giovedì, maggio 01, 2014

Nagios Check RBL mailserver

- post<li> - Permalink

Ciao, gestendo diversi mailserver, può capitare che qualcuno di questi finisca in qualche famigerata DNBL o RBL.

I motivi per cui questo può accadere sono i più diversi, ma tra quelli di attualità, almeno nel mio caso, ci sono delle e-mail a cui vengono rubate le credenziali di accesso e quindi queste vengono usate non tanto per leggere la relativa casella, ma quanto per spedire attraverso un mailserver dotato di una buona fama.

Ovviamente scoprire dai propri clienti che un server non recapita più correttamente i messaggi perché è finito in qualche lista nera è poco edificante e soprattutto poco professionale.

Pertanto se vogliamo monitorare con il nostro Nagios anche questo aspetto dobbiamo installare l'apposito plugin!

Il plugin check_rbl è scaricabile da qui https://trac.id.ethz.ch/projects/nagios_plugins/wiki/check_rbl e le istruzioni per l'installazione le trovate su https://trac.id.ethz.ch/projects/nagios_plugins/browser/check_rbl/INSTALL .

Nell'installazione, oltre a verificare che siano rispettati i relativi requisiti (pochi e molto comuni) dovete solo verificare dove risiedono gli altri plugin di Nagios.

Nel mio caso, per esempio la prima riga è stata, ad esempio:

> perl Makefile.PL INSTALLSITESCRIPT=/usr/local/nagios/libexec/

una volta installato si può testare subito con gli esempi riportati nel wiki

> perl check_rbl -t 60 -H nagios.org \
-s dnsbl.ahbl.org \
-s cbl.abuseat.org \
-s dnsbl.cyberlogic.net \
-s bl.deadbeef.com \
-s spamtrap.drbl.drand.net \
-s spamsources.fabel.dk \
-s 0spam.fusionzero.com \
-s mail-abuse.blacklist.jippg.org \
-s korea.services.net \
-s spamguard.leadmon.net \
-s ix.dnsbl.manitu.net \
-s relays.nether.net \
-s dnsbl.njabl.org \
-s bhnc.njabl.org \
-s no-more-funn.moensted.dk \
-s rbl.orbitrbl.com \
-s psbl.surriel.com \
-s dyna.spamrats.com \
-s noptr.spamrats.com \
-s spam.spamrats.com \
-s dnsbl.sorbs.net \
-s spam.dnsbl.sorbs.net \
-s bl.spamcannibal.org \
-s bl.spamcop.net \
-s pbl.spamhaus.org \
-s sbl.spamhaus.org \
-s xbl.spamhaus.org \
-s ubl.unsubscore.com \
-s dnsbl-1.uceprotect.net \
-s dnsbl-2.uceprotect.net \
-s dnsbl-3.uceprotect.net \
-s db.wpbl.info \
-s access.redhawk.org \
-s blacklist.sci.kun.nl \
-s bl.technovision.dk \
-s dnsbl.kempt.net \
-s dnsbl.solid.net \
-s dul.ru \
-s forbidden.icm.edu.pl \
-s hil.habeas.com \
-s rbl.schulte.org \
-s sbl-xbl.spamhaus.org

Io, per maggior scalabilità, ho preferito usare il file di configurazione esterno check_rbl.ini con la lista delle blacklist da consultare e quindi ho preparato un command (dentro al file command.cfg) fatto in questo modo:

# check rbl
define command{
command_name check_rbl
command_line $USER1$/check_rbl --extra-opts=rbl@$USER1$/check_rbl.ini -t 240 -H $HOSTADDRESS$
}

infine, dentro al file dei controlli relativi al singolo mailserver ho aggiunto semplicemente le righe:

define service{
use generic-service,srv-pnp
host_name mail
service_description RBL
check_command check_rbl
}

Se tutto è corretto il sistema comincia a verificare se e quando il server monitorato è finito in qualche blacklist. Comodo no?

