On 13 Oct 2006, at 17:28, Ed Ravin wrote: > On Fri, Oct 13, 2006 at 10:28:06AM +0100, Tim Haynes wrote: >> I've implemented an RBL monitor for work - checks to see if hosts are >> listed in a blacklist, so I thought I'd contribute it back to mon - >> see attached. (Work have approved its release under the GPL.) >> >> Usage: rbl.monitor host [...host...] >> >> Bugs: it would be more elegant if the list of RBL domains were a >> parameter; as it is, it's obvious what to change in the script. > > Thanks, I've wanted one of these for a while, can't wait to try it > out! > > Looking over the code, I have a couple of questions - you don't > seem to > set server timeouts anywhere, what if a blacklist isn't responding? > Sometimes DNS queries can hang for 30 seconds or more, we don't want > that to bog down the monitoring script. Of course, that would > probably > require using Net::DNS and fine-tuning the lookups.
Hadn't occurred to me. Feel free :) > Have you seen the blacklist checker at: http://www.dnsstuff.com/ > (center column, "Spam database lookup")? I've been using that from > time to time to see if any of my mail servers are in the "hall of > fame". > They check a whopping 271 blacklists, and we've found our servers > caught every now and then by some of the more obscure lists. I've seen one or two such things - http://rbls.org/ etc. However, I had two priorities when implementing this: a) don't spam the entire net b) some RBLs are irresponsible and just don't deserve to be taken seriously. You could use one of these multiplexer services but then having to filter false-positives... I was most interested in the top- few that are most likely to be used in folks' MTA or SpamAssassin configs. > I hope to try out your script in the next few days. I will probably > be unable to refrain from adding features to it - besides the > timeout stuff mentioned above, I'd like the option to load the > blacklists from an external file - no way to put 271 blacklists > on the command line or into the script! I was already considering -s src [..-s src...] as one way to make this more configurable; some kind of -f for a file containing source- domains to check also makes sense. Feel free to enhance it by all means :) Cheers, ~Tim -- Tim Haynes OpenLink Software <http://www.openlinksw.com/> _______________________________________________ mon mailing list mon@linux.kernel.org http://linux.kernel.org/mailman/listinfo/mon
