From 75fa6e3503d9750493e6794c271c9428102c5cc4 Mon Sep 17 00:00:00 2001 From: Dick Visser Date: Mon, 2 May 2022 22:22:54 +0200 Subject: [PATCH 1/5] Add support for custom blacklsts, verbose logging --- check_dnsbl.py | 44 +++++++++++++++++++++++++++++--------------- 1 file changed, 29 insertions(+), 15 deletions(-) diff --git a/check_dnsbl.py b/check_dnsbl.py index a9ce957..f47dcca 100755 --- a/check_dnsbl.py +++ b/check_dnsbl.py @@ -4,6 +4,8 @@ import argparse import socket import ipaddress +import re +from pprint import pprint def nagios_exit(message, code): print(message) @@ -17,26 +19,34 @@ def is_ipaddr(string): return False try: + from pydnsbl.providers import BASE_PROVIDERS, Provider + parser = argparse.ArgumentParser(description='Check if a hostname/IP address appears in DNS based blacklists') parser.add_argument('--host', help='the IP/host to check', required=True) parser.add_argument('--warn', '-w', - help='WARN when host appears in this many blacklists. Defaults to 1', - required=False, type=int, default=1) + help='WARN when host appears in this many blacklists. Defaults to 1', + required=False, type=int, default=1) parser.add_argument('--crit', '-c', - help='CRIT when host appears in this many blacklists. Defaults to 2', - required=False, type=int, default=2) - # TODO - # parser.add_argument('--providers', - # help='Comma separated list of DNS blacklist provider hostname. Defaults to the _BASE_PROVIDERS set that is listed at https://github.com/dmippolitov/pydnsbl/blob/master/pydnsbl/providers.py' - # ) + help='CRIT when host appears in this many blacklists. Defaults to 2', + required=False, type=int, default=2) + parser.add_argument('--providers', '--blacklists', + help=f"Comma or space separated list of DNS blacklist provider hostnames. Defaults to: {', '.join([p.host for p in BASE_PROVIDERS])}.", + default=','.join([p.host for p in BASE_PROVIDERS]), + required=False, + ) + parser.add_argument('--verbose', '-v', + help='Show verbose output', + action="store_true") args = parser.parse_args() host = args.host warn = args.warn crit = args.crit - # providers = args.providers + providers = re.split(r',+| +', args.providers) + verbose = args.verbose + # pprint(providers) # Start with a clean slate ok_msg = [] warn_msg = [] @@ -47,10 +57,10 @@ def is_ipaddr(string): # Find all IPv4 and IPv6 addresses ip_addresses = [a[4][0] for a in socket.getaddrinfo(host=host, port=0, proto=socket.IPPROTO_TCP)] - checker = pydnsbl.DNSBLIpChecker() + checker = pydnsbl.DNSBLIpChecker(providers=[Provider(prov) for prov in providers]) # List of blacklist results per IP - results = [p for p in [checker.check(ip) for ip in ip_addresses] if p.blacklisted] + results = [p for p in map(checker.check, ip_addresses) if p.blacklisted] msg = [] total_hits = 0 @@ -61,7 +71,6 @@ def is_ipaddr(string): reported_host = host else: reported_host = f"{host}'s IP address {result.addr}" - msg.append(f"{reported_host} appears in {len(detected_by)} blacklist{'s' if len(detected_by) > 1 else ''}: {', '.join(list(detected_by.keys()))}") if total_hits == 1 and crit > warn: @@ -74,13 +83,18 @@ def is_ipaddr(string): else: ok_msg.append(f"None of {host}'s IP addresses ({', '.join(ip_addresses)}) appear on a blacklist") + if verbose: + verbose_text = ['\nBlacklists used:\n\n' +'\n'.join(providers)] + else: + verbose_text = [] + except Exception as e: nagios_exit("UNKNOWN: Unknown error: {0}.".format(e), 3) # Exit with accumulated message(s) if crit_msg: - nagios_exit("CRITICAL: " + ' '.join(crit_msg + warn_msg), 2) + nagios_exit("CRITICAL: " + ' '.join(crit_msg + warn_msg + verbose_text), 2) elif warn_msg: - nagios_exit("WARNING: " + ' '.join(warn_msg), 1) + nagios_exit("WARNING: " + ' '.join(warn_msg + verbose_text), 1) else: - nagios_exit("OK: " + ' '.join(ok_msg), 0) + nagios_exit("OK: " + ' '.join(ok_msg + verbose_text), 0) From e00bad346d0cedab17ef965d5467dacf7b9216c4 Mon Sep 17 00:00:00 2001 From: Dick Visser Date: Mon, 2 May 2022 22:23:27 +0200 Subject: [PATCH 2/5] Curated list of RBL from mxtoolbox.com --- mxtoolbox.blacklists.txt | 176 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 176 insertions(+) create mode 100644 mxtoolbox.blacklists.txt diff --git a/mxtoolbox.blacklists.txt b/mxtoolbox.blacklists.txt new file mode 100644 index 0000000..ef7e434 --- /dev/null +++ b/mxtoolbox.blacklists.txt @@ -0,0 +1,176 @@ +# List of DNS based blacklists, as used by MXtoolbox.com: +# https://mxtoolbox.com/problem/blacklist/ +# Note: some of these require subscriptions/API keys/etc + + +# 0SPAM +bl.0spam.org + +# Abuse.ro +rbl.abuse.ro + +# Abusix blacklists require an API key + +# Anonmails DNSBL +spam.dnsbl.anonmails.de + +# BACKSCATTERER +ips.backscatterer.org + +# BARRACUDA +b.barracudacentral.org + +# BLOCKLIST.DE +bl.blocklist.de + +# CALIVENT +rechazar_rbl_client dnsbl.calivent.com.pe + +# CYMRU BOGONS +v4.fullbogons.cymru.com + +# CYMRU BOGONS IPv6 +v6.fullbogons.cymru.com + +# DAN TOR +tor.dan.me.uk + +# DAN TOREXIT +torexit.dan.me.uk + +# DNS SERVICIOS +# service seems dead: https://mxtoolbox.com/problem/blacklist/dns-servicios + +# DRMX +bl.drmx.org + +# DRONE BL +dnsbl.dronebl.org + +# FABELSOURCES +spamsources.fabel.dk + +# HIL +# service seems dead: https://mxtoolbox.com/problem/blacklist/hil + +# HIL2 +# service seems dead: https://mxtoolbox.com/problem/blacklist/hil2 + +# Hostkarma Black +hostkarma.junkemailfilter.com + +# IBM DNS Blacklist +# service seems dead: https://mxtoolbox.com/problem/blacklist/ibm-dns-blacklist + +# ICMFORBIDDEN +# http://sunsite.icm.edu.pl/spam/bh.html lists several other services? +lists.dsbl.org +multihop.dsbl.org +inputs.orbz.org +outputs.orbz.org +relays.ordb.org +relays.osirusoft.com +outputs.relays.osirusoft.com +spammers.v6net.org +dev.null.dk +orbs.dorkslayers.com +xbl.selwerd.cx +blackholes.five-ten-sg.com +bl.spamcop.net +forbidden.icm.edu.pl + +# IMP SPAM & IMP WORM +dnsrbl.imp.ch +spamrbl.imp.ch +wormrbl.imp.ch +uribl.swinog.ch +blacklist.woody.ch + + +# INTERSERVER +rblspamassassin.interserver.net +rbl.interserver.net + +# ivmSIP & ivmSIP24 +# requires subscription: https://www.invaluement.com/subscribe/ + +# JIPPG +mail-abuse.blacklist.jippg.org + +# KEMPTBL +dnsbl.kempt.net + +# KISA +# service seems dead: https://mxtoolbox.com/problem/blacklist/kisa + +# Konstant +# service seems dead: https://mxtoolbox.com/problem/blacklist/konstant + +# LASHBACK +ubl.unsubscore.com + +# LNSGBLOCK, LNSGMULTI, LNSGOR, LNSGSRC +# Confusing service, unsure how to use: https://mxtoolbox.com/problem/blacklist/lnsgbulk + +# MADAVI +# service seems dead: https://mxtoolbox.com/problem/blacklist/madavi + +# MAILSPIKE BL +bl.mailspike.net + +# MSRBL Phishing +phishing.rbl.msrbl.net + +# MSRBL Spam +spam.rbl.msrbl.net + +# NETHERRELAYS & NETHERUNSURE +# Service seems dead: https://mxtoolbox.com/problem/blacklist/netherrelays + +# NIXSPAM +ix.dnsbl.manitu.net + +# Nordspam BL +bl.nordspam.com + +# NoSolicitado +bl.nosolicitado.org + +# ORVEDB +# Service seems dead: https://mxtoolbox.com/problem/blacklist/orvedb + +# PSBL +psbl.surriel.com + +# RATS (Dyna + NoPtr + Spam) +all.spamrats.com + +# RBL JP +# Service seems dead: https://mxtoolbox.com/problem/blacklist/rbl-jp + +# RSBL +# Service seems dead: https://mxtoolbox.com/problem/blacklist/rsbl + +# s5h.net IPv6 +all.s5h.net + +# SCHULTE +rbl.schulte.org + +# SEM BACKSCATTER +backscatter.spameatingmonkey.net + +# SEM BLACK +bl.spameatingmonkey.net + +# Sender Score Reputation Network +# Provider has gone commercial? https://mxtoolbox.com/problem/blacklist/sender-score-reputation-network + +# SERVICESNET +korea.services.net + +# SORBS BLOCK +spam.dnsbl.sorbs.net +dnsbl.sorbs.net + + From 03f81aa8d5aad9b5de3bfb5a7af5898b086796f2 Mon Sep 17 00:00:00 2001 From: Dick Visser Date: Tue, 3 May 2022 12:24:57 +0200 Subject: [PATCH 3/5] scape blacklists used by mxtoolbox --- mxtoolbox.blacklists.txt | 176 -------------------------------- mxtoolbox.blacklists.yml | 213 +++++++++++++++++++++++++++++++++++++++ 2 files changed, 213 insertions(+), 176 deletions(-) delete mode 100644 mxtoolbox.blacklists.txt create mode 100644 mxtoolbox.blacklists.yml diff --git a/mxtoolbox.blacklists.txt b/mxtoolbox.blacklists.txt deleted file mode 100644 index ef7e434..0000000 --- a/mxtoolbox.blacklists.txt +++ /dev/null @@ -1,176 +0,0 @@ -# List of DNS based blacklists, as used by MXtoolbox.com: -# https://mxtoolbox.com/problem/blacklist/ -# Note: some of these require subscriptions/API keys/etc - - -# 0SPAM -bl.0spam.org - -# Abuse.ro -rbl.abuse.ro - -# Abusix blacklists require an API key - -# Anonmails DNSBL -spam.dnsbl.anonmails.de - -# BACKSCATTERER -ips.backscatterer.org - -# BARRACUDA -b.barracudacentral.org - -# BLOCKLIST.DE -bl.blocklist.de - -# CALIVENT -rechazar_rbl_client dnsbl.calivent.com.pe - -# CYMRU BOGONS -v4.fullbogons.cymru.com - -# CYMRU BOGONS