check your ip list in blacklist

[golfreeze]

มี script check blacklist มาฝากสำหรับคนที่ดูแลระบบ เมล แล้วจะเชคว่า ip เครื่องเซิฟเวอร์ของตัวเองติด blacklist ของ RBL ที่ไหนหรือเปล่านะครับผม
Special thank to : http://daemonforums.org/showthread.php?t=302

ถ้าเชคแล้วมีคำตอบออกมาเป็น range ของช่วง 128.0.0.0/8 แสดงว่า ip ของคุณติด list RBL ของ RBL ที่เชคแล้วละครับ
ทำการแก้ไขต้นตอภายในเครื่องคุณซะ แล้วก็แจ้งปลดไปที่ RBL เจ้านั้นนะครับผม

 
$ for X in 24.209.96.220 124.160.89.56; do ./blcheck $X; done

IP 24.209.96.220 NAME cpe-24-209-96-220.woh.res.rr.com.
2007-06-17_01:18:29_UTC 220.96.209.24.cbl.abuseat.org.         127.0.0.2
2007-06-17_01:18:29_UTC 220.96.209.24.dnsbl.sorbs.net.         127.0.0.10
2007-06-17_01:18:30_UTC 220.96.209.24.bl.spamcop.net.          127.0.0.2
2007-06-17_01:18:30_UTC 220.96.209.24.zen.spamhaus.org.        127.0.0.11 127.0.0.4
2007-06-17_01:18:30_UTC 220.96.209.24.combined.njabl.org.      127.0.0.3
IP 124.160.89.56 NAME ---
2007-06-17_01:18:31_UTC 56.89.160.124.cbl.abuseat.org.         127.0.0.2
2007-06-17_01:18:31_UTC 56.89.160.124.dnsbl.sorbs.net.         ---
2007-06-17_01:18:31_UTC 56.89.160.124.bl.spamcop.net.          127.0.0.2
2007-06-17_01:18:31_UTC 56.89.160.124.zen.spamhaus.org.        127.0.0.11 127.0.0.4
2007-06-17_01:18:31_UTC 56.89.160.124.combined.njabl.org.      127.0.0.3

$ while true; do echo IP?; read IP; ./blcheck $IP; done

IP?
201.13.22.241
IP 201.13.22.241 NAME 201-13-22-241.dsl.telesp.net.br.
2007-06-17_23:12:10_UTC 241.22.13.201.cbl.abuseat.org.         127.0.0.2
2007-06-17_23:12:11_UTC 241.22.13.201.dnsbl.sorbs.net.         127.0.0.10
2007-06-17_23:12:11_UTC 241.22.13.201.bl.spamcop.net.          127.0.0.2
2007-06-17_23:12:11_UTC 241.22.13.201.zen.spamhaus.org.        127.0.0.11 127.0.0.4
2007-06-17_23:12:11_UTC 241.22.13.201.combined.njabl.org.      127.0.0.3

[golfreeze]

#!/bin/sh
# -- $Id: blcheck.xml,v 1.8 2007/06/17 23:38:00 j65nko Exp $ --

# Check if an IP address is listed on one of the following blacklists
# The format is chosen to make it easy to add or delete
# The shell will strip multiple whitespace

BLISTS="
    cbl.abuseat.org
    dnsbl.sorbs.net
    bl.spamcop.net
    zen.spamhaus.org
    combined.njabl.org
"

# simple shell function to show an error message and exit
#  $0  : the name of shell script, $1 is the string passed as argument
# >&2  : redirect/send the message to stderr

ERROR() {
  echo $0 ERROR: $1 >&2
  exit 2
}

# -- Sanity check on parameters
[ $# -ne 1 ] && ERROR 'Please specify a single IP address'

# -- if the address consists of 4 groups of minimal 1, maximal digits, separated by '.'
# -- reverse the order
# -- if the address does not match these criteria the variable 'reverse will be empty'

reverse=$(echo $1 |
  sed -ne "s~^\([0-9]\{1,3\}\)\.\([0-9]\{1,3\}\)\.\([0-9]\{1,3\}\)\.\([0-9]\{1,3\}\)$~\4.\3.\2.\1~p")

if [ "x${reverse}" = "x" ] ; then
      ERROR  "IMHO '$1' doesn't look like a valid IP address"
      exit 1
fi

# Assuming an IP address of 11.22.33.44 as parameter or argument

# If the IP address in $0 passes our crude regular expression check,
# the variable  ${reverse} will contain 44.33.22.11
# In this case the test will be:
#   [ "x44.33.22.11" = "x" ]
# This test will fail and the program will continue

# An empty '${reverse}' means that shell argument $1 doesn't pass our simple IP address check
# In that case the test will be:
#   [ "x" = "x" ]
# This evaluates to true, so the script will call the ERROR function and quit

# -- do a reverse ( address -> name) DNS lookup
REVERSE_DNS=$(dig +short -x $1)

echo IP $1 NAME ${REVERSE_DNS:----}

# -- cycle through all the blacklists
for BL in ${BLISTS} ; do

    # print the UTC date (without linefeed)
    printf $(env TZ=UTC date "+%Y-%m-%d_%H:%M:%S_%Z")

    # show the reversed IP and append the name of the blacklist
    printf "%-40s" " ${reverse}.${BL}."

    # use dig to lookup the name in the blacklist
    #echo "$(dig +short -t a ${reverse}.${BL}. |  tr '\n' ' ')"
    LISTED="$(dig +short -t a ${reverse}.${BL}.)"
    echo ${LISTED:----}

done

# --- EOT ------

[golfreeze]

check RBL ของ proofpoint
https://support.proofpoint.com/rbl-lookup.cgi?ip=116.68.xxx.xxx