gecloud.ch/security-scripts
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

added mail scripts

Browse source
This commit is contained in:
Peter Baumann 2013-06-04 15:35:03 +02:00
parent cb798eb7bb
commit c95fd6c427
2 changed files with 667 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

140
mail/senderbase/country_code_rejects.pl Executable file
View file

@ -0,0 +1,140 @@
#!/usr/bin/perl
use Net::SenderBase;
use Getopt::Std;
## Command to options
getopts('cgrf:i:l:m:d:', \%options);
sub HELP_MESSAGE {
print <<EOF;
Usage: -f : List of hated country codes
-m : Your Countrys code
-i : remote ipaddress (can NOT be used with -d)
-l : log to this file
-r : Exit code 3 (aka reject for xmail)
-g : log good countries too
-d : File to get to get remote domain from (can NOT be used with -i)
-b : From address
-c : Use Caching (requires Cache::FileCache module)
Exmaple (reject only hated Countries):
./test.pl -f "JP:TW" -i "555.555.555.555"
Exmaple (reject every one but my country):
./test.pl -m "US" -i "555.555.555.555"
EOF
}
sub VERSION_MESSAGE {
print "$0 Version: 1.0 \n";
}
## Log info
sub LogIt {
my $txt = shift;
my $file = shift;
if ($file ne "") {
open(LOG, ">>$file") or warn "Failed to open $LogFile. Message was $txt\n";
print LOG localtime() . " " . $txt . "\n";
close(LOG);
}
}
my $MyCountry = $options{'m'} if defined $options{'m'};
my $HatedCountrys = $options{'f'} if defined $options{'f'};
my $RemoteIP = $options{'i'} if defined $options{'i'};
my $LogFile = $options{'l'} if defined $options{'l'};
my $File = $options{'d'} if defined $options{'d'};
my $From = $options{'b'} if defined $options{'b'};
my $Exit = 0;
my $RemoteCountry = "";
my $FromCache = "No";
if (defined $options{'c'}) {
use Cache::FileCache;
my $cache_options_ref = { namespace => 'CountryCode', default_expires_in => '1 day', auto_purge_interval => '1 hour'};
my $cache;
}
# Covert all to upper
$MyCountry =~ tr/a-z/A-Z/;
$HatedCountrys =~ tr/a-z/A-Z/;
@HatedCountries = split(/:/, $HatedCountrys);
if (defined $options{'c'}) {
$cache = Cache::FileCache->new($cache_options_ref);
}
## Display help if -h is given
if (defined $options{'h'}) {
HELP_MESSAGE();
exit(0);
}
if ($MyCountry eq "" && $HatedCountrys eq "") {
print "You forgot to define your country (-m \"US\") OR define a list of hated countried (-f \"JP:BR:TW\")\n";
LogIt("Error : You forgot to define your country (-m \"US\") OR define a list of hated countried (-f \"JP:BR:TW\")",$LogFile);
HELP_MESSAGE();
exit(0);
}
if (defined $options{'d'} && defined $options{'i'}) {
print "You can only use -d OR -i but not both.\n;";
LogIt("Error : You can only use -d OR -i but not both.",$LogFile);
HELP_MESSAGE();
exit(0);
}
if (defined $options{'d'}) {
open(FileData, $File);
my $line = <FileData>;
chomp($line);
close FileData;
my @InfoData = split(/;/, $line);
my $ClientDomain = @InfoData[0];
$RemoteIP = $ClientDomain;
}
if (defined $options{'c'}) {
$RemoteCountry = $cache->get( $RemoteIP );
}
if ($RemoteCountry eq "") {
my $query = Net::SenderBase::Query->new(Transport => 'dns', Address => $RemoteIP, Host => 'test.senderbase.org',);
my $results = $query->results();
$RemoteCountry = $results->ip_country;
} else {
$FromCache = "Yes";
}
if ($RemoteCountry eq "") {
LogIt("Error : Error getting info about : $RemoteIP",$LogFile);
exit($Exit);
}
if (defined $options{'c'} && $FromCache ne "Yes") {
$cache->set( $RemoteIP, $RemoteCountry);
}
if ($RemoteCountry ne $MyCountry || grep (/$RemoteCountry/, @HatedCountries)) {
$Exit = 3;
}
if (defined $options{'r'} && $Exit == 3) {
$Txt = "Blocking";
} elsif (!defined $options{'r'} && $Exit == 3) {
$Txt = "Would Have Blocked";
$Exit = 0;
} elsif ($LogFile) {
$Txt = "Allowing";
}
LogIt("$Txt : $RemoteIP : $RemoteCountry : $FromCache",$LogFile);
exit($Exit);

527
mail/senderbase/rblcheck.pl Executable file
View file

@ -0,0 +1,527 @@
#!/usr/bin/perl -w
# Multi-process rsp. multi-threaded version of rblcheck
$Version='perl rblcheck 0.1.3a';
$Copyright='Copyright (C) 2003 Hatto von Hatzfeld';
