Sebastian Nohn

Weblog

Using Net_DNSBL and Nagios to check if your SMTP server is listed in a RBL

RBLs are a great way to get rid of a lot of SPAM (if you choose the right ones). On the other hand you (and users of your mail server) get in big trouble if your SMTP server gets listed on a common RBL.

Checking this manually is a job that sucks a lot, checking this automatically is an easy job with Nagios, PHP, Net_DNSBL and Console_Getopt.

I assume, you have Nagios up and running and installed according to FHS.

Install the required PEAR packages via

# pear install -a Net_DNSBL Console_Getopt

The code for a non-idiot proof, but working RBL checker is simple:


#!/opt/php/bin/php
<?php

define('SERVICE_STATUS', 'Service Status:');

require_once 'Console/Getopt.php';
require_once 'Net/DNSBL.php';

$dnsbl = new Net_DNSBL();

$shortoptions = 'H:V::r:';
$longoptions = array('hostname=', 'version==', 'rbls=');

$con = new Console_Getopt;
$args = $con->readPHPArgv();
array_shift($args);
$options = $con->getopt2($args, $shortoptions, $longoptions);

foreach($options[0] as $option) {
  if ($option[0] == 'H' || $option[0] == '--hostname') {
    $hostname = $option[1];
  }
  if ($option[0] == 'r' || $option[0] == '--rbls') {
    $rbls_temp = $option[1];
  }
}

if (!isset($hostname) || !isset($rbls_temp)) {
  echo SERVICE_STATUS.' Unknown'."\n";
  exit(3);
} else {
  $rbls = explode(',', $rbls_temp);
  $dnsbl->setBlacklists($rbls);
  if ($dnsbl->isListed($hostname)) {
    echo SERVICE_STATUS.' Critical - Listed in '.$dnsbl->getListingBl($hostname)."\n";
    exit(2);
  } else {
    echo SERVICE_STATUS.' OK - Not Listed in supplied DNSBLs'."\n";
    exit(0);
  }
}
?>

Put this into your Nagios plugin directory (/opt/nagios/libexec) and add this to /etc/opt/nagios/checkcommands.cfg:

define command{
        command_name    check_dnsbl
        command_line    $USER1$/check_dnsbl -H $HOSTADDRESS$ -r $ARG1$
        }

As well as this to /etc/opt/nagios/services.cfg:

define service{
        use                             generic-service
        host_name                       your.mail.server
        service_description             DNSBL
        is_volatile                     0
        check_period                    24x7
        max_check_attempts              3
        normal_check_interval           3
        retry_check_interval            1
        contact_groups                  nohn
        notification_interval           120
        notification_period             24x7
        notification_options            w,u,c,r
        check_command                   check_dnsbl!bl.spamcop.net,some.other.comma.separated.rbls
        }

Finally you have to restart Nagios:

# /etc/init.d/nagios restart

Posted Apr 18, 2006
Tagged as: Console_Getopt, Nagios, Net_DNSBL, PEAR, PHP, RBL, SMTP, SPAM

<<< Page 1 of 1 >>>