Re: Contrib: RBL lookup monitor

[Ed Ravin]

On Fri, Oct 13, 2006 at 10:28:06AM +0100, Tim Haynes wrote:
 I've implemented an RBL monitor for work - checks to see if hosts are  
 listed in a blacklist, so I thought I'd contribute it back to mon -  
 see attached. (Work have approved its release under the GPL.)
 
 Usage: rbl.monitor host [...host...]
 
 Bugs: it would be more elegant if the list of RBL domains were a  
 parameter; as it is, it's obvious what to change in the script.

Thanks, I've wanted one of these for a while, can't wait to try it out!

Looking over the code, I have a couple of questions - you don't seem to
set server timeouts anywhere, what if a blacklist isn't responding?
Sometimes DNS queries can hang for 30 seconds or more, we don't want
that to bog down the monitoring script.  Of course, that would probably
require using Net::DNS and fine-tuning the lookups.

Have you seen the blacklist checker at: http://www.dnsstuff.com/
(center column, Spam database lookup)?  I've been using that from
time to time to see if any of my mail servers are in the hall of fame.
They check a whopping 271 blacklists, and we've found our servers
caught every now and then by some of the more obscure lists.

I hope to try out your script in the next few days.  I will probably
be unable to refrain from adding features to it - besides the
timeout stuff mentioned above, I'd like the option to load the
blacklists from an external file - no way to put 271 blacklists
on the command line or into the script!


-- Ed

___
mon mailing list
mon@linux.kernel.org
http://linux.kernel.org/mailman/listinfo/mon

Re: Contrib: RBL lookup monitor

[Tim Haynes]

On 13 Oct 2006, at 17:28, Ed Ravin wrote:

 On Fri, Oct 13, 2006 at 10:28:06AM +0100, Tim Haynes wrote:
 I've implemented an RBL monitor for work - checks to see if hosts are
 listed in a blacklist, so I thought I'd contribute it back to mon -
 see attached. (Work have approved its release under the GPL.)

 Usage: rbl.monitor host [...host...]

 Bugs: it would be more elegant if the list of RBL domains were a
 parameter; as it is, it's obvious what to change in the script.

 Thanks, I've wanted one of these for a while, can't wait to try it  
 out!

 Looking over the code, I have a couple of questions - you don't  
 seem to
 set server timeouts anywhere, what if a blacklist isn't responding?
 Sometimes DNS queries can hang for 30 seconds or more, we don't want
 that to bog down the monitoring script.  Of course, that would  
 probably
 require using Net::DNS and fine-tuning the lookups.

Hadn't occurred to me. Feel free :)

 Have you seen the blacklist checker at: http://www.dnsstuff.com/
 (center column, Spam database lookup)?  I've been using that from
 time to time to see if any of my mail servers are in the hall of  
 fame.
 They check a whopping 271 blacklists, and we've found our servers
 caught every now and then by some of the more obscure lists.

I've seen one or two such things - http://rbls.org/ etc. However, I  
had two priorities when implementing this:
a) don't spam the entire net
b) some RBLs are irresponsible and just don't deserve to be taken  
seriously. You could use one of these multiplexer services but then  
having to filter false-positives... I was most interested in the top- 
few that are most likely to be used in folks' MTA or SpamAssassin  
configs.

 I hope to try out your script in the next few days.  I will probably
 be unable to refrain from adding features to it - besides the
 timeout stuff mentioned above, I'd like the option to load the
 blacklists from an external file - no way to put 271 blacklists
 on the command line or into the script!

I was already considering  -s src [..-s src...] as one way to make  
this more configurable; some kind of -f for a file containing source- 
domains to check also makes sense. Feel free to enhance it by all  
means :)

Cheers,

~Tim
-- 
Tim Haynes
OpenLink Software
http://www.openlinksw.com/


___
mon mailing list
mon@linux.kernel.org
http://linux.kernel.org/mailman/listinfo/mon