Проект

Общее

Профиль

Wiki » BASH »

Проверка на присутствие в спам базах

#!/usr/bin/env bash

blacklist_servers_fast=(
zen.spamhaus.org dnsbl-0.uceprotect.net
dnsbl-1.uceprotect.net dnsbl-2.uceprotect.net
dnsbl-3.uceprotect.net bl.blocklist.de
)

blacklist_servers_full=(
${blacklist_servers_fast[@]}
0spam.fusionzero.com 0spam-killlist.fusionzero.com
0spamtrust.fusionzero.com 0spamurl.fusionzero.com
abuse.rfc-clueless.org access.redhawk.org
accredit.habeas.com all.dnsbl.bit.nl
all.rbl.jp all.s5h.net
all.spamrats.com aspews.ext.sorbs.net
backscatter.spameatingmonkey.net badconf.rhsbl.sorbs.net
badhost.stopspam.org badnets.spameatingmonkey.net
bad.psky.me b.barracudacentral.org bb.barracudacentral.org
bitonly.dnsbl.bit.nl blacklist.sci.kun.nl
bl.drmx.org bl.emailbasura.org
bl.konstant.no bl.mailspike.net
bl.mav.com.br bl.nszones.com
block.dnsbl.sorbs.net block.stopspam.org
bl.scientificspam.net bl.score.senderscore.com
bl.spamcannibal.org bl.spamcop.net
bl.spameatingmonkey.net bl.spamstinks.com
bl.suomispam.net bogons.cymru.com
bogusmx.rfc-clueless.org bsb.empty.us
bsb.spamlookup.net cbl.abuseat.org
cbl.anti-spam.org.cn cblless.anti-spam.org.cn
cblplus.anti-spam.org.cn cdl.anti-spam.org.cn
cidr.bl.mcafee.com cml.anti-spam.org.cn
combined.rbl.msrbl.net contacts.abuse.net
dnsbl.anticaptcha.net dnsbl.aspnet.hu
dnsblchile.org dnsbl.cobion.com
dnsbl.dronebl.org dnsbl.inps.de
dnsbl.justspam.org dnsbl.kempt.net
dnsbl.madavi.de dnsbl.net.ua
dnsbl.openresolvers.org dnsbl.othello.ch
dnsbl.proxybl.org dnsbl.rizon.net
dnsbl.rv-soft.info dnsbl.rymsho.ru
dnsbl.sorbs.net dnsbl.spam-champuru.livedoor.com
dnsbl.stopspam.org dnsbl.tornevall.org
dnsbl.webequipped.com dnsbl.zapbl.net
dnsrbl.org dnsrbl.swinog.ch
dnswl.inps.de dob.sibl.support-intelligence.net
dsn.rfc-clueless.org dul.dnsbl.sorbs.net
dul.pacifier.net dyna.spamrats.com
dyndns.rbl.jp dynip.rothen.com
dyn.nszones.com elitist.rfc-clueless.org
escalations.dnsbl.sorbs.net eswlrev.dnsbl.rediris.es
ex.dnsbl.org exitnodes.tor.dnsbl.sectoor.de
feb.spamlab.com fnrbl.fast.net forbidden.icm.edu.pl
free.v4bl.org fresh10.spameatingmonkey.net
fresh15.spameatingmonkey.net fresh.spameatingmonkey.net
fulldom.rfc-clueless.org gl.suomispam.net
hil.habeas.com blacklist.woody.ch
http.dnsbl.sorbs.net hul.habeas.com
iadb2.isipp.com iadb.isipp.com
iddb.isipp.com images.rbl.msrbl.net
in.dnsbl.org ipbl.zeustracker.abuse.ch
ips.backscatterer.org ips.whitelisted.org
ip.v4bl.org ispmx.pofon.foobar.hu
ix.dnsbl.manitu.net korea.services.net
l1.apews.org l1.bbfh.ext.sorbs.net
l2.bbfh.ext.sorbs.net l3.bbfh.ext.sorbs.net
l4.bbfh.ext.sorbs.net list.anonwhois.net list.bbfh.org
list.blogspambl.com list.dnswl.org list.quorum.to
lookup.dnsbl.iip.lu mail-abuse.blacklist.jippg.org
misc.dnsbl.sorbs.net mtawlrev.dnsbl.rediris.es
netblockbl.spamgrouper.to netbl.spameatingmonkey.net
netscan.rbl.blockedservers.com new.spam.dnsbl.sorbs.net
nobl.junkemailfilter.com nomail.rhsbl.sorbs.net
no-more-funn.moensted.dk noptr.spamrats.com
old.spam.dnsbl.sorbs.net orvedb.aupads.org
phishing.rbl.msrbl.net db.wpbl.info
plus.bondedsender.org pofon.foobar.hu
postmaster.rfc-clueless.org problems.dnsbl.sorbs.net
proxies.dnsbl.sorbs.net psbl.surriel.com
public.sarbl.org query.bondedsender.org
rbl2.triumf.ca rbl.abuse.ro rbl.blockedservers.com
rbl.dns-servicios.com rbl.efnet.org rbl.efnetrbl.org
rbl.fasthosts.co.uk rbl.interserver.net
rbl.iprange.net rbl.lugh.ch
rbl.megarbl.net rbl.rbldns.ru
rbl.schulte.org rbl.spamlab.com
rbl.talkactive.net recent.spam.dnsbl.sorbs.net
relays.bl.kundenserver.de multi.surbl.org
relays.dnsbl.sorbs.net relays.nether.net
rep.mailspike.net reputation-domain.rbl.scrolloutf1.com
reputation-ip.rbl.scrolloutf1.com reputation-ns.rbl.scrolloutf1.com
rhsbl.rymsho.ru rhsbl.scientificspam.net
rhsbl.sorbs.net rhsbl.zapbl.net
rsbl.aupads.org sa-accredit.habeas.com
safe.dnsbl.sorbs.net sbl.nszones.com
service.mailblacklist.com whitelist.surriel.com
service.mailwhitelist.com short.rbl.jp singlebl.spamgrouper.com
singular.ttk.pte.hu smtp.dnsbl.sorbs.net
socks.dnsbl.sorbs.net sohul.habeas.com
spam.dnsbl.anonmails.de spam.dnsbl.sorbs.net
spamguard.leadmon.net spamlist.or.kr
spam.pedantic.org spam.rbl.blockedservers.com
spamrbl.imp.ch spam.rbl.msrbl.net
spamsources.fabel.dk spam.spamrats.com
srn.surgate.net st.technovision.dk
tor.dan.me.uk tor.dnsbl.sectoor.de
tor.efnet.org torexit.dan.me.uk
truncate.gbudb.net trusted.nether.net
ubl.nszones.com ubl.unsubscore.com
unsure.nether.net uribl.abuse.ro
uri.blacklist.woody.ch uribl.pofon.foobar.hu
uribl.spameatingmonkey.net uribl.swinog.ch
uribl.zeustracker.abuse.ch urired.spameatingmonkey.net
url.rbl.jp v4.fullbogons.cymru.com
virbl.dnsbl.bit.nl virus.rbl.jp
virus.rbl.msrbl.net vote.drbl.caravan.ru
vote.drbldf.dsbl.ru vote.drbl.gremlin.ru
wadb.isipp.com wbl.triumf.ca
web.dnsbl.sorbs.net zombie.dnsbl.sorbs.net
web.rbl.msrbl.net whitelist.sci.kun.nl
whois.rfc-clueless.org wl.mailspike.net
wl.nszones.com work.drbl.caravan.ru
work.drbldf.dsbl.ru work.drbl.gremlin.ru
wormrbl.imp.ch z.mailspike.net
)
# Initialization
export action=$1
export ip=$2
# Use random DNS server, or use 4th arg as dns
DNS=(8.8.8.8 8.8.4.4)
num=$[$RANDOM%${#DNS[@]}]
export DNS=${4:-${DNS[$num]}}
a=$(echo $ip | cut -d'.' -f4) b=$(echo $ip | cut -d'.' -f3)
c=$(echo $ip | cut -d'.' -f2) d=$(echo $ip | cut -d'.' -f1)
export rev_ip="$a.$b.$c.$d"

