Port25 Support Forum

Please login or register.

Login with username, password and session length
Advanced search  

News:

==Announcing==
PowerMTA Management Console v1.0r17
PowerMTA v4.0r17 (with OpenSSL 1.0.1h)

Pages: [1] 2 3 ... 5

Author Topic: IP Blacklist Monitoring  (Read 39964 times)

VIN786

  • Full Member
  • ***
  • Karma: +2/-6
  • Posts: 228
IP Blacklist Monitoring
« on: February 22, 2011, 03:20:32 PM »

Is anyone using a script that monitors your IP's on several different black lists?
I am looking for a script or a good service provider.
Logged

Teneo

  • Sr. Member
  • ****
  • Karma: +9/-3
  • Posts: 267
    • Teneo ESP Services
Re: IP Blacklist Monitoring
« Reply #1 on: February 23, 2011, 09:40:35 PM »

We have an inhouse built solution that checks our IP's constantly.
It is however easy to build yourself by performing inverse IP lookups

Eg : if you want to test if the IP address 81.82.83.84 is on the Barracuda blacklist you can do a DNS lookup on

nslookup  84.83.82.81.b.barracudacentral.org

If it exists you're blacklisted  8)
Logged

nickphx

  • Full Member
  • ***
  • Karma: +3/-2
  • Posts: 161
Re: IP Blacklist Monitoring
« Reply #2 on: February 24, 2011, 12:15:23 AM »

I put something together that pulls a senderscore and checks against other blocklists.
Logged

VIN786

  • Full Member
  • ***
  • Karma: +2/-6
  • Posts: 228
Re: IP Blacklist Monitoring
« Reply #3 on: February 24, 2011, 02:00:13 PM »

Interesting way of doing it and how does one get the senderscore?

If I do a [nslookup 84.83.82.81.pbl.spamhaus.org], I don't find it listed, but if I go through their web interface
I see "84.83.82.81 is listed in the PBL, in the following records: ---PBL178673"

Try http://www.spamhaus.org/lookup.lasso see what you find out.

I would love to setup an automated process of checking against known blacklists/blocklists and create some kind of a process which would alert me when an IP got listed for blocks.

Where do I get a list of known (probably over a 100) blocklists/blacklists?

If I am able to setup something correctly, I will share it with all.
Logged

bidorbuy

  • Newbie
  • *
  • Karma: +1/-1
  • Posts: 6
Re: IP Blacklist Monitoring
« Reply #4 on: February 24, 2011, 02:10:17 PM »

Logged

ITSyncForce

  • Newbie
  • *
  • Karma: +0/-3
  • Posts: 6
Re: IP Blacklist Monitoring
« Reply #5 on: February 24, 2011, 02:32:19 PM »

We use dnsstuff.com.

10 ip addresses is $224, 25 ip addresses is $410 a year. They check around 70 blocklists 24/7.

For that kind of money we are not building and updating a tool

Works perfect. Once on a list you get a mail from them. We had 1 or 2 incidents the last couple of years and where able to get unlisted within a couple of hours after receiving the mails.
Logged

VIN786

  • Full Member
  • ***
  • Karma: +2/-6
  • Posts: 228
Re: IP Blacklist Monitoring
« Reply #6 on: February 24, 2011, 02:39:26 PM »

Logged

Teneo

  • Sr. Member
  • ****
  • Karma: +9/-3
  • Posts: 267
    • Teneo ESP Services
Re: IP Blacklist Monitoring
« Reply #7 on: February 25, 2011, 08:48:47 AM »

We Pull all SenderScore data on all our IP adressess multiple times per day via reverse lookups.
Including : SPAM Trap hits, SenderScore, Volume Score, Unknown Userscore , Complaintscore, Filterscore

Plus we monitor the following blacklists 24/7 :



