egeland / nagios-rbl-check Goto Github PK

View Code? Open in Web Editor NEW

34.0 13.0 18.0 43 KB

Icinga/Nagios spam blacklist check, written in python

License: GNU General Public License v3.0

Python 100.00%

nagios-rbl-check's Introduction

Nagios RBL / DNSBL Check

A Python-based Nagios/Icinga plugin to check whether a host is listed on any known DNS-based spam blacklists.

Requirements

The plugin requires Python version 2.6 or higher. If you are using a system with more than one version of Python installed, edit the first line of the check_rbl.py script to point to the locally-installed version of Python you wish to use. On RHEL systems, for example, this might look like:

#! /usr/bin/env python26

The Python library for IPv4/IPv6 manipulation is required (included in Python 3.3 and later). You can install it using pip:

pip install ipaddress

Or download it using a package manager, it's usually referred as python-ipaddress

Usage

You can run the plugin using either a hostname (which will be resolved to an IP address) or an IP address:

./check_rbl.py -w <WARN level> -c <CRIT level> -h <hostname>
./check_rbl.py -w <WARN level> -c <CRIT level> -a <ipv4 address>
./check_rbl.py -w <WARN level> -c <CRIT level> -a <ipv6 address>

For example, to test whether hostname mail.google.com is listed on any known blacklist, with a Warning level of 1 blacklist and a Critical level of 3 blacklists, do:

./check_rbl.py -w 1 -c 3 -h mail.google.com

To test the plugin, check 127.0.0.2 or ::FFFF:7F00:2 which should always come back as "listed" on every known blacklist. For example:

./check_rbl.py -w 1 -c 3 -a 127.0.0.2
./check_rbl.py -w 1 -c 3 -a ::FFFF:7F00:2

Known Blacklists

A list of known blacklists included in the check_rbl.py script is located on this Wiki page:

https://github.com/egeland/nagios-rbl-check/wiki

If you know of other DNS-based blacklists that should be considered for inclusion, please open an "Enhancement" issue.

Contributors

Frode Egeland - https://github.com/egeland
Steve Jenkins - https://github.com/stevejenkins
Tim Stoop - https://github.com/timstoop
Guillaume Subiron - https://github.com/maethor

License

Licensed under the GPL v3. Enjoy.

nagios-rbl-check's People

Contributors

Stargazers

Watchers

Forkers

tfhartmann rulcsoft pavelchristof sysnove moarcode smashedr agroendijk hmoffatt skarlett xert tobox milekz ko5t1c acastroy anbucher

nagios-rbl-check's Issues

Using your code

Hey man,

Thanks for the code, works great! We're adding it to our package with nagios plugins and I modified it a bit so it also access IP addresses. And works as expected on Python 2.6, so changed that check as well. Of course you're free to incorporate our changes, but I'm afraid I had to add it by copy/pasting, so there's not a clean commit you can add.

You can find it here: https://github.com/kumina/nagios-plugins-kumina

Have fun!

bad.psky.me

Please add rbl list bad.psky.me
Thanks.

setDaemon is deprecated since python 3.10

Using

threading.Thread.__init__(self, daemon=True)

instead of

t.setDaemon(True)

seems to be the obvious fix.

hostkarma problem

Hi all.

One of our mail gates is listed on hostkarma.junkemailfilter.com. A dns query reports two results but pyhtons gethostbyname uses only one of them.

check result:
root@icinga:/tmp# /usr/lib/nagios/plugins/check_rbl.py -w1 -c1 -h 144.xx.xx.237
CRITICAL: 144.xx.xx.237 on 1 blacklist(s): hostkarma.junkemailfilter.com

manual dns lookup:
wartung@h2436360:~$ host 237.xx.xx.144.hostkarma.junkemailfilter.com
237.xx.xx.144.hostkarma.junkemailfilter.com has address 127.0.1.1
237.xx.xx.144.hostkarma.junkemailfilter.com has address 127.0.0.3

The 127.0.0.3 says we are yellow listed which means that we have no blacklist entry:
http://wiki.junkemailfilter.com/index.php/Spam_DNS_Lists#List_Logic

The 127.0.1.1 is experimental data as explained here:
http://wiki.junkemailfilter.com/index.php/Spam_DNS_Lists#Experimental_Return_Codes

My problem is that gethostbyname only uses one ip address and that you can't tell that 127.0.0.3 is a blacklist entry on hostkarma.

Greetings,
Steffen

DeprecationWarning: setDaemon() is deprecated, set the daemon attribute instead

When running nagios-rbl-check # ./check_rbl.py -h mx4 -w 0 -c 1
I get message:
...nagios-rbl-check/./check_rbl.py:271: DeprecationWarning: setDaemon() is deprecated, set the daemon attribute instead
t.setDaemon(True)

Repo is up to date

Please handle IPv6

Can you add support for IPv6 RBL lookups?

You would need to get the IPv6 address, expand it (put zeroes in place of any missing sections), and then reverse it digit by digit instead of section by section.

Server x thinks ip is on blacklist, Localhost and hostkarma.junkemail.com don't agree with Server x

Hi,
When I do a blacklist check on 109.71.52.93 from our server, this gives a warning. When I check it from my localhost, it doesn't give a warning. The check on Junkemail's site returns:

109.71.52.93 is Yellow listed - This is a good listing. It keeps you from being blacklisted. Yellow means that your IP contains no information as to whether or not it is spam. Yahoo, Google, and Hotmail are Yellow Listed.

Junkemail about 'Yellow listed'

A yellow listed server is a mail server that sends out some spam. These would be services like Yahoo, Hotmail, and ISPs who try to get rid of outgoing spam but can't catch it all. If you are yellow listed we will never black list you and we don't check other lists to see if you are blacklisted.

Any thoughts on this?

Add two new Blacklists

Hi,
Would it be possible to add the two blacklists to rbl-check?

http://www.anti-abuse.org
http://rbl-check.org

Thanks

missing DNSBL-s

hy!

these list are missing from the config:

McAfee Blacklist: cidr.bl.mcafee.com
abuse.ro : rbl.abuse.ro

BR,
Pigen

Add senderbase check (talosintelligence.com)

Would it be possible to add a senderbase check?
See here: https://www.talosintelligence.com/reputation_center

It is possible to do an online lookup but I'm not sure if the data is available for an automated check.
Thanks

Enable Travis tests

Would be cool to enable Travis testing for this project!

https://docs.travis-ci.com/user/getting-started/

@egeland: has to be enabled by you as the owner.

Add a debug or verbose option

Hello guys,

I would be very helpful to have a debug or verbose option to check which RBL's are timing out or not returning an answer at all.
This is needed when the plugin execution time exceeds the timeout for the command.

I will try to submit a pull request with this changes soon but I want to know if you think it's accepted or maybe there is a more simple way to get this info.

Regards

Travis Failing on Python 2.6

Looks like this commit 419b014 is causing the script to break on python 2.6 according to Travis.

The effected line is:

https://github.com/egeland/nagios-rbl-check/blob/master/check_rbl.py#L33

PS: I also already updated this for Python3 and managed to not break python 2.6:

https://github.com/smashedr/nagios-rbl-check3

Edit: actually, it looks like this does break Travis on python 2.6, seems I commented it out. If anyone can think of a fix that would be great. Otherwise, I can just comment out 2.6 from travis,.yml.

add SPFBL

What do you think about including dnsbl.spfbl.net in the list?
http://spfbl.net/en/dnsbl/

I don't know much about it except that it is included in some other checking services I tried this week (and my IPv6 address was listed).

egeland / nagios-rbl-check Goto Github PK

nagios-rbl-check's Introduction

Nagios RBL / DNSBL Check

Requirements

Usage

Known Blacklists

Contributors

License

nagios-rbl-check's People

Contributors

Stargazers

Watchers

Forkers

nagios-rbl-check's Issues

Recommend Projects

Recommend Topics

Recommend Org