# Need help? Just start this script with Option -h
# Don't forget to check the CONFIGURATION sector below.
# Compared with rblcheck written by Edward S. Marshall
# you'll find advantages and disadvantages of this perl
# version of rblcheck. Like rblcheck this script returns
# 1 if at there was any match, otherwise 0 (255 in case
# of syntax errors).
# Advantages:
# - needs much less time to check a high number of RBLs
# - you may indicate a time out (option -o) after which
# all checks are stopped (no effect when run under
# Windows with just one IP)
# - is able to filter mail header: "| rblcheck.pl -mq -"
# (e.g. for procmail)
# Disadvantages:
# - it needs a perl interpreter (maybe you have to change the
# first line to fit to your system)
# - the option -t does not return any TXT record
# - output is not sorted the same way
# The script will return 1 if any IP matched with any of
# the RBLs.
# The script has been tested on Linux SuSE 6.2. and works well.
# It has been tested under Windows 98 with ActivePerl 5.6.1.633
# (Perl Version 5.006001), and it works, but not well...
# (available from http://www.ActiveState.com/ActivePerl).
# The script comes "as it is" without any warranty
# You may send improvements and questions to hatto@salesianer.de
# CHANGES
# 2003-06-27 0.1.4a Bug relating to RfC 1918 fixed
# 2002-08-02 0.1.3 Added ability to filter whole mail headers
# Don't check private address space (RfC 1918)
# 2002-07-30 0.1.2 First published version
# TODO
# - fight the crashes under Windows mentioned below
# CONFIGURATION
$TimeOutDefault=10; # Default time out (seconds)
$sleepseconds=0; # Set this to 1 if you experience crashes under Windows
# especially when checking a high number of RBLs
# RBL Services
# uncomment or comment out services according to your needs!
# Note: In some environments you will get problems if you
# activate too many services (especially under Windows)
@rbls=(
"bl.deadbeef.com",
"korea.services.net",
"query.senderbase.org",
"dnsbl.rangers.eu.org",
"dnsbl.antispam.or.id",
"relays.bl.gweep.ca",
"cbl.abuseat.org",
"dnsbl.kempt.net",
"sbl.spamhaus.org",
"relays.bl.kundenserver.de",
"orvedb.aupads.org",
"dnsbl.njabl.org",
"rbl.snark.net",
"random.bl.gweep.ca",
"relays.nether.net",
"rblmap.tu-berlin.de",
"dynablock.njabl.org",
"blackholes.intersil.net",
"forbidden.icm.edu.pl",
"dnsbl.solid.net",
"osps.dnsbl.net.au",
"relays.mail-abuse.org",
"satos.rbl.cluecentral.net",
"spamsources.fabel.dk",
"spam.wytnij.to",
"dul.ru",
"blacklist.sci.kun.nl",
"list.dsbl.org",
"spamsoures.dnsbl.info",
"rbl.schulte.org",
"msgid.bl.gweep.ca",
"dun.dnsrbl.net",
"lbl.lagengymnastik.dk",
"3y.spam.mrs.kithrup.com",
"virbl.dnsbl.bit.nl",
"rdts.dnsbl.net.au",
"t1.dnsbl.net.au",
"bl.spamcop.net",
"owps.dnsbl.net.au",
"ricn.dnsbl.net.au",
"access.redhawk.org",
"owfs.dnsbl.net.au",