b.barracudacentral.org
bl.spamcannibal.org
blacklist.woody.ch
cdl.anti-spam.org.cn
db.wpbl.info
dnsbl.inps.de
drone.abuse.ch
dul.dnsbl.sorbs.net
dynip.rothen.com
images.rbl.msrbl.net
korea.services.net
ohps.dnsbl.net.au
osps.dnsbl.net.au
owps.dnsbl.net.au
probes.dnsbl.net.au
psbl.surriel.com
relays.bl.gweep.ca
residential.block.transip.nl
sbl.spamhaus.org
socks.dnsbl.sorbs.net
spam.rbl.msrbl.net
spamrbl.imp.ch
tor.dnsbl.sectoor.de
ubl.unsubscore.com
virus.rbl.msrbl.net
xbl.spamhaus.org
bl.deadbeef.com
bl.spamcop.net
bogons.cymru.com
combined.abuse.ch
dnsbl.ahbl.org
dnsbl.njabl.org
drone.abuse.ch
dul.ru
fl.chickenboner.biz
ips.backscatterer.org
misc.dnsbl.sorbs.net
omrs.dnsbl.net.au
osrs.dnsbl.net.au
pbl.spamhaus.org
proxy.bl.gweep.ca
rbl.interserver.net
relays.bl.kundenserver.de
ricn.dnsbl.net.au
short.rbl.jp
spam.abuse.ch
spam.spamrats.com
t3direct.dnsbl.net.au
torserver.tor.dnsbl.sectoor.de
virbl.bit.nl
web.dnsbl.sorbs.net
zen.spamhaus.org
bl.emailbasura.org
blackholes.five-ten-sg.com
cbl.abuseat.org
combined.rbl.msrbl.net
dnsbl.cyberlogic.net
dnsbl.sorbs.net
duinv.aupads.org
dyna.spamrats.com
http.dnsbl.sorbs.net
ix.dnsbl.manitu.net
noptr.spamrats.com
orvedb.aupads.org
owfs.dnsbl.net.au
phishing.rbl.msrbl.net
proxy.block.transip.nl
rdts.dnsbl.net.au
relays.nether.net
rmst.dnsbl.net.au
smtp.dnsbl.sorbs.net
spam.dnsbl.sorbs.net
spamlist.or.kr
tor.ahbl.org
ubl.lashback.com
virus.rbl.jp
wormrbl.imp.ch
zombie.dnsbl.sorbs.net
Logged

VIN786

  • Full Member
  • ***
  • Karma: +2/-6
  • Posts: 228
Re: IP Blacklist Monitoring
« Reply #8 on: February 25, 2011, 02:00:38 PM »

That's a good list. Thank you and I think I will setup a batch process to check these lists.

But I am not sure how you get the following:
SPAM Trap hits, SenderScore, Volume Score, Unknown Userscore , Complaintscore, Filterscore
Logged

ddejacomo

  • Newbie
  • *
  • Karma: +0/-4
  • Posts: 5
Re: IP Blacklist Monitoring
« Reply #9 on: March 03, 2011, 06:58:23 PM »

I don't know how to query SPAM trap hits against sender score but here are the rbl hosts for the others.
score.senderscore.com   - sender score
cmplt.rating.senderscore.com - complaint score
vol.rating.senderscore.com - volume score
uus.rating.senderscore.com - unknown user score
filtered.rating.senderscore.com - filtered score

Query them just like any other RBL (convert ip address to apra) and the last octect is the score value
Example:
if your ip is 1.2.3.4

nslookup 4.3.2.1.score.senderscore.com

Name:   4.3.2.1.score.senderscore.com
Address: 127.0.4.90

In this case your score would be 90.

Logged

VIN786

  • Full Member
  • ***
  • Karma: +2/-6
  • Posts: 228
Re: IP Blacklist Monitoring
« Reply #10 on: March 03, 2011, 08:34:09 PM »

Thanks that helps a lot.
I will add this too as a batch file.
My current batch file takes quite a while to query the lists, is there any faster script than the kind of dos batch file I run?
Logged

nickphx

  • Full Member
  • ***
  • Karma: +3/-2
  • Posts: 161
Re: IP Blacklist Monitoring
« Reply #11 on: March 03, 2011, 09:28:14 PM »

You could put something together with perl and Net::DNS , or perl and Mail::RBL..

http://search.cpan.org/~luismunoz/Mail-RBL-1.10/RBL.pm
Logged

ddejacomo

  • Newbie
  • *
  • Karma: +0/-4
  • Posts: 5
Re: IP Blacklist Monitoring
« Reply #12 on: March 04, 2011, 12:23:19 AM »

If you're a windows shop I wrote a quick powershell script a bit ago.  It uses the .Net call GetHostAddresses which is pretty quick for me.
It currently writes out the data to a csv file, mostly because I'm a little new to the mailing game and wasn't really sure what I wanted to alert on, and it's convenient for pulling into excel to draw pretty graphs or manipulate in powershell.  
It could be very easily modified to alert when certain thresholds are reached or log to sql instead of a csv.  
I also think it should work with other non-senderscore RBL's but I haven't tried that yet, with that nice list that Teneo has provided perhaps I'll take a look at doing that later.

Is posting code allowed on the forums here? If not post your email address on one of the non-public forums and I'll send it off to you.
Logged

VIN786

  • Full Member
  • ***
  • Karma: +2/-6
  • Posts: 228
Re: IP Blacklist Monitoring
« Reply #13 on: March 04, 2011, 03:39:34 PM »

Yes, a complete windows shop here.
Not sure if you can post your code here, but I would love to get your app, send it to me at vvvvv@hotmail.com.
Thanks
Logged

ddejacomo

  • Newbie
  • *
  • Karma: +0/-4
  • Posts: 5
Re: IP Blacklist Monitoring
« Reply #14 on: March 07, 2011, 11:03:15 PM »

msgs sent
Logged
Pages: [1] 2 3 ... 5