Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <#
- .SYNOPSIS
- CheckRLB.ps1 - Checks a list servers against a list of RBL and reports any occurrences.
- .DESCRIPTION
- Checks a list servers or IP against a list of RBL and reports any occurrences.
- .INPUTS
- .OUTPUTS
- Results are emailed
- .PARAMETER MXRecord
- One or more servers or IP, separated by commas, to be checked against the RLB list.
- .PARAMETER Verbose
- Detailed output from the script.
- .EXAMPLE
- To check the host mx1.hotmail.com and aspmx.l.google.com against the blacklist:
- CheckRLB.ps1 -MXRecord mx1.hotmail.com, aspmx.l.google.com
- .NOTES
- Make sure to change the MX records and SMTP settings to fit your needs.
- #>
- ##### VARIABLES TO MODIFY BELOW #####
- $smtpServer = "smtp.domain.com"
- $smtpTo = "HelpDesk@domain.com"
- $smtpFrom = "EmailBlacklistCheck@domain.com"
- [CmdletBinding()]
- Param(
- [Parameter( Mandatory=$false)]
- #List of MX records to monitor if the parameter is not changed
- [string[]]$MXRecord = @(
- 'mx1.hotmail.com'
- 'mx2.hotmail.com'
- 'mx3.hotmail.com'
- 'mx4.hotmail.com'
- )
- )
- ##### VARIABLES TO MODIFY ABOVE #####
- #List of RLB's to check against
- $blacklistServers = @(
- 'b.barracudacentral.org'
- 'spam.rbl.msrbl.net'
- 'zen.spamhaus.org'
- 'bl.deadbeef.com'
- 'bl.emailbasura.org'
- 'bl.spamcannibal.org'
- 'bl.spamcop.net'
- 'blackholes.five-ten-sg.com'
- 'blacklist.woody.ch'
- 'bogons.cymru.com'
- 'cbl.abuseat.org'
- 'cdl.anti-spam.org.cn'
- 'combined.abuse.ch'
- 'combined.rbl.msrbl.net'
- 'db.wpbl.info'
- 'dnsbl-1.uceprotect.net'
- 'dnsbl-2.uceprotect.net'
- 'dnsbl-3.uceprotect.net'
- 'dnsbl.ahbl.org'
- 'dnsbl.cyberlogic.net'
- 'dnsbl.inps.de'
- 'dnsbl.njabl.org'
- 'dnsbl.sorbs.net'
- 'drone.abuse.ch'
- 'drone.abuse.ch'
- 'duinv.aupads.org'
- 'dul.dnsbl.sorbs.net'
- 'dul.ru'
- 'dyna.spamrats.com'
- 'dynip.rothen.com'
- 'http.dnsbl.sorbs.net'
- 'images.rbl.msrbl.net'
- 'ips.backscatterer.org'
- 'ix.dnsbl.manitu.net'
- 'korea.services.net'
- 'misc.dnsbl.sorbs.net'
- 'noptr.spamrats.com'
- 'ohps.dnsbl.net.au'
- 'omrs.dnsbl.net.au'
- 'orvedb.aupads.org'
- 'osps.dnsbl.net.au'
- 'osrs.dnsbl.net.au'
- 'owfs.dnsbl.net.au'
- 'owps.dnsbl.net.au'
- 'pbl.spamhaus.org'
- 'phishing.rbl.msrbl.net'
- 'probes.dnsbl.net.au'
- 'proxy.bl.gweep.ca'
- 'proxy.block.transip.nl'
- 'psbl.surriel.com'
- 'rbl.interserver.net'
- 'rdts.dnsbl.net.au'
- 'relays.bl.gweep.ca'
- 'relays.bl.kundenserver.de'
- 'relays.nether.net'
- 'residential.block.transip.nl'
- 'ricn.dnsbl.net.au'
- 'rmst.dnsbl.net.au'
- 'sbl.spamhaus.org'
- 'short.rbl.jp'
- 'smtp.dnsbl.sorbs.net'
- 'socks.dnsbl.sorbs.net'
- 'spam.abuse.ch'
- 'spam.dnsbl.sorbs.net'
- 'spam.spamrats.com'
- 'spamlist.or.kr'
- 'spamrbl.imp.ch'
- 't3direct.dnsbl.net.au'
- 'tor.ahbl.org'
- 'tor.dnsbl.sectoor.de'
- 'torserver.tor.dnsbl.sectoor.de'
- 'ubl.lashback.com'
- 'ubl.unsubscore.com'
- 'virbl.bit.nl'
- 'virus.rbl.jp'
- 'virus.rbl.msrbl.net'
- 'web.dnsbl.sorbs.net'
- 'wormrbl.imp.ch'
- 'xbl.spamhaus.org'
- 'zombie.dnsbl.sorbs.net'
- )
- $arrAttributes = @() #Array to store failed checks on
- $IPs = @() #Array to store IP addresses
- $count1 = 1 #Counter for the first progress bar
- foreach ($mx in $mxrecord){
- #Main progress bar
- $ActivityMessage = "Gathering the IP's for all of the MX records. Please wait..."