Il mio file check_rbl.ini con le blacklist da consultare è questo:
[rbl]
;http://multirbl.valli.org/list/ - 2014-08-29
server=0spam.fusionzero.com
server=0spam-killlist.fusionzero.com
server=combined.abuse.ch
server=drone.abuse.ch
server=spam.abuse.ch
server=httpbl.abuse.ch
server=uribl.zeustracker.abuse.ch
server=ipbl.zeustracker.abuse.ch
server=contacts.abuse.net
server=rbl.abuse.ro
server=uribl.abuse.ro
server=abuse-contacts.abusix.org
server=dnsbl.ahbl.org
server=ircbl.ahbl.org
server=rhsbl.ahbl.org
server=spam.dnsbl.anonmails.de
server=list.anonwhois.net
server=dnsbl.anticaptcha.net
server=dnsbl6.anticaptcha.net
server=orvedb.aupads.org
server=rsbl.aupads.org
server=l1.apews.org
server=l2.apews.org
server=aspews.ext.sorbs.net
server=dnsbl.aspnet.hu
server=ips.backscatterer.org
server=b.barracudacentral.org
server=bb.barracudacentral.org
server=list.bbfh.org
server=l1.bbfh.ext.sorbs.net
server=l2.bbfh.ext.sorbs.net
server=l3.bbfh.ext.sorbs.net
server=l4.bbfh.ext.sorbs.net
server=bbm.2ch.net
server=niku.2ch.net
server=bbx.2ch.net
server=all.ascc.dnsbl.bit.nl
server=all.v6.ascc.dnsbl.bit.nl
server=all.dnsbl.bit.nl
server=ipv6.all.dnsbl.bit.nl
server=bitonly.dnsbl.bit.nl
server=blacklist.netcore.co.in
server=rbl.blakjak.net
server=netscan.rbl.blockedservers.com
server=rbl.blockedservers.com
server=spam.rbl.blockedservers.com
server=list.blogspambl.com
server=bsb.empty.us
server=bsb.spamlookup.net
server=query.bondedsender.org
server=plus.bondedsender.org
server=dnsbl.burnt-tech.com
server=blacklist.sci.kun.nl
server=whitelist.sci.kun.nl
server=dul.blackhole.cantv.net
server=hog.blackhole.cantv.net
server=rhsbl.blackhole.cantv.net
server=rot.blackhole.cantv.net
server=spam.blackhole.cantv.net
server=cbl.anti-spam.org.cn
server=cblplus.anti-spam.org.cn
server=cblless.anti-spam.org.cn
server=cdl.anti-spam.org.cn
server=cml.anti-spam.org.cn
server=cbl.abuseat.org
server=rbl.choon.net
server=rwl.choon.net
server=ipv6.rbl.choon.net
server=ipv6.rwl.choon.net
server=zz.countries.nerd.dk
server=dnsbl.cyberlogic.net
server=bogons.cymru.com
server=v4.fullbogons.cymru.com
server=v6.fullbogons.cymru.com
server=origin.asn.cymru.com
server=origin6.asn.cymru.com
server=peer.asn.cymru.com
server=tor.dan.me.uk
server=torexit.dan.me.uk
server=ex.dnsbl.org
server=in.dnsbl.org
server=rbl.dns-servicios.com
server=dnsbl.ipocalypse.net
server=dnsbl.mags.net
server=dnsbl.mcu.edu.tw
server=dnsbl.othello.ch
server=dnsbl.rv-soft.info
server=dnsblchile.org
server=list.dnswl.org
server=vote.drbl.caravan.ru
server=vote.drbldf.dsbl.ru
server=vote.drbl.gremlin.ru
server=work.drbl.caravan.ru
server=work.drbldf.dsbl.ru
server=work.drbl.gremlin.ru
server=bl.drmx.org
server=dnsbl.dronebl.org
server=rbl.efnet.org
server=rbl.efnetrbl.org
server=tor.efnet.org
server=bl.emailbasura.org
server=rbl.fasthosts.co.uk
server=fnrbl.fast.net
server=forbidden.icm.edu.pl
server=88.blocklist.zap
server=hil.habeas.com
server=accredit.habeas.com
server=sa-accredit.habeas.com
server=hul.habeas.com
server=sohul.habeas.com
server=hostkarma.junkemailfilter.com