IPv6 -v6.fullbogons.cymru.com - -# DAN TOR -tor.dan.me.uk - -# DAN TOREXIT -torexit.dan.me.uk - -# DNS SERVICIOS -# service seems dead: https://mxtoolbox.com/problem/blacklist/dns-servicios - -# DRMX -bl.drmx.org - -# DRONE BL -dnsbl.dronebl.org - -# FABELSOURCES -spamsources.fabel.dk - -# HIL -# service seems dead: https://mxtoolbox.com/problem/blacklist/hil - -# HIL2 -# service seems dead: https://mxtoolbox.com/problem/blacklist/hil2 - -# Hostkarma Black -hostkarma.junkemailfilter.com - -# IBM DNS Blacklist -# service seems dead: https://mxtoolbox.com/problem/blacklist/ibm-dns-blacklist - -# ICMFORBIDDEN -# http://sunsite.icm.edu.pl/spam/bh.html lists several other services? -lists.dsbl.org -multihop.dsbl.org -inputs.orbz.org -outputs.orbz.org -relays.ordb.org -relays.osirusoft.com -outputs.relays.osirusoft.com -spammers.v6net.org -dev.null.dk -orbs.dorkslayers.com -xbl.selwerd.cx -blackholes.five-ten-sg.com -bl.spamcop.net -forbidden.icm.edu.pl - -# IMP SPAM & IMP WORM -dnsrbl.imp.ch -spamrbl.imp.ch -wormrbl.imp.ch -uribl.swinog.ch -blacklist.woody.ch - - -# INTERSERVER -rblspamassassin.interserver.net -rbl.interserver.net - -# ivmSIP & ivmSIP24 -# requires subscription: https://www.invaluement.com/subscribe/ - -# JIPPG -mail-abuse.blacklist.jippg.org - -# KEMPTBL -dnsbl.kempt.net - -# KISA -# service seems dead: https://mxtoolbox.com/problem/blacklist/kisa - -# Konstant -# service seems dead: https://mxtoolbox.com/problem/blacklist/konstant - -# LASHBACK -ubl.unsubscore.com - -# LNSGBLOCK, LNSGMULTI, LNSGOR, LNSGSRC -# Confusing service, unsure how to use: https://mxtoolbox.com/problem/blacklist/lnsgbulk - -# MADAVI -# service seems dead: https://mxtoolbox.com/problem/blacklist/madavi - -# MAILSPIKE BL -bl.mailspike.net - -# MSRBL Phishing -phishing.rbl.msrbl.net - -# MSRBL Spam -spam.rbl.msrbl.net - -# NETHERRELAYS & NETHERUNSURE -# Service seems dead: https://mxtoolbox.com/problem/blacklist/netherrelays - -# NIXSPAM -ix.dnsbl.manitu.net - -# Nordspam BL -bl.nordspam.com - -# NoSolicitado -bl.nosolicitado.org - -# ORVEDB -# Service seems dead: https://mxtoolbox.com/problem/blacklist/orvedb - -# PSBL -psbl.surriel.com - -# RATS (Dyna + NoPtr + Spam) -all.spamrats.com - -# RBL JP -# Service seems dead: https://mxtoolbox.com/problem/blacklist/rbl-jp - -# RSBL -# Service seems dead: https://mxtoolbox.com/problem/blacklist/rsbl - -# s5h.net IPv6 -all.s5h.net - -# SCHULTE -rbl.schulte.org - -# SEM BACKSCATTER -backscatter.spameatingmonkey.net - -# SEM BLACK -bl.spameatingmonkey.net - -# Sender Score Reputation Network -# Provider has gone commercial? https://mxtoolbox.com/problem/blacklist/sender-score-reputation-network - -# SERVICESNET -korea.services.net - -# SORBS BLOCK -spam.dnsbl.sorbs.net -dnsbl.sorbs.net - - diff --git a/mxtoolbox.blacklists.yml b/mxtoolbox.blacklists.yml new file mode 100644 index 0000000..8435640 --- /dev/null +++ b/mxtoolbox.blacklists.yml @@ -0,0 +1,213 @@ +--- +# List