On 13 Oct 2006, at 17:28, Ed Ravin wrote:
On Fri, Oct 13, 2006 at 10:28:06AM +0100, Tim Haynes wrote:
I've implemented an RBL monitor for work - checks to see if hosts are
listed in a blacklist, so I thought I'd contribute it back to mon -
see attached. (Work have approved its release under the GPL.)
Usage: rbl.monitor host [...host...]
Bugs: it would be more elegant if the list of RBL domains were a
parameter; as it is, it's obvious what to change in the script.
Thanks, I've wanted one of these for a while, can't wait to try it
out!
Looking over the code, I have a couple of questions - you don't
seem to
set server timeouts anywhere, what if a blacklist isn't responding?
Sometimes DNS queries can hang for 30 seconds or more, we don't want
that to bog down the monitoring script. Of course, that would
probably
require using Net::DNS and fine-tuning the lookups.
Hadn't occurred to me. Feel free :)
Have you seen the blacklist checker at: http://www.dnsstuff.com/
(center column, Spam database lookup)? I've been using that from
time to time to see if any of my mail servers are in the hall of
fame.
They check a whopping 271 blacklists, and we've found our servers
caught every now and then by some of the more obscure lists.
I've seen one or two such things - http://rbls.org/ etc. However, I
had two priorities when implementing this:
a) don't spam the entire net
b) some RBLs are irresponsible and just don't deserve to be taken
seriously. You could use one of these multiplexer services but then
having to filter false-positives... I was most interested in the top-
few that are most likely to be used in folks' MTA or SpamAssassin
configs.
I hope to try out your script in the next few days. I will probably
be unable to refrain from adding features to it - besides the
timeout stuff mentioned above, I'd like the option to load the
blacklists from an external file - no way to put 271 blacklists
on the command line or into the script!
I was already considering -s src [..-s src...] as one way to make
this more configurable; some kind of -f for a file containing source-
domains to check also makes sense. Feel free to enhance it by all
means :)
Cheers,
~Tim
--
Tim Haynes
OpenLink Software
http://www.openlinksw.com/
___
mon mailing list
mon@linux.kernel.org
http://linux.kernel.org/mailman/listinfo/mon