"dnsbl.ahbl.org",
"will-spam-for-food.eu.org",
"opm.blitzed.org",
"map.spam-rbl.com",
"relays.visi.com",
"ohps.dnsbl.net.au",
"blacklist.informationwave.net",
"dnsbl.isoc.bg",
"db.wpbl.info",
"blackholes.mail-abuse.org",
"flowgoaway.com",
"dnsbl.sorbs.net",
"ipwhois.rfc-ignorant.org",
"relays.ordb.org",
"bl.csma.biz",
"multihop.dsbl.org",
"hil.habeas.com",
"rsbl.aupads.org",
"rmst.dnsbl.net.au",
"dialups.mail-abuse.org",
"spamguard.leadmon.net",
"bl.technovision.dk",
"unsure.nether.net",
"duinv.aupads.org",
"spam.dnsrbl.net",
"psbl.surriel.com",
"xbl.spamhaus.org",
"blocked.hilli.dk",
"spamsources.dnsbl.info",
"osrs.dnsbl.net.au",
"blackholes.uceb.org",
"0spam.fusionzero.com",
"dialups.visi.com",
"unconfirmed.dsbl.org",
"rbl-plus.mail-abuse.org",
"dnsbl.regedit64.net",
"rbl.triumf.ca",
"bl.spamcannibal.org",
"sbl.csma.biz",
"dnsbl.cyberlogic.net",
"omrs.dnsbl.net.au",
);
# END OF CONFIGURATION
use Socket;
use POSIX ":sys_wait_h";
$myname=($0=~/([^\/ ]+)$/) ? $1 : 'rblcheck';
$TimeOut=$TimeOutDefault;
sub ShowSyntax {
print STDERR "$myname\n$Version\n$Copyright\n";
print STDERR "Usage: $myname [-qtmlcvh?] [-o <NN>] [-s <services>] <IP> [<IP> ...]\n\n";
print STDERR " -q Quiet mode; no output\n";
print STDERR " -t Print Pseudo-IP reported by rbl (not TXT record!)\n";
print STDERR " -m Stop checking after first address match in any list\n";
print STDERR " -l List default RBL services to check\n";
print STDERR " -c Clear the current list of RBL services\n";
print STDERR " -o <NN> Change time out to NN seconds (default: $TimeOutDefault)\n";
print STDERR " -s <service> Add a new service to the RBL services list\n";
print STDERR " -h, -? Display this help message\n";
print STDERR " -v Display version information\n";
print STDERR " <IP> An IP address to look up; specify '-' to read multiple\n";
print STDERR " addresses (or a whole mail header) from standard input\n";
if($< == 0) { print STDERR "Attention: -m and -o will not be very efficient under Windows!\n"; }
}
# Check parameters
$showtxt=0;
$quit1stpos=0;
$quiet=0;
if($#ARGV<0) { &ShowSyntax; exit 255; }
while($#ARGV>=0) {
if($ARGV[0]=~/^\-([a-z\?])([a-z\?]*)$/i) {
if($1 eq "c") { @rbls=(); }
elsif($1 eq "s") {
if($#ARGV<1) { die ("$myname: No parameter (rbl) after -s.\n"); }
shift @ARGV; push (@rbls, $ARGV[0]);
}
elsif($1 eq "o") {
if($#ARGV<1) { die ("$myname: No parameter (time in seconds) after -o.\n"); }
shift @ARGV; $TimeOut=$ARGV[0];
}
elsif($1 eq 'm') { $quit1stpos=-1; }
elsif($1 eq 'q') { $quiet=-1; }
elsif($1 eq 'h' || $1 eq '?') { &ShowSyntax; exit; }
elsif($1 eq 't') { $showtxt=-1; }
elsif($1 eq 'v') { print STDERR "$Version\n$Copyright\n"; exit; }
elsif($1 eq 'l') {
for($i=0;$i<=$#rbls;$i++) { print $rbls[$i]."\n"; }
exit 0;
}
else { die("$myname: Unknown parameter -$1.\n"); }
# place next parameter in first position
if($2 ne '') { $ARGV[0]="-$2"; }
