#!/usr/bin/perl # # blacklist-check.pl - check IP addresses and domains in DNSBLs # # Copyright (c) 2012 Janne Snabb # # Permission to use, copy, modify, and/or distribute this software # for any purpose with or without fee is hereby granted, provided # that the above copyright notice and this permission notice appear # in all copies. # # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL # WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED # WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE # AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL # DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA # OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER # TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR # PERFORMANCE OF THIS SOFTWARE. # ############################################################################## # # Introduction # ============ # # This script can be used to periodically check if IP addresses or # domains are listed in DNS based blackhole lists. A typical scenario # is to check mail and web server domains and mail server IP addresses # periodically from cron. # # Usage # ===== # # 1. Edit the configuration settings below. List the domains, IP addresses # and the blacklists you want to check. # # 2. Make this script executable, as in: # # chmod +x blacklist-check.pl # # 3. Run manually to see the results: # # ./blacklist-check.pl # # Many IP lists use 127.0.0.2 as a test address, you can look it up # to see how the output looks like. # # 4. Add in crontab, for example the following setting will run the checks # every six hours and e-mail the results to the owner of the crontab: # # 42 0,6,12,18 * * * /home/foobar/bin/blacklist-check.pl # # The script does not produce any output if nothing is found. Thus # there will be no mail from cron if everything is ok. # ############################################################################## #use local::lib; # can be removed use common::sense; # can be removed use Net::Blacklist::Client; # required ############################################################################## # Configuration settings: ############################################################################## # IP addresses to check: my @ips = qw( 192.0.2.1 198.51.100.1 203.0.113.1 127.0.0.2 ); # Domains to check: my @domains = qw( example.com example.net example.org ); # IP blacklists to check (this default is what SpamAssassin uses): my @ip_lists = qw( combined.njabl.org dnsbl.sorbs.net zen.spamhaus.org bl.spamcop.net bb.barracudacentral.org psbl.surriel.com bl.score.senderscore.com ); # Domain blacklists to check (this default is what SpamAssassin uses): my @domain_lists = qw( rhsbl.ahbl.org dbl.spamhaus.org multi.surbl.org multi.uribl.com ); ############################################################################## # End of configuration. ############################################################################## sub print_result ($$) { my $query = shift; my $result = shift; return unless keys %$result; print "query $query:\n"; foreach my $list (keys %$result) { printf "\t%s: %s (%s)\n", $list, $result->{$list}->{a}, $result->{$list}->{txt}; } } # main() my $rbl = Net::Blacklist::Client->new( lists_ip => \@ip_lists, lists_domain => \@domain_lists, ); foreach (@ips) { my $result = $rbl->lookup_ip($_); print_result($_, $result); } foreach (@domains) { my $result = $rbl->lookup_domain($_); print_result($_, $result); } exit; ############################################################################## # eof ##############################################################################