WORK_DIR=/tmp/.zabbix.$(basename $0)/$ip/

mkdir -p $WORK_DIR

# 0 — server not in blacklist, 1 — if listened
in_blacklist(){
rev_ip=$1
blacklist_server=$2
ns_answer=$WORK_DIR/$rev_ip.$blacklist_server
host -W1 $rev_ip.$blacklist_server $DNS &> $ns_answer
echo $blacklist_server 0 > $ns_answer.status
grep 127.0.0.0 $ns_answer > /dev/null && return
grep 127. $ns_answer > /dev/null &&
echo $blacklist_server 1 > $ns_answer.status
}

get_alerted_blacklist_servers(){
for i in ${blacklist_servers[@]}; do
grep ' 1' $WORK_DIR/$rev_ip.$i.status | cut -d' ' -f1
done
}

cleanup_workdir(){ find $WORK_DIR/ -type f -delete; }

foreach(){ for i in $@; do echo $i; done }
DISCOVERY_STATUS=$WORK_DIR/.discovered

# General blacklists

if [ $action == "discovery" ]; then
mode=${3:-fast}
blacklist_servers=($(foreach ${blacklist_servers_fast[@]} | sort -u))

[ "$mode" == "full" ] &&
blacklist_servers=($(foreach ${blacklist_servers_full[@]} | sort -u))

cleanup_workdir
for blacklist_server in ${blacklist_servers[@]}; do
in_blacklist $rev_ip $blacklist_server &
done
wait

{
echo { \"data\":[
for i in $(get_alerted_blacklist_servers); do
echo {
echo \"{\#SERVER}\":\"$i\"
echo -n },
done
echo ]}
} | sed 's\},]\}]\g'
touch $DISCOVERY_STATUS
fi

if [ $action == "check" ]; then
    blacklist_server=$3
    in_blacklist $rev_ip $blacklist_server
    cut -d' ' -f2 $WORK_DIR/$rev_ip.$blacklist_server.status
fi

if [ $action == "stats" ]; then
    if [ -f $DISCOVERY_STATUS ]; then
        SUM=0
        for i in ${WORK_DIR}/${rev_ip}*.status; do
            [ -f "$i" ] && SUM=$[$SUM+$(grep -c ' 1' $i)]
        done
        echo $SUM
    fi
fi

# Score/Carma statuses
score_servers=(score.senderscore.com)

in_scoreserver(){
rev_ip=$1
score_server=$2
ns_answer=$WORK_DIR/$rev_ip.$score_server
host -W1 $1.$2 $DNS > $ns_answer
grep 'address 127' $ns_answer > $ns_answer.score &&
echo $score_server
}

get_answered_scoreservers(){
for i in ${score_servers[@]}; do
score_server=$i
in_scoreserver $rev_ip $score_server
done
}

if [ $action == "discovery_scores" ]; then
{
echo { \"data\":[
for i in $(get_answered_scoreservers); do
echo {
echo \"{\#SERVER}\":\"$i\"
echo -n },
done
echo ]}
} | sed 's\},]\}]\g'
fi

if [ $action == "check_score" ]; then
score_server=$3
ns_answer=$WORK_DIR/$1.$score_server
in_scoreserver $rev_ip $score_server > /dev/null
cut -d'.' -f4 $ns_answer.score
fi