnsbl -v example.com
dnsbl -v 118.26.173.212

Sample output

$ dnsbl -v 118.26.173.212
...
The DNS query name does not exist: A 212.173.26.118.black.junkemailfilter.com.
The DNS response does not contain an answer to the question: TXT 212.173.26.118.hostkarma.junkemailfilter.com.
The DNS operation timed out after 5.001934766769409 seconds: A 212.173.26.118.ip.v4bl.org.
The DNS query name does not exist: A 212.173.26.118.dnsbl.calivent.com.pe.
The DNS response does not contain an answer to the question: A 212.173.26.118.forbidden.icm.edu.pl.
The DNS query name does not exist: A 212.173.26.118.88.blocklist.zap.
All nameservers failed to answer the query: A 212.173.26.118.black.mail.abusix.zone.

	118.26.173.212 is BLACKLISTED:

https://MultiRBL.Valli.org/lookup/118.26.173.212.html
https://HetrixTools.com/blacklist-check/118.26.173.212

Hostkarma blacklist
http://wiki.junkemailfilter.com/index.php/Spam_DNS_Lists
[127.0.1.1]	212.173.26.118.hostkarma.junkemailfilter.com.
[127.0.0.3]	212.173.26.118.hostkarma.junkemailfilter.com.

Mailspike Rep
http://mailspike.org/
a=666;t=666;s=1628295936;r=2
[127.0.0.17]	212.173.26.118.rep.mailspike.net.

Barracuda Reputation Block List
http://www.barracudacentral.org/rbl/
http://www.barracudanetworks.com/reputation/?pr=1&ip=118.26.173.212
[127.0.0.2]	212.173.26.118.b.barracudacentral.org.

Barracuda Reputation Block List (for SpamAssassin)
http://www.barracudacentral.org/rbl/
http://www.barracudanetworks.com/reputation/?pr=1&ip=118.26.173.212
[127.0.0.2]	212.173.26.118.bb.barracudacentral.org.

Without the verbose -v option only the BLACKLISTED section is printed if there is anything blacklisted, otherwise there is no output to keep cron quiet.

For each failed zone the BLACKLISTED section prints a label, any URLs associated with that blacklist and the returned error code(s).

All the error messages printed with the verbose -v option above the BLACKLISTED section indicate the IP address is NOT blacklisted in those zones.

Blacklist providers

The distributed dnsbl.yml file of DNSBL zones to query was compiled from scraping https://HetrixTools.com/blacklist-check/ then running dnsbl -l to merge http://MultiRBL.Valli.org/list/ "alive" zones and prune any zones from the "dead" section.

Running dnsbl -m will output a YAML format listing of all the IPv4 "blacklist" DNSBL zones in the "alive" section of http://MultiRBL.Valli.org/list/

Running dnsbl -l will output a YAML format listing of all the zones in the local /etc/dnsbl.yml file plus all the IPv4 "blacklist" DNSBL zones in the "alive" section of http://MultiRBL.Valli.org/list/ minus any matching DNSBL zones from the "dead" section.

If your /etc/dnsbl.yml is up to date then running the following should not produce any output:

dnsbl -l > /tmp/dnsbl.yml
diff -u /etc/dnsbl.yml /tmp/dnsbl.yml

Otherwise you will see a unified diff which you can merge with your production /etc/dnsbl.yml as need be.

Config file format

/etc/dnsbl.yml is a YAML dict with the keys made up of DNSBL zones to query. Optionally each keys' value should have a URL followed by a tab \t and a description of the DNSBL. The URL may have a {} placeholder which if present will be replaced by the blacklisted IP address in the output. Standard YAML comments and empty values are allowed.

Both -l and -m output a valid config file sorted by reverse domain name. This sorting groups related zones together and allows for diffing against the installed /etc/dnsbl.yml config file.

Prior Art

License

MIT

dnsbl's People

Stargazers

avatar

Watchers

avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.