<#
.SYNOPSIS
CheckRLB.ps1 - Checks a list servers against a list of RBL and reports any occurrences.
.DESCRIPTION
Checks a list servers or IP against a list of RBL and reports any occurrences.
.INPUTS
.OUTPUTS
Results are emailed
.PARAMETER MXRecord
One or more servers or IP, separated by commas, to be checked against the RLB list.
.PARAMETER Verbose
Detailed output from the script.
.EXAMPLE
To check the host mx1.hotmail.com and aspmx.l.google.com against the blacklist:
CheckRLB.ps1 -MXRecord mx1.hotmail.com, aspmx.l.google.com
.NOTES
Make sure to change the MX records and SMTP settings to fit your needs.
#>
##### VARIABLES TO MODIFY BELOW #####
$smtpServer = "smtp.domain.com"
$smtpTo = "HelpDesk@domain.com"
$smtpFrom = "EmailBlacklistCheck@domain.com"
[CmdletBinding()]
Param(
[Parameter( Mandatory=$false)]
#List of MX records to monitor if the parameter is not changed
[string[]]$MXRecord = @(
'mx1.hotmail.com'
'mx2.hotmail.com'
'mx3.hotmail.com'
'mx4.hotmail.com'
)
)
##### VARIABLES TO MODIFY ABOVE #####
#List of RLB's to check against
$blacklistServers = @(
'b.barracudacentral.org'
'spam.rbl.msrbl.net'
'zen.spamhaus.org'
'bl.deadbeef.com'
'bl.emailbasura.org'
'bl.spamcannibal.org'
'bl.spamcop.net'
'blackholes.five-ten-sg.com'
'blacklist.woody.ch'
'bogons.cymru.com'
'cbl.abuseat.org'
'cdl.anti-spam.org.cn'
'combined.abuse.ch'
'combined.rbl.msrbl.net'
'db.wpbl.info'
'dnsbl-1.uceprotect.net'
'dnsbl-2.uceprotect.net'
'dnsbl-3.uceprotect.net'
'dnsbl.ahbl.org'
'dnsbl.cyberlogic.net'
'dnsbl.inps.de'
'dnsbl.njabl.org'
'dnsbl.sorbs.net'
'drone.abuse.ch'
'drone.abuse.ch'
'duinv.aupads.org'
'dul.dnsbl.sorbs.net'
'dul.ru'
'dyna.spamrats.com'
'dynip.rothen.com'
'http.dnsbl.sorbs.net'
'images.rbl.msrbl.net'
'ips.backscatterer.org'
'ix.dnsbl.manitu.net'
'korea.services.net'
'misc.dnsbl.sorbs.net'
'noptr.spamrats.com'
'ohps.dnsbl.net.au'
'omrs.dnsbl.net.au'
'orvedb.aupads.org'
'osps.dnsbl.net.au'
'osrs.dnsbl.net.au'
'owfs.dnsbl.net.au'
'owps.dnsbl.net.au'
'pbl.spamhaus.org'
'phishing.rbl.msrbl.net'
'probes.dnsbl.net.au'
'proxy.bl.gweep.ca'
'proxy.block.transip.nl'
'psbl.surriel.com'
'rbl.interserver.net'
'rdts.dnsbl.net.au'
'relays.bl.gweep.ca'
'relays.bl.kundenserver.de'
'relays.nether.net'
'residential.block.transip.nl'
'ricn.dnsbl.net.au'
'rmst.dnsbl.net.au'
'sbl.spamhaus.org'
'short.rbl.jp'
'smtp.dnsbl.sorbs.net'
'socks.dnsbl.sorbs.net'
'spam.abuse.ch'
'spam.dnsbl.sorbs.net'
'spam.spamrats.com'
'spamlist.or.kr'
'spamrbl.imp.ch'
't3direct.dnsbl.net.au'
'tor.ahbl.org'
'tor.dnsbl.sectoor.de'
'torserver.tor.dnsbl.sectoor.de'
'ubl.lashback.com'
'ubl.unsubscore.com'
'virbl.bit.nl'
'virus.rbl.jp'
'virus.rbl.msrbl.net'
'web.dnsbl.sorbs.net'
'wormrbl.imp.ch'
'xbl.spamhaus.org'
'zombie.dnsbl.sorbs.net'
)
$arrAttributes = @() #Array to store failed checks on
$IPs = @() #Array to store IP addresses
$count1 = 1 #Counter for the first progress bar
foreach ($mx in $mxrecord){
#Main progress bar
$ActivityMessage = "Gathering the IP's for all of the MX records. Please wait..."