else { shift @ARGV; }
}
elsif($ARGV[0] eq '-') { # Read IPs from STDIN
while(defined($inputline=<STDIN>)) {
chomp $inputline;
@inputwords=split(/ /,$inputline);
foreach $inputword(@inputwords) {
if(!defined(@IPs)) { $IPs[0]=$inputword; } else { push (@IPs,$inputword); }
}
}
shift @ARGV;
}
else {
# Must be an IP
if(!defined(@IPs)) { $IPs[0]=shift @ARGV; } else { push(@IPs, shift @ARGV); }
}
}
if($#rbls<0) { die("$myname: no rbl listing(s) specified (need `-s <IP>'?)\n"); }
$imax=0;
for($i=0;$i<=$#IPs;$i++) {
if($IPs[$i]=~/(\d+)\.(\d+)\.(\d+)\.(\d+)/) {
$IPs[$imax]=1*$1.".".1*$2.".".1*$3.".".1*$4;
$RevIPs[$imax]=1*$4.".".1*$3.".".1*$2.".".1*$1.".";
# skip Private Address Space (cp. RfC 1918)
if(!($1==10 || $1==172 && $2>15 && $2<33 ||
$1==192 && $2==168 || $IPs[$imax] eq '127.0.0.1')) { $imax++; }
}
}
if($imax<1) {
print STDERR "$myname: no public IP address(es) specified\n";
&ShowSyntax;
exit 1;
}
$ParentP="y"; $NumChildren=0; $Windows="n";
while($ParentP eq "y" && $#rbls>=0) { # LOOP TO GENERATE CHILDREN
if ($Windows eq "y") { sleep $sleepseconds; } # a helpless workaround :-/
$rbl=$rbls[0]; # next rbl to be checked
$rnr=fork(); # generate a child
if($rnr == 0 ) { # a child should not generate children
$ParentP="n";
last;
}
elsif($rnr<0) { $Windows="y"; } # supposed
# Parent; associate PID of new child with rbl to check;
$NumChildren++; $RBL2CHK{$rnr}=$rbl;
shift @rbls;
}
if($ParentP eq "n") { # Each child has to check all IPs against one rbl
$listed=0;
for($i=0;$i<$imax;$i++) {
$zwi=$RevIPs[$i].$rbl;
$Result=gethostbyname($zwi);
if(!defined($Result)) { $Result=$IPs[$i]." not RBL filtered by ".$rbl."\n"; }
else {
$listed=1;
$Result=$IPs[$i]." RBL filtered by ".$rbl.
($showtxt ? " (".inet_ntoa($Result).")\n" : "\n");
}
if(!$quiet) { print STDOUT $Result; }
if($quit1stpos && $listed) { exit 1; }
}
exit $listed;
}
else { # Parent has to wait for the deaths of all children or to kill them in case of time out
$Ende=$TimeOut+time; $Killed="n"; $listed=0;
for($i=0;$i<$NumChildren;$i++) {
do {
if(time>$Ende && $Killed eq "n" && $Windows ne "y") { # Time out - kill it
foreach $Pid (keys %RBL2CHK) {
if($RBL2CHK{$Pid} ne "-") {
if(!($quit1stpos && $listed==1) && !$quiet) {
print STDERR "Check for filtering by ".$RBL2CHK{$Pid}.
" timed out (".$TimeOut." s).\n";
}
kill 9,$Pid;
}
}
$Killed="y";
}
$rv=waitpid(-1, &WNOHANG); $rvc=$?;
} until $rv != 0;
if($rv>=0 || $Windows eq "y") { # It was a child
if($rvc!=0 && !($rvc==9 && $Killed eq "y")) {
if($rvc==256) { $listed=1; if($quit1stpos) { $Ende=time; } }
else {
print STDERR "Check for ".$RBL2CHK{$rv}." finished with code $rvc.\n";
}
}
$RBL2CHK{$rv}="-"; # bury it
}
else { # This should never happen :-)
print STDERR "$myname: Internal error - parent process $$ says: No child to wait for!\n";
}
}
exit $listed;
}