- $StatusMessage = ("Processing {0} of {1}: {2}" -f $count1, @($mxrecord).count, $mx)
- $PercentComplete = ($count1 / @($mxrecord).count * 100)
- Write-Progress -ID 1 -Activity $ActivityMessage -Status $StatusMessage -PercentComplete $PercentComplete
- Write-Verbose "Getting IP addresses for the $mx"
- $mxips = [System.Net.Dns]::GetHostAddresses("$mx")
- $IPAddress = $mxips | select $_.IPAddressToString
- $IPs += $IPAddress.IPAddressToString
- $count1++
- }
- #Filter the list of IPs down to only unigue entries
- if ($IPs.count -gt 1){
- $IPs += $IPs | select -Unique
- }
- $count2 = 1 #Counter for the second progress bar
- foreach ($IP in $ips){
- #Secondary progress bar
- $ActivityMessage = "Processing IP's. Please wait..."
- $StatusMessage = ("Processing {0} of {1}: {2}" -f $count2, @($ips).count, $ip)
- $PercentComplete = ($count2 / @($ips).count * 100)
- Write-Progress -ID 2 -Activity $ActivityMessage -Status $StatusMessage -PercentComplete $PercentComplete
- Write-Verbose "Forming reverse IP for $IP"
- $reversedIP = ($IP -split '\.')[3..0] -join '.'
- Write-Verbose "Reverse IP is $reversedIP"
- $count3 = 1 #Counter for the third progress bar
- foreach ($server in $blacklistServers){
- #Third progress bar
- $ActivityMessage = "Checking RLB. Please wait..."
- $StatusMessage = ("Processing {0} of {1}: {2}" -f $count3, @($blacklistServers).count, $server)
- $PercentComplete = ($count3 / @($blacklistServers).count * 100)
- Write-Progress -ID 3 -ParentId 2 -Activity $ActivityMessage -Status $StatusMessage -PercentComplete $PercentComplete
- $objAttributes = New-Object PSObject
- #Combine the reverse IP with the server checking
- $fqdn = "$reversedIP.$server"
- try {
- Write-Verbose "Checking $IP against $server"
- $null = [System.Net.Dns]::GetHostEntry($fqdn)
- $helplink = "http://mxtoolbox.com/SuperTool.aspx?action=blacklist%3a" + $IP
- Add-Member -InputObject $objAttributes -MemberType NoteProperty -Name IP -Value $IP
- Add-Member -InputObject $objAttributes -MemberType NoteProperty -Name "Blacklisted On" -Value $server
- Add-Member -InputObject $objAttributes -MemberType NoteProperty -Name "MX Record" -Value $MX
- Add-Member -InputObject $objAttributes -MemberType NoteProperty -Name "MXToolbox Link" -Value $helplink
- $arrAttributes += $objAttributes
- }
- catch { }
- $count3++
- }
- $count2++
- }
- #Email Settings
- $date = Get-Date -Format g
- $messageSubject = "An IP Has Been Listed On An Email Blacklist - $date"
- #CSS style for the HTML message
- $emailhead="<html>
- <style>
- BODY{font-family: Calibri; font-size: 11pt;}
- H1{font-size: 18px;}
- H2{font-size: 16px;}
- H3{font-size: 14px;}
- TABLE{border: 1px solid black; border-collapse: collapse; font-size: 11pt;}
- TH{border: 1px solid black; background: #dddddd; padding: 5px; color: #000000;}
- TD{border: 1px solid black; padding: 5px; }
- </style>"
- #Main body of the email, tailor to fit needs
- $emailbody = "<body>
- <h3 align=""center"">An IP Has Been Listed On An Email Blacklist</h3>
- <p>The IP's below have been blacklisted please check the MXToolbox link for more information.</p>"
- #Convert the array to HTML
- $emailtable = $arrAttributes | ConvertTo-Html
- #Closing tags and when/where the report was generated
- $emailbottom = "<p>Generated at $date on $(Get-Content env:computername)</p>
- </body>
- </html>"
- #Combine all the parts together to make one pretty email
- $htmlmessage = $emailhead + $emailbody + $emailtable + $emailbottom
- #Check if there was a hit create an email
- if ($arrAttributes -ne $null){
- Write-Verbose "An IP was BlackListed, sending an email to $smtpTo"
- Send-MailMessage -To $smtpTo -From $smtpFrom -SmtpServer $smtpServer -Priority High -Subject $messageSubject -BodyAsHtml -Body $htmlMessage
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement