PowerMTA Support Forum

Please login or register.

Login with username, password and session length
Advanced search  

News:

PowerMTA 5.5r1 is out!!!!  Please contact support@port25.com for a license and download access.

Pages: 1 [2] 3 4 5

Author Topic: IP Blacklist Monitoring  (Read 362618 times)

VIN786

  • Full Member
  • ***
  • Karma: +4/-12
  • Posts: 236
Re: IP Blacklist Monitoring
« Reply #15 on: March 14, 2011, 01:44:11 PM »

If you're a windows shop I wrote a quick powershell script a bit ago.  It uses the .Net call GetHostAddresses which is pretty quick for me.
It currently writes out the data to a csv file, mostly because I'm a little new to the mailing game and wasn't really sure what I wanted to alert on, and it's convenient for pulling into excel to draw pretty graphs or manipulate in powershell.  
It could be very easily modified to alert when certain thresholds are reached or log to sql instead of a csv.  
I also think it should work with other non-senderscore RBL's but I haven't tried that yet, with that nice list that Teneo has provided perhaps I'll take a look at doing that later.

Is posting code allowed on the forums here? If not post your email address on one of the non-public forums and I'll send it off to you.

Great coding, thanks a bunch for your help.
Logged

VIN786

  • Full Member
  • ***
  • Karma: +4/-12
  • Posts: 236
Re: IP Blacklist Monitoring
« Reply #16 on: March 30, 2011, 10:48:07 AM »

I don't know how to query SPAM trap hits against sender score but here are the rbl hosts for the others.
score.senderscore.com   - sender score
cmplt.rating.senderscore.com - complaint score
vol.rating.senderscore.com - volume score
uus.rating.senderscore.com - unknown user score
filtered.rating.senderscore.com - filtered score

Query them just like any other RBL (convert ip address to apra) and the last octect is the score value
Example:
if your ip is 1.2.3.4

nslookup 4.3.2.1.score.senderscore.com

Name:   4.3.2.1.score.senderscore.com
Address: 127.0.4.90

In this case your score would be 90.



Still trying to figure out how to get SPAM trap hits against sender score
Logged

ddejacomo

  • Newbie
  • *
  • Karma: +0/-11
  • Posts: 5
Re: IP Blacklist Monitoring
« Reply #17 on: March 30, 2011, 04:27:58 PM »

Agreed.
Teneo, if you could share how you're getting spam trap hits via dns lookups that would be awesome.  I can't seem to find that info anywhere.
Logged

lcsunshine

  • Newbie
  • *
  • Karma: +0/-10
  • Posts: 7
    • L&C Sunshine Technology Services
Re: IP Blacklist Monitoring
« Reply #18 on: April 08, 2011, 03:37:46 PM »

I wrote 3 scripts in php that require your server have pear dnsbl installed.

Scripts 1 & 2 allow manual entry (ie. script one single ip, script 2 up to 10 ips) Script 3 pulls from a txt file and displays results in green or red; if red has url with pre-filled in ip address to mxtoolbox(for now) so you can see which SBL's you are listed on. Works great. I'm just working on a email component of it. I'm going to offer it on my web site for free once I finish it. Unless someone here is a php developer and can help me out. Message me if this is the case. I just know I am tired of over priced monitoring services and I'm an opensource guy my self.
Logged

VIN786

  • Full Member
  • ***
  • Karma: +4/-12
  • Posts: 236
Re: IP Blacklist Monitoring
« Reply #19 on: April 08, 2011, 05:00:00 PM »

I wrote 3 scripts in php that require your server have pear dnsbl installed.

Scripts 1 & 2 allow manual entry (ie. script one single ip, script 2 up to 10 ips) Script 3 pulls from a txt file and displays results in green or red; if red has url with pre-filled in ip address to mxtoolbox(for now) so you can see which SBL's you are listed on. Works great. I'm just working on a email component of it. I'm going to offer it on my web site for free once I finish it. Unless someone here is a php developer and can help me out. Message me if this is the case. I just know I am tired of over priced monitoring services and I'm an opensource guy my self.

I would love to see your scripts, but not sure I can add to it, since I am not much of a php developer.
What's your website?
Logged

lcsunshine

  • Newbie
  • *
  • Karma: +0/-10
  • Posts: 7
    • L&C Sunshine Technology Services
Re: IP Blacklist Monitoring
« Reply #20 on: April 09, 2011, 03:29:14 AM »

check it out here: http://bit.ly/h2Fz29

I am looking to add a email component to it so it will send you a email notification. Still work in progress but it gets the job done.
Logged

nickphx

  • Full Member
  • ***
  • Karma: +5/-5
  • Posts: 161
Re: IP Blacklist Monitoring
« Reply #21 on: April 09, 2011, 06:26:30 PM »

i put together a simple dnsbl check today.. this is only really good for checking 10-20 ips..
i have another command line script that does parallel dns lookups to handle more than 100 ips in a more efficient manner..

demo: http://mb.clickstank.com/dnsbl/

Code: [Select]
<?
ob_implicit_flush(true);

if (!$_POST) {
print "<form method=post action=index.php>";
print "dnsbl lookup. <br> paste ips below, separated by newline.<br>";
print "<textarea name=ips cols=20 rows=10></textarea>";
print "<br><input type=submit value=lookup>";
} else {
$bl_arr = file('/var/www/html/dnsbl/dnsbls.txt', FILE_IGNORE_NEW_LINES);
$ip_arr = explode("\n",$_POST['ips']);
  ob_start();
print "Starting lookup of " . count($ip_arr) . " IPs against " . count($bl_arr) . " blocklists<br>";
ob_flush();
flush();
print "<table border=0><tbody><tr style='background-color: rgb(205,201,201)'><td>IP</td><td>Blocklist</td><td>Status</td></tr>";
ob_flush();
flush();

foreach ($ip_arr as $ip) {
$rev_ip = implode(array_reverse(explode('.',$ip)), '.');
foreach ($bl_arr as $black_list) {
$resp = (gethostbynamel($rev_ip . '.' . $black_list));
if (!empty($resp)) {
print "<tr><td>$ip</td><td>$black_list</td><td style='background-color: rgb(255,0,0)'>LISTED</td></tr>";
ob_flush();
flush();
} else {
print "<tr><td>$ip</td><td>$black_list</td><td style='background-color: rgb(0,255,0)'>GOOD</td></tr>";
ob_flush();
flush();
}
}
}
print "</tbody></table>";
ob_flush();
flush();
}

?>



contents of dnsbls.txt
Code: [Select]
bl.deadbeef.com
bl.emailbasura.org
bl.spamcop.net
blackholes.five-ten-sg.com
blacklist.woody.ch
bogons.cymru.com
cbl.abuseat.org
cdl.anti-spam.org.cn
combined.abuse.ch
combined.rbl.msrbl.net
db.wpbl.info
dnsbl-1.uceprotect.net
dnsbl-2.uceprotect.net
dnsbl-3.uceprotect.net
dnsbl.abuse.ch
dnsbl.ahbl.org
dnsbl.cyberlogic.net
dnsbl.inps.de
dnsbl.njabl.org
dnsbl.sorbs.net
drone.abuse.ch
duinv.aupads.org
dul.dnsbl.sorbs.net
dul.ru
dyna.spamrats.com
dynip.rothen.com
fl.chickenboner.biz
http.dnsbl.sorbs.net
images.rbl.msrbl.net
ips.backscatterer.org
ix.dnsbl.manitu.net
korea.services.net
misc.dnsbl.sorbs.net
noptr.spamrats.com
ohps.dnsbl.net.au
omrs.dnsbl.net.au
orvedb.aupads.org
osps.dnsbl.net.au
osrs.dnsbl.net.au
owfs.dnsbl.net.au
owps.dnsbl.net.au
pbl.spamhaus.org
phishing.rbl.msrbl.net
probes.dnsbl.net.au
proxy.bl.gweep.ca
proxy.block.transip.nl
psbl.surriel.com
rbl.interserver.net
rdts.dnsbl.net.au
relays.bl.gweep.ca
relays.bl.kundenserver.de
relays.nether.net
residential.block.transip.nl
ricn.dnsbl.net.au
rmst.dnsbl.net.au
sbl.spamhaus.org
short.rbl.jp
smtp.dnsbl.sorbs.net
socks.dnsbl.sorbs.net
spam.dnsbl.sorbs.net
spam.rbl.msrbl.net
spam.spamrats.com
spamlist.or.kr
spamrbl.imp.ch
t3direct.dnsbl.net.au
tor.ahbl.org
tor.dnsbl.sectoor.de
torserver.tor.dnsbl.sectoor.de
ubl.lashback.com
ubl.unsubscore.com
virbl.bit.nl
virus.rbl.jp
virus.rbl.msrbl.net
web.dnsbl.sorbs.net
wormrbl.imp.ch
xbl.spamhaus.org
zen.spamhaus.org