$StatusMessage = ("Processing {0} of {1}: {2}" -f $count1, @($mxrecord).count, $mx)
$PercentComplete = ($count1 / @($mxrecord).count * 100)
Write-Progress -ID 1 -Activity $ActivityMessage -Status $StatusMessage -PercentComplete $PercentComplete
Write-Verbose "Getting IP addresses for the $mx"
$mxips = [System.Net.Dns]::GetHostAddresses("$mx")
$IPAddress = $mxips | select $_.IPAddressToString
$IPs += $IPAddress.IPAddressToString
$count1++
}
#Filter the list of IPs down to only unigue entries
if ($IPs.count -gt 1){
$IPs += $IPs | select -Unique
}
$count2 = 1 #Counter for the second progress bar
foreach ($IP in $ips){
#Secondary progress bar
$ActivityMessage = "Processing IP's. Please wait..."
$StatusMessage = ("Processing {0} of {1}: {2}" -f $count2, @($ips).count, $ip)
$PercentComplete = ($count2 / @($ips).count * 100)
Write-Progress -ID 2 -Activity $ActivityMessage -Status $StatusMessage -PercentComplete $PercentComplete
Write-Verbose "Forming reverse IP for $IP"
$reversedIP = ($IP -split '\.')[3..0] -join '.'
Write-Verbose "Reverse IP is $reversedIP"
$count3 = 1 #Counter for the third progress bar
foreach ($server in $blacklistServers){
#Third progress bar
$ActivityMessage = "Checking RLB. Please wait..."
$StatusMessage = ("Processing {0} of {1}: {2}" -f $count3, @($blacklistServers).count, $server)
$PercentComplete = ($count3 / @($blacklistServers).count * 100)
Write-Progress -ID 3 -ParentId 2 -Activity $ActivityMessage -Status $StatusMessage -PercentComplete $PercentComplete
$objAttributes = New-Object PSObject
#Combine the reverse IP with the server checking
$fqdn = "$reversedIP.$server"
try {
Write-Verbose "Checking $IP against $server"
$null = [System.Net.Dns]::GetHostEntry($fqdn)
$helplink = "http://mxtoolbox.com/SuperTool.aspx?action=blacklist%3a" + $IP
Add-Member -InputObject $objAttributes -MemberType NoteProperty -Name IP -Value $IP
Add-Member -InputObject $objAttributes -MemberType NoteProperty -Name "Blacklisted On" -Value $server
Add-Member -InputObject $objAttributes -MemberType NoteProperty -Name "MX Record" -Value $MX
Add-Member -InputObject $objAttributes -MemberType NoteProperty -Name "MXToolbox Link" -Value $helplink
$arrAttributes += $objAttributes
}
catch { }
$count3++
}
$count2++
}
#Email Settings
$date = Get-Date -Format g
$messageSubject = "An IP Has Been Listed On An Email Blacklist - $date"
#CSS style for the HTML message
$emailhead="<html>
<style>
BODY{font-family: Calibri; font-size: 11pt;}
H1{font-size: 18px;}
H2{font-size: 16px;}
H3{font-size: 14px;}
TABLE{border: 1px solid black; border-collapse: collapse; font-size: 11pt;}
TH{border: 1px solid black; background: #dddddd; padding: 5px; color: #000000;}
TD{border: 1px solid black; padding: 5px; }
</style>"
#Main body of the email, tailor to fit needs
$emailbody = "<body>
<h3 align=""center"">An IP Has Been Listed On An Email Blacklist</h3>
<p>The IP's below have been blacklisted please check the MXToolbox link for more information.</p>"
#Convert the array to HTML
$emailtable = $arrAttributes | ConvertTo-Html
#Closing tags and when/where the report was generated
$emailbottom = "<p>Generated at $date on $(Get-Content env:computername)</p>
</body>
</html>"
#Combine all the parts together to make one pretty email
$htmlmessage = $emailhead + $emailbody + $emailtable + $emailbottom
#Check if there was a hit create an email
if ($arrAttributes -ne $null){
Write-Verbose "An IP was BlackListed, sending an email to $smtpTo"
Send-MailMessage -To $smtpTo -From $smtpFrom -SmtpServer $smtpServer -Priority High -Subject $messageSubject -BodyAsHtml -Body $htmlMessage
}