server=nobl.junkemailfilter.com
server=lookup.dnsbl.iip.lu
server=spamrbl.imp.ch
server=wormrbl.imp.ch
server=dnsbl.inps.de
server=dnswl.inps.de
server=intercept.datapacket.net
server=rbl.interserver.net
server=any.dnsl.ipquery.org
server=backscat.dnsl.ipquery.org
server=netblock.dnsl.ipquery.org
server=relay.dnsl.ipquery.org
server=single.dnsl.ipquery.org
server=rbl.ipv6wl.eu
server=iadb.isipp.com
server=iadb2.isipp.com
server=iddb.isipp.com
server=wadb.isipp.com
server=whitelist.rbl.ispa.at
server=mail-abuse.blacklist.jippg.org
server=dnsbl.justspam.org
server=dnsbl.kempt.net
server=spamlist.or.kr
server=bl.konstant.no
server=admin.bl.kundenserver.de
server=relays.bl.kundenserver.de
server=schizo-bl.kundenserver.de
server=spamblock.kundenserver.de
server=worms-bl.kundenserver.de
server=spamguard.leadmon.net
server=dnsbl.madavi.de
server=ipbl.mailhosts.org
server=ipwl.mailhosts.org
server=rhsbl.mailhosts.org
server=rhswl.mailhosts.org
server=shortlist.mailhosts.org
server=xpews.mailhosts.org
server=c10.rbl.hk
server=bl.mailspike.net
server=rep.mailspike.net
server=wl.mailspike.net
server=z.mailspike.net
server=bl.mav.com.br
server=cidr.bl.mcafee.com
server=rbl.megarbl.net
server=dnsbl.forefront.microsoft.com
server=bl.mipspace.com
server=combined.rbl.msrbl.net
server=images.rbl.msrbl.net
server=phishing.rbl.msrbl.net
server=spam.rbl.msrbl.net
server=virus.rbl.msrbl.net
server=web.rbl.msrbl.net
server=relays.nether.net
server=trusted.nether.net
server=unsure.nether.net
server=ix.dnsbl.manitu.net
server=no-more-funn.moensted.dk
server=nospam.ant.pl
server=wl.nszones.com
server=dyn.nszones.com
server=sbl.nszones.com
server=bl.nszones.com
server=ubl.nszones.com
server=dnsbl.openresolvers.org
server=blacklist.mail.ops.asp.att.net
server=blacklist.sequoia.ops.asp.att.net
server=rbl.orbitrbl.com
server=netblock.pedantic.org
server=spam.pedantic.org
server=pofon.foobar.hu
server=rbl.polarcomm.net
server=safe.dnsbl.prs.proofpoint.com
server=dnsbl.proxybl.org
server=psbl.surriel.com
server=whitelist.surriel.com
;server=list.quorum.to
server=all.rbl.jp
server=dyndns.rbl.jp
server=short.rbl.jp
server=url.rbl.jp
server=virus.rbl.jp
server=rbl.schulte.org
server=rbl.talkactive.net
server=rbl.zenon.net
server=access.redhawk.org
server=eswlrev.dnsbl.rediris.es
server=mtawlrev.dnsbl.rediris.es
server=dnsbl.rizon.net
server=dynip.rothen.com
server=asn.routeviews.org
server=aspath.routeviews.org
server=dul.ru
server=dnsbl.rymsho.ru
server=rhsbl.rymsho.ru
server=all.s5h.net
server=ipv6.all.s5h.net
server=dyn.sbg-rbl.org
server=dyn2.sbg-rbl.org
server=sbg.sbg-rbl.org
server=tor.dnsbl.sectoor.de
server=exitnodes.tor.dnsbl.sectoor.de
server=query.senderbase.org
server=sa.senderbase.org
server=bl.score.senderscore.com
server=bl.shlink.org
server=dmm.shlink.org
server=dyn.shlink.org
server=rhsbl.shlink.org
server=rhswl.shlink.org
server=wl.shlink.org
server=blackholes.scconsult.com
server=dnsbl.sorbs.net
server=problems.dnsbl.sorbs.net
server=proxies.dnsbl.sorbs.net
server=relays.dnsbl.sorbs.net
server=safe.dnsbl.sorbs.net
