Monitoramento De Ips Em Rbl

abobre · Março 14, 2013

Boa tarde pessoal,

Eu tenho um script desenvolvido em Perl que encontrei na internet para monitorar os nossos IPS nas RBLS, o script esta funcionando bem, porem gostaria de compartilhar com vocês esse script e sugerir algumas opções para uso, o que facilitaria o uso dele, sem interverção do usuários

Sugestões

Eu não entendo nada de Perl, se estiver falando besteira me descupem !

Seria ideal o script carregar uma lista de IPS apartir de um arquivo txt, exemplo meu_ips.txt
O script deve fazar a pesquisa do IP na RBL, caso encontre ele armazena isso, ou na memória, ou em arquivo txt e no termino da pesquisa ele envia um e-mail avisando os IPS que estãi listado nas RBLS, deve ser um e-mail só contendo um relatório, e caso seu IP esteja limpo nas RBLS, ele avisa via e-mail tambem !

Algum programador capacitado para implementar essas funções ?

#!/usr/bin/perl

# rbl.monitor - check RBL blacklists for an IP address.  Uses asynch I/O
# to send all the requests simultaneously

my $usage="\
Usage: rbl.monitor [options] hostname [...]

Options [and default values]:

    --listfile <list of RBL domains>                 [preset list, see script]
    --rbllist <comma separated list of RBL domains>
    --timeout  <master timeout>                      [60 seconds]
    --debug                                          [off]
";


use strict;

use Net::DNS;
use IO::Select;
use Getopt::Long;

my %opt;
GetOptions(\%opt,
        "listfile=s",
        "rbllist=s",
        "timeout=i",
        "debug",
) or die $usage;

my $listfile= $opt{listfile} || "";
my $rbllist= $opt{rbllist} || "";
my $selecttimeout = 5;
my $timeout= ($opt{timeout} || 60) + ($selecttimeout * 2);
my $debug= $opt{debug} || 0;


# Default RBLs to check - just a few of the lists most likely to block mail
# Sites with specific needs should customize via the command line
my @rbls2check=('b.barracudacentral.org', 'cbl.abuseat.org','dnsbl.invaluement.com','http.dnsbl.sorbs.net','misc.dnsbl.sorbs.net',
                'socks.dnsbl.sorbs.net','web.dnsbl.sorbs.net','dnsbl-1.uceprotect.net','dnsbl-3.uceprotect.net','sbl.spamhaus.org',
				'zen.spamhaus.org','psbl.surriel.com','dnsbl.njabl.org','rbl.spamlab.com','ircbl.ahbl.org','noptr.spamrats.com',
				'cbl.anti-spam.org.cn','dnsbl.inps.de','httpbl.abuse.ch','korea.services.net','virus.rbl.jp','wormrbl.imp.ch',
				'rbl.suresupport.com','ips.backscatterer.org','opm.tornevall.org','multi.surbl.org','tor.dan.me.uk',
				'relays.mail-abuse.org','rbl-plus.mail-abuse.org','access.redhawk.org','rbl.interserver.net', 'bogons.cymru.com',
				'bl.spamcop.net','dnsbl.sorbs.net','dul.dnsbl.sorbs.net','smtp.dnsbl.sorbs.net','spam.dnsbl.sorbs.net',
				'zombie.dnsbl.sorbs.net','dnsbl-2.uceprotect.net','pbl.spamhaus.org','xbl.spamhaus.org','bl.spamcannibal.org',
				'ubl.unsubscore.com','combined.njabl.org','dnsbl.ahbl.org','dyna.spamrats.com','spam.spamrats.com',
				'cdl.anti-spam.org.cn','drone.abuse.ch','dul.ru','short.rbl.jp','spamrbl.imp.ch','virbl.bit.nl',
				'dsn.rfc-ignorant.org','dsn.rfc-ignorant.org','netblock.pedantic.org','ix.dnsbl.manitu.net','rbl.efnetrbl.org',
				'blackholes.mail-abuse.org','dnsbl.dronebl.org','db.wpbl.info','query.senderbase.org','bl.emailbasura.org',
				'combined.rbl.msrbl.net','multi.uribl.com','black.uribl.com','cblless.anti-spam.org.cn',
				'cblplus.anti-spam.org.cn','blackholes.five-ten-sg.com','sorbs.dnsbl.net.au','rmst.dnsbl.net.au',
				'dnsbl.kempt.net','blacklist.woody.ch','rot.blackhole.cantv.net','virus.rbl.msrbl.net','phishing.rbl.msrbl.net',
				'images.rbl.msrbl.net','spam.rbl.msrbl.net','spamlist.or.kr','dnsbl.abuse.ch','bl.deadbeef.com','ricn.dnsbl.net.au',
				'forbidden.icm.edu.pl','probes.dnsbl.net.au','ubl.lashback.com','ksi.dnsbl.net.au','uribl.swinog.ch',
				'bsb.spamlookup.net','dob.sibl.support-intelligence.net','url.rbl.jp','dyndns.rbl.jp','omrs.dnsbl.net.au',
				'osrs.dnsbl.net.au','orvedb.aupads.org','relays.nether.net','relays.bl.gweep.ca','relays.bl.kundenserver.de',
				'dialups.mail-abuse.org','rdts.dnsbl.net.au','duinv.aupads.org','pool.dnsbl.solid.net','dynablock.sorbs.net',
				'residential.block.transip.nl','dynip.rothen.com','dul.blackhole.cantv.net','mail.people.it',
				'blacklist.sci.kun.nl','all.spamblock.unit.liu.se');

if ($listfile) {
        open(LIST, "< $listfile") ||
                die "$0: cannot open list file \"$listfile\": $!\n";
        @rbls2check= grep !/^\s*#/, <LIST>;
        @rbls2check= grep !/^\s*$/, @rbls2check;
        map {chomp} @rbls2check;
        close LIST;
        die "$0: no RBL names found in \"$listfile\"\n" unless @rbls2check;
}

if ($rbllist) {
        @rbls2check= split(',', $rbllist);
}

print "*** checking these RBLs:\n   " . join("\n   ", @rbls2check) . "\n"
        if $debug;

my (@summary, @detail);
my @sockets;


my $res  = Net::DNS::Resolver->new;
my $sel  = IO::Select->new();
my $starttime= time;

my %hostpart2host;

# gethostbyname is non-reentrant, so do all the queries up front
foreach my $host (@ARGV) {
        my $hostdata= gethostbyname($host);
        if (!defined($hostdata)) {
                push @summary, $host;
                push @detail, "$host: bad hostname";
                next;
        }
        my $hostpart= join(".", reverse(unpack("C4", $hostdata)));
        $hostpart2host{$hostpart}= $host;
}

# start all the queries
foreach my $hostpart (keys %hostpart2host) {
        foreach my $rbl (@rbls2check) {
                my $dnssock=  $res->bgsend(join(".", $hostpart, $rbl));
                push @sockets, $dnssock;
                $sel->add($dnssock);
        }
}

MAINLOOP:
while ($sel->handles > 0) {
        my @ready = $sel->can_read($selecttimeout);
        if ( (time - $starttime) > $timeout) { # waited too long?
                push @detail, "TIMEOUT: " . scalar($sel->handles) . " responses 
still pending";
                last MAINLOOP;
        }
        foreach my $sock (@ready) {
                my ($authority, $ipaddress, $hostpart, $host);
                my $packet = $res->bgread($sock);
                foreach my $rr ($packet->answer) {
                        if ($rr->type eq "A") {
                                $ipaddress= $rr->address;
                                $authority= $rr->name;
                                if ($authority=~ /^(\d+\.\d+\.\d+\.\d+)\./) {
                                        $hostpart= $1;
                                        $host= $hostpart2host{$hostpart};
                                } else { $host= "???" }
                                push @summary, $host
                                        unless grep /^$host$/, @summary;
                                push @detail, "$host: $authority: " . 
$rr->address;
                        }
                }
                $sel->remove($sock);
        }
}

print join(" ", (sort @summary)) if (@summary);
print "\n";

print join("\n", (sort @detail)), "\n"  if @detail;

chuvadenovembro · Março 14, 2013

Por curiosidade, do jeito que o script está, como ele funciona?

Que forma ele reporta o ip na blacklist?

Vi um tópico do Jaime aqui se oferecendo para varios serviços de programação, derrepente ele pode fazer esse serviço p/ você.

abobre · Março 14, 2013

Ele reporta da seguinte forma

root@srv [/scripts_andre/check-rbl]# perl rbl.pl 69.163.37.58
69.163.37.58
69.163.37.58: 58.37.163.69.dnsbl.sorbs.net: 127.0.0.10
69.163.37.58: 58.37.163.69.dul.dnsbl.sorbs.net: 127.0.0.10
69.163.37.58: 58.37.163.69.residential.block.transip.nl: 127.0.0.10
root@srv [/scripts_andre/check-rbl]#

Entrar

Monitoramento De Ips Em Rbl

Posts Recomendados

abobre

Link para o comentário

Compartilhar em outros sites

chuvadenovembro

Link para o comentário

Compartilhar em outros sites

abobre

Link para o comentário

Compartilhar em outros sites

Quem Está Navegando 0 membros estão online

Tópicos recentes

Browse

Informação Importante