NerdVana

By Nerds, for Nerds

RBL Nagios script

Written by Eric Schwimmer

We send a lot of email, and consequently we have a lot of email servers. Occasionally, one of them will be accidentally marked as spam on one of the various DNS real-time blacklists (RBLs), which can cause email delivery problems for us. This nagios check will tell you if the host it is run on is listed in any of the major RBL servers:

#!/bin/bash

RBL_SERVERS=(
    'cbl.abuseat.org'
    'dnsbl.cyberlogic.net'
    'bl.deadbeef.com'
    'spamtrap.drbl.drand.net'
    'spamsources.fabel.dk'
    '0spam.fusionzero.com'
    'mail-abuse.blacklist.jippg.org'
    'korea.services.net'
    'spamguard.leadmon.net'
    'ix.dnsbl.manitu.net'
    'relays.nether.net'
    'no-more-funn.moensted.dk'
    'psbl.surriel.com'
    'dyna.spamrats.com'
    'noptr.spamrats.com'
    'spam.spamrats.com'
    'dnsbl.sorbs.net'
    'spam.dnsbl.sorbs.net'
    'bl.spamcannibal.org'
    'bl.spamcop.net'
    'pbl.spamhaus.org'
    'sbl.spamhaus.org'
    'xbl.spamhaus.org'
    'dnsbl-1.uceprotect.net'
    'dnsbl-2.uceprotect.net'
    'dnsbl-3.uceprotect.net'
    'db.wpbl.info'
    'access.redhawk.org'
    'blacklist.sci.kun.nl'
    'dnsbl.kempt.net'
    'dul.ru'
    'forbidden.icm.edu.pl'
    'hil.habeas.com'
    'rbl.schulte.org'
    'sbl-xbl.spamhaus.org'
)

RevIP() { local IFS; IFS=.; set -- $1; echo $4.$3.$2.$1; }
MY_IP=$(curl -s ifconfig.co)
REV_IP=$(RevIP $MY_IP)
HITS=$(
    printf '%s\n' "${RBL_SERVERS[@]}" |
    xargs -P0 -I{} dig +nocmd $REV_IP.{} a +noall +answer |
    sed "s/^$REV_IP\.\(\S\+\)\.\s.\+/\\1/"
)
[[ -z $HITS ]] && echo "OK: $MY_IP not listed in any RBL blacklists" && exit 0
echo -e "ERROR: $MY_IP found in one or more blacklists\n$HITS" && exit 2