server=nomail.rhsbl.sorbs.net
server=badconf.rhsbl.sorbs.net
server=dul.dnsbl.sorbs.net
server=zombie.dnsbl.sorbs.net
server=block.dnsbl.sorbs.net
server=escalations.dnsbl.sorbs.net
server=http.dnsbl.sorbs.net
server=misc.dnsbl.sorbs.net
server=smtp.dnsbl.sorbs.net
server=socks.dnsbl.sorbs.net
server=rhsbl.sorbs.net
server=spam.dnsbl.sorbs.net
server=recent.spam.dnsbl.sorbs.net
server=new.spam.dnsbl.sorbs.net
server=old.spam.dnsbl.sorbs.net
server=web.dnsbl.sorbs.net
server=korea.services.net
server=geobl.spameatingmonkey.net
server=origin.asn.spameatingmonkey.net
server=backscatter.spameatingmonkey.net
server=badnets.spameatingmonkey.net
server=bl.spameatingmonkey.net
server=fresh.spameatingmonkey.net
server=fresh10.spameatingmonkey.net
server=fresh15.spameatingmonkey.net
server=bl.ipv6.spameatingmonkey.net
server=netbl.spameatingmonkey.net
server=uribl.spameatingmonkey.net
server=urired.spameatingmonkey.net
server=singlebl.spamgrouper.com
server=netblockbl.spamgrouper.com
server=all.spam-rbl.fr
server=geobl.spamanalysis.org
server=bl.spamcannibal.org
server=dnsbl.spam-champuru.livedoor.com
server=bl.spamcop.net
server=dbl.spamhaus.org
server=_vouch.dwl.spamhaus.org
server=pbl.spamhaus.org
server=sbl.spamhaus.org
server=sbl-xbl.spamhaus.org
server=swl.spamhaus.org
server=xbl.spamhaus.org
server=zen.spamhaus.org
server=feb.spamlab.com
server=rbl.spamlab.com
server=all.spamrats.com
server=dyna.spamrats.com
server=noptr.spamrats.com
server=spam.spamrats.com
server=spamsources.fabel.dk
server=bl.spamstinks.com
server=badhost.stopspam.org
server=block.stopspam.org
server=dnsbl.stopspam.org
server=dul.pacifier.net
server=multi.surbl.org
server=xs.surbl.org
server=srn.surgate.net
server=dnsbl.swiftbl.org
server=dnsrbl.swinog.ch
server=uribl.swinog.ch
server=rbl.tdk.net
server=bl.technovision.dk
server=st.technovision.dk
server=dob.sibl.support-intelligence.net
server=dbl.tiopan.com
server=bl.tiopan.com
server=opm.tornevall.org
server=r.mail-abuse.com
server=q.mail-abuse.com
server=rbl2.triumf.ca
server=wbl.triumf.ca
server=truncate.gbudb.net
server=wl.trusted-forwarder.org
server=dunk.dnsbl.tuxad.de
server=hartkore.dnsbl.tuxad.de
server=dnsbl-0.uceprotect.net
server=dnsbl-1.uceprotect.net
server=dnsbl-2.uceprotect.net
server=dnsbl-3.uceprotect.net
server=ubl.unsubscore.com
server=black.uribl.com
server=grey.uribl.com
server=multi.uribl.com
server=red.uribl.com
server=white.uribl.com
server=free.v4bl.org
server=ip.v4bl.org
server=virbl.dnsbl.bit.nl
server=dnsbl.webequipped.com
server=ips.whitelisted.org
server=blacklist.woody.ch
server=ipv6.blacklist.woody.ch
server=uri.blacklist.woody.ch
server=db.wpbl.info
server=bl.blocklist.de
server=dnsbl.zapbl.net
server=rhsbl.zapbl.net
server=zebl.zoneedit.com
server=ban.zebl.zoneedit.com


Sognate e mirate sempre più in alto di quello che ritenete alla vostra portata. Non cercate solo di superare i vostri contemporanei o i vostri predecessori. Cercate, piuttosto, di superare voi stessi. (da Sartoris)

Nessun commento:

Articoli correlati divisi per etichetta



Widget by Hoctro