of DNS based blacklists, as used by MXtoolbox.com: +# https://mxtoolbox.com/problem/blacklist/ +# Note: some of these require subscriptions/API keys/etc + +blacklists: + # 0SPAM + - bl.0spam.org + + # Abuse.ro + - rbl.abuse.ro + + # Abusix blacklists require an API key + + # Anonmails DNSBL + - spam.dnsbl.anonmails.de + + # BACKSCATTERER + - ips.backscatterer.org + + # BARRACUDA + - b.barracudacentral.org + + # BLOCKLIST.DE + - bl.blocklist.de + + # CALIVENT + - dnsbl.calivent.com.pe + + # CYMRU BOGONS + - v4.fullbogons.cymru.com + + # CYMRU BOGONS IPv6 + - v6.fullbogons.cymru.com + + # DAN TOR + - tor.dan.me.uk + + # DAN TOREXIT + - torexit.dan.me.uk + + # DNS SERVICIOS + # service seems dead: https://mxtoolbox.com/problem/blacklist/dns-servicios + + # DRMX + - bl.drmx.org + + # DRONE BL + - dnsbl.dronebl.org + + # FABELSOURCES + - spamsources.fabel.dk + + # HIL + # service seems dead: https://mxtoolbox.com/problem/blacklist/hil + + # HIL2 + # service seems dead: https://mxtoolbox.com/problem/blacklist/hil2 + + # Hostkarma Black + - hostkarma.junkemailfilter.com + + # IBM DNS Blacklist + # service seems dead: https://mxtoolbox.com/problem/blacklist/ibm-dns-blacklist + + # ICMFORBIDDEN + # http://sunsite.icm.edu.pl/spam/bh.html lists several other services? + - lists.dsbl.org + - multihop.dsbl.org + - inputs.orbz.org + - outputs.orbz.org + - relays.ordb.org + - relays.osirusoft.com + - outputs.relays.osirusoft.com + - spammers.v6net.org + - dev.null.dk + - orbs.dorkslayers.com + - xbl.selwerd.cx + - blackholes.five-ten-sg.com + - bl.spamcop.net + - forbidden.icm.edu.pl + + # IMP SPAM & IMP WORM + - dnsrbl.imp.ch + - spamrbl.imp.ch + - wormrbl.imp.ch + - uribl.swinog.ch + + + # INTERSERVER + - rblspamassassin.interserver.net + - rbl.interserver.net + + # ivmSIP & ivmSIP24 + # requires subscription: https://www.invaluement.com/subscribe/ + + # JIPPG + - mail-abuse.blacklist.jippg.org + + # KEMPTBL + - dnsbl.kempt.net + + # KISA + # service seems dead: https://mxtoolbox.com/problem/blacklist/kisa + + # Konstant + # service seems dead: https://mxtoolbox.com/problem/blacklist/konstant + + # LASHBACK + - ubl.unsubscore.com + + # LNSGBLOCK, LNSGMULTI, LNSGOR, LNSGSRC + # Confusing service, unsure how to use: https://mxtoolbox.com/problem/blacklist/lnsgbulk + + # MADAVI + # service seems dead: https://mxtoolbox.com/problem/blacklist/madavi + + # MAILSPIKE BL + - bl.mailspike.net + + # MSRBL Phishing + - phishing.rbl.msrbl.net + + # MSRBL Spam + - spam.rbl.msrbl.net + + # NETHERRELAYS & NETHERUNSURE + # Service seems dead: https://mxtoolbox.com/problem/blacklist/netherrelays + + # NIXSPAM + - ix.dnsbl.manitu.net + + # Nordspam BL + - bl.nordspam.com + + # NoSolicitado + - bl.nosolicitado.org + + # ORVEDB + # Service seems dead: https://mxtoolbox.com/problem/blacklist/orvedb + + # PSBL + - psbl.surriel.com + + # RATS (Dyna + NoPtr + Spam) + - all.spamrats.com + + # RBL JP + # Service seems dead: https://mxtoolbox.com/problem/blacklist/rbl-jp + + # RSBL + # Service seems dead: https://mxtoolbox.com/problem/blacklist/rsbl + + # s5h.net IPv6 + - all.s5h.net + + # SCHULTE + - rbl.schulte.org + + # SEM BACKSCATTER + - backscatter.spameatingmonkey.net + + # SEM BLACK + - bl.spameatingmonkey.net + + # Sender Score Reputation Network + # Provider has gone commercial? https://mxtoolbox.com/problem/blacklist/sender-score-reputation-network + + # SERVICESNET + - korea.services.net + + # SORBS http://www.sorbs.net/general/using.shtml#largesites + - spam.dnsbl.sorbs.net + - dnsbl.sorbs.net + + # Spam Eating Monkey SEM IPv6BL + - bl.ipv6.spameatingmonkey.net + + # SPAMCOP + - bl.spamcop.net + + # Spamhaus ZEN + - zen.spamhaus.org + + # SPFBL DNSBL + - dnsbl.spfbl.net + + # Suomispam Reputation + - bl.suomispam.net + + # SWINOG + # Appears to be the same as "IMP SPAM & IMP WORM" above + + # TRIUMF + # Seems dead: https://mxtoolbox.com/problem/blacklist/triumf + + # TRUNCATE + - truncate.gbudb.net + + # UCEPROTECT (level 1, 2, and 3) + - dnsbl-1.uceprotect.net + - dnsbl-2.uceprotect.net + - dnsbl-3.uceprotect.net + + # WOODY SMTP Blacklist + - blacklist.woody.ch + - ipv6.blacklist.woody.ch + + # WPBL + - db.wpbl.info + + # ZapBL + - dnsbl.zapbl.net From 1e2e11044888266d2ef7e28e834ad3e4e0783896 Mon Sep 17 00:00:00 2001 From: Dick Visser Date: Tue, 3 May 2022 12:42:06 +0200 Subject: [PATCH 4/5] remove dead blacklists --- mxtoolbox.blacklists.yml | 17 ++--------------- 1 file changed, 2 insertions(+), 15 deletions(-) diff --git a/mxtoolbox.blacklists.yml b/mxtoolbox.blacklists.yml index 8435640..aa88484 100644 --- a/mxtoolbox.blacklists.yml +++ b/mxtoolbox.blacklists.yml @@ -64,21 +64,8 @@ blacklists: # service seems dead: https://mxtoolbox.com/problem/blacklist/ibm-dns-blacklist # ICMFORBIDDEN - # http://sunsite.icm.edu.pl/spam/bh.html lists several other services? - - lists.dsbl.org - - multihop.dsbl.org - - inputs.orbz.org - - outputs.orbz.org - - relays.ordb.org - - relays.osirusoft.com - - outputs.relays.osirusoft.com - - spammers.v6net.org - - dev.null.dk - - orbs.dorkslayers.com - - xbl.selwerd.cx - - blackholes.five-ten-sg.com - - bl.spamcop.net - - forbidden.icm.edu.pl + # http://sunsite.icm.edu.pl/spam/bh.html lists several other services + # Most of them are ancient/offline # IMP SPAM & IMP WORM - dnsrbl.imp.ch From c5f2d73baeae6dc8afd8994e9e2d062c1554e2e9 Mon Sep 17 00:00:00 2001 From: Dick Visser Date: Tue, 3 May 2022 12:59:28 +0200 Subject: [PATCH 5/5] docs --- README.md | 100 ++++++++++++++++++++++++++++++++++++++- mxtoolbox.blacklists.txt | 1 + 2 files changed, 99 insertions(+), 2 deletions(-) create mode 100644 mxtoolbox.blacklists.txt diff --git a/README.md b/README.md index 0932840..fc81017 100644 --- a/README.md +++ b/README.md @@ -13,8 +13,7 @@ Nagios or Icinga, Python3 with the following modules: ## Usage ```lang-none -$ ./check_dnsbl.py --help -usage: check_dnsbl.py [-h] --host HOST [--warn WARN] [--crit CRIT] [--providers PROVIDERS] +usage: check_dnsbl.py [-h] --host HOST [--warn WARN] [--crit CRIT] [--providers PROVIDERS] [--verbose] Check if a hostname/IP address appears in DNS based blacklists @@ -23,4 +22,101 @@ optional arguments: --host HOST the IP/host to check --warn WARN, -w WARN WARN when host appears in this many blacklists. Defaults to 1 --crit CRIT, -c CRIT CRIT when host appears in this many blacklists. Defaults to 2 + --providers PROVIDERS, --blacklists PROVIDERS + Comma or space separated list of DNS blacklist provider hostnames. Defaults to: all.s5h.net, aspews.ext.sorbs.net, + b.barracudacentral.org, bl.nordspam.com, bl.spamcop.net, blackholes.five-ten-sg.com, blacklist.woody.ch, bogons.cymru.com, + cbl.abuseat.org, combined.abuse.ch, combined.rbl.msrbl.net, db.wpbl.info, dnsbl-2.uceprotect.net, dnsbl-3.uceprotect.net, + dnsbl.cyberlogic.net, dnsbl.dronebl.org, dnsbl.sorbs.net, drone.abuse.ch, dul.ru, dyna.spamrats.com, images.rbl.msrbl.net, + ips.backscatterer.org, ix.dnsbl.manitu.net, korea.services.net, matrix.spfbl.net, noptr.spamrats.com, + phishing.rbl.msrbl.net, proxy.bl.gweep.ca, proxy.block.transip.nl, psbl.surriel.com, rbl.interserver.net, + relays.bl.gweep.ca, relays.bl.kundenserver.de, relays.nether.net, residential.block.transip.nl, singular.ttk.pte.hu, + spam.dnsbl.sorbs.net, spam.rbl.msrbl.net, spam.spamrats.com, spambot.bls.digibase.ca, spamlist.or.kr, spamrbl.imp.ch, + spamsources.fabel.dk, ubl.lashback.com, virbl.bit.nl, virus.rbl.msrbl.net, virus.rbl.jp, wormrbl.imp.ch, z.mailspike.net, + zen.spamhaus.org. + --verbose, -v Show verbose output +``` + +## Examples + + +```sh +# Default with just a host +./check_dnsbl.py --host de-smtp-1.mimecast.com +OK: None of de-smtp-1.mimecast.com's IP addresses (62.140.10.21, 51.163.159.21) appear on a blacklist +``` + +```sh +# Verbose, will list the used blacklists +./check_dnsbl.py --host de-smtp-1.mimecast.com --verbose +OK: None of de-smtp-1.mimecast.com's IP addresses (62.140.10.21, 51.163.159.21) appear on a blacklist +Blacklists used: + +all.s5h.net +aspews.ext.sorbs.net +b.barracudacentral.org +bl.nordspam.com +bl.spamcop.net +blackholes.five-ten-sg.com +blacklist.woody.ch +bogons.cymru.com +cbl.abuseat.org +combined.abuse.ch +combined.rbl.msrbl.net +db.wpbl.info +dnsbl-2.uceprotect.net +dnsbl-3.uceprotect.net +dnsbl.cyberlogic.net +dnsbl.dronebl.org +dnsbl.sorbs.net +drone.abuse.ch +dul.ru +dyna.spamrats.com +images.rbl.msrbl.net +ips.backscatterer.org +ix.dnsbl.manitu.net +korea.services.net +matrix.spfbl.net +noptr.spamrats.com +phishing.rbl.msrbl.net +proxy.bl.gweep.ca +proxy.block.transip.nl +psbl.surriel.com +rbl.interserver.net +relays.bl.gweep.ca +relays.bl.kundenserver.de +relays.nether.net +residential.block.transip.nl +singular.ttk.pte.hu +spam.dnsbl.sorbs.net +spam.rbl.msrbl.net +spam.spamrats.com +spambot.bls.digibase.ca +spamlist.or.kr +spamrbl.imp.ch +spamsources.fabel.dk +ubl.lashback.com +virbl.bit.nl +virus.rbl.msrbl.net +virus.rbl.jp +wormrbl.imp.ch +z.mailspike.net +zen.spamhaus.org +``` + +```sh +# Use custom blacklists +/check_dnsbl.py --host de-smtp-1.mimecast.com --blacklists zen.spamhaus.org,proxy.block.transip.nl -v +OK: None of de-smtp-1.mimecast.com's IP addresses (62.140.10.21, 51.163.159.21) appear on a blacklist +Blacklists used: + +zen.spamhaus.org +proxy.block.transip.nl +``` + + +```sh +# Approximation of the blacklists that are used by mxtoolbox.com +# See 'mxtoolbox.blacklists.txt' +./check_dnsbl.py --host outbound2.mail.transip.nl --blacklists 'bl.0spam.org rbl.abuse.ro spam.dnsbl.anonmails.de ips.backscatterer.org b.barracudacentral.org bl.blocklist.de dnsbl.calivent.com.pe v4.fullbogons.cymru.com v6.fullbogons.cymru.com tor.dan.me.uk torexit.dan.me.uk bl.drmx.org dnsbl.dronebl.org spamsources.fabel.dk hostkarma.junkemailfilter.com dnsrbl.imp.ch spamrbl.imp.ch wormrbl.imp.ch uribl.swinog.ch rblspamassassin.interserver.net rbl.interserver.net mail-abuse.blacklist.jippg.org dnsbl.kempt.net ubl.unsubscore.com bl.mailspike.net phishing.rbl.msrbl.net spam.rbl.msrbl.net ix.dnsbl.manitu.net bl.nordspam.com bl.nosolicitado.org psbl.surriel.com all.spamrats.com all.s5h.net rbl.schulte.org backscatter.spameatingmonkey.net bl.spameatingmonkey.net korea.services.net spam.dnsbl.sorbs.net dnsbl.sorbs.net bl.ipv6.spameatingmonkey.net bl.spamcop.net zen.spamhaus.org dnsbl.spfbl.net bl.suomispam.net truncate.gbudb.net dnsbl-1.uceprotect.net dnsbl-2.uceprotect.net dnsbl-3.uceprotect.net blacklist.woody.ch ipv6.blacklist.woody.ch db.wpbl.info dnsbl.zapbl.net' +WARNING: outbound2.mail.transip.nl's IP address 149.210.149.73 appears in 1 blacklist: hostkarma.junkemailfilter.com ``` diff --git a/mxtoolbox.blacklists.txt b/mxtoolbox.blacklists.txt new file mode 100644 index 0000000..bf5575b --- /dev/null +++ b/mxtoolbox.blacklists.txt @@ -0,0 +1 @@ +bl.0spam.org rbl.abuse.ro spam.dnsbl.anonmails.de ips.backscatterer.org b.barracudacentral.org bl.blocklist.de dnsbl.calivent.com.pe v4.fullbogons.cymru.com v6.fullbogons.cymru.com tor.dan.me.uk torexit.dan.me.uk bl.drmx.org dnsbl.dronebl.org spamsources.fabel.dk hostkarma.junkemailfilter.com dnsrbl.imp.ch spamrbl.imp.ch wormrbl.imp.ch uribl.swinog.ch rblspamassassin.interserver.net rbl.interserver.net mail-abuse.blacklist.jippg.org dnsbl.kempt.net ubl.unsubscore.com bl.mailspike.net phishing.rbl.msrbl.net spam.rbl.msrbl.net ix.dnsbl.manitu.net bl.nordspam.com bl.nosolicitado.org psbl.surriel.com all.spamrats.com all.s5h.net rbl.schulte.org backscatter.spameatingmonkey.net bl.spameatingmonkey.net korea.services.net spam.dnsbl.sorbs.net dnsbl.sorbs.net bl.ipv6.spameatingmonkey.net bl.spamcop.net zen.spamhaus.org dnsbl.spfbl.net bl.suomispam.net truncate.gbudb.net dnsbl-1.uceprotect.net dnsbl-2.uceprotect.net dnsbl-3.uceprotect.net blacklist.woody.ch ipv6.blacklist.woody.ch db.wpbl.info dnsbl.zapbl.net \ No newline at end of file