Logged

lcsunshine

  • Newbie
  • *
  • Karma: +0/-10
  • Posts: 7
    • L&C Sunshine Technology Services
Re: IP Blacklist Monitoring
« Reply #22 on: April 10, 2011, 03:31:25 AM »

I just checked a IP I know is listed in Sorbs and Barracuda and it show'd good. Then I ran it again and it showed the listings. Really weird. You should look into using Pear DNSBL in conjunction with your PHP code. This way you don't to worry about interpreting the response codes, and it waits for the response with code before reporting back just incase of DNS time out.

http://pear.php.net/package/Services_Trackback/docs/latest/Trackback/_Services_Trackback-0.6.2---Services---Trackback---SpamCheck---DNSBL.php.html

This is the script I wrote using Pear DNSBL.

check it out here: http://bit.ly/h2Fz29
Logged

ayates

  • Newbie
  • *
  • Karma: +1/-8
  • Posts: 8
Re: IP Blacklist Monitoring
« Reply #23 on: May 11, 2011, 10:25:59 AM »

I wrote a script a while back to notify me about blacklists or other smtp connection messages.  Really helpful for being notified about potential problems...

http://www.port25.com/forum/index.php?topic=529.msg1881#msg1881

Any questions please ask.

D.
Logged

Port25-Admin1

  • Administrator
  • Hero Member
  • *****
  • Karma: +49/-4
  • Posts: 2361
Re: IP Blacklist Monitoring
« Reply #24 on: May 11, 2011, 10:38:40 AM »

http://www.port25.com/forum/index.php?topic=529.msg1881#msg1881

Any questions please ask.

Can you address upclick-email on that post?  He posted a question 2 days ago.
Logged
Port25-Admin1
------------------
Try the following commands:
Quote
pmta show topdomains --errors
pmta show topqueues --errors
pmta --help

When PowerMTA won't start use:
Quote
pmtad --debug
When all else fails-->support@port25.com

dlthorpe

  • Jr. Member
  • **
  • Karma: +1/-17
  • Posts: 13
Re: IP Blacklist Monitoring
« Reply #25 on: May 11, 2011, 03:09:05 PM »

Done.
Logged

Port25-Admin1

  • Administrator
  • Hero Member
  • *****
  • Karma: +49/-4
  • Posts: 2361
Re: IP Blacklist Monitoring
« Reply #26 on: May 11, 2011, 03:10:22 PM »

Thanks!!
Logged
Port25-Admin1
------------------
Try the following commands:
Quote
pmta show topdomains --errors
pmta show topqueues --errors
pmta --help

When PowerMTA won't start use:
Quote
pmtad --debug
When all else fails-->support@port25.com

Martin Caine

  • Jr. Member
  • **
  • Karma: +4/-18
  • Posts: 21
    • My Personal Site
Re: IP Blacklist Monitoring
« Reply #27 on: June 22, 2011, 12:15:34 PM »

Still trying to figure out how to get SPAM trap hits against sender score

I'm not sure if you've managed to do this already, but I have a simple little script which logs into the senderscore website, queries each of our IPs and then downloads the data direct from the website. It's about as fast as performing the DNS lookups too. We do this once a day and save all the stats from the page. The script runs through a few full /24s in just a couple of minutes running the reports and grabbing the stats.
Logged
Email Systems Developer and Email Deliverability Specialist.

VIN786

  • Full Member
  • ***
  • Karma: +4/-12
  • Posts: 236
Re: IP Blacklist Monitoring
« Reply #28 on: June 22, 2011, 12:27:18 PM »

Still trying to figure out how to get SPAM trap hits against sender score

I'm not sure if you've managed to do this already, but I have a simple little script which logs into the senderscore website, queries each of our IPs and then downloads the data direct from the website. It's about as fast as performing the DNS lookups too. We do this once a day and save all the stats from the page. The script runs through a few full

It would be nice if you can share that script. I would be interested, please send to qazi dot viney at gmail
Logged

Tobias Herkula

  • Full Member
  • ***
  • Karma: +6/-14
  • Posts: 115
Re: IP Blacklist Monitoring
« Reply #29 on: July 16, 2011, 02:02:32 PM »

You can download all Data in you Account without Problems, there is a CSV File for Download just for this case, the only thing you have to do is, to automate the login process with curl and then download this file automatically. You could do this once per day and that is totally enough the score only changes once per day...

https://monitor.returnpath.net/rep/index.php?csv

^^ This is the deep link to Senderscore CSV File, you have to be logged in to you reputation monitor to use it...

If you can accomplish to login with curl, you should not have any issues with parsing a csv.
Logged
Pages: 1 [2] 3 4 5