Router Blackhole List - testiskripti
Tästä joko näppärästi mailiserverin perään filtteriksi tai kääri komponentiksi ja aja vasten mailiakkountteja.
Asenna ensin aspdnsx. Helppoa kuin heinänteko. Ohjeistusta osoitteesta http://www.internext.co.za/stefan/aspdnsx/
Copypaste alta soveltuvaan tiedostoon, tyyliin rbl.vbs
Komentorivillä sitten "CSCRIPT rbl.vbs [tiedostonimi]". Paluukoodi paljastaa osuiko (Jos ReverseCodes on True, nolla kertoo että spammia, ykkönen tai muu kertoo että ei ollut tahi skripti kaatui nenälleen). Jos aiot tunkata mailiserverin perään, käytännössä external executables tyypillisesti vaatii .BAT-tiedoston (eivät osaa suoraan ajaa vbs:ää). Sisältö noin suunnilleen (rbl.bat):
CSCRIPT rbl.vbs %1
(ja siinä se.)
' RBLTest.vbs v. 0.2
' (C) 2003 PLZI
Option Explicit
Const ForReading = 1
Const ForAppend = 8
Dim oArgs
Dim SafeServers, RBLServers,DNSServer
Dim RBLCount
Dim MailFile
Dim LogFileName, SessionStart
Dim SpamFound
Dim ReverseCodes, CodeErrorOrNoSpam, CodeSpamFound
Dim LogFso, LogTs
Dim CopyDir
Dim ExitWhenFound
Dim ToScreen
Dim dummy
'
' Settings for the script
'
' Local addresses to be skipped
SafeServers = "[127.0.0.1],[192.168.111.5],[195.156.165.6],[131.177.74.186],"
SafeServers = SafeServers & "[131.177.121.200],[131.177.130.26],[131.177.130.22]"
' RBL Server list to be used
RBLServers = Array("bl.spamcop.net","orbs.dorkslayers.com")
' DNS Server
DNSServer="192.168.111.1"
' Where to put the log
LogFileName="c:\rbltest.log"
' Where to copy the spam files
CopyDir="c:\mailserver\spam\"
' Exit with spamfound when first RBL match is found?
ExitWhenFound=True
' Reverse the exit codes? (Merak uses filter settings where 0 means blocking)
ReverseCodes=True
' Where to put the output, to log file or to screen?
ToScreen=True
If ReverseCodes Then
CodeErrorOrNoSpam=1
CodeSpamFound=0
Else
CodeErrorOrNoSpam=0
CodeSpamFound=1
End If
SpamFound=False
RBLCount = UBound(RBLServers)
SessionStart="[" & Date & " " & Time &"] - Program started"
Set LogFso = CreateObject("Scripting.FileSystemObject")
Set LogTs = LogFso.OpenTextFile(LogFileName, ForAppend, True)
WriteLog SessionStart
Set oArgs=WScript.Arguments
If oArgs.Count = 0 Then
WriteLog VbTab & "file name argument missing - exiting with code " _
& CodeErrorOrNoSpam
Logts.close
WScript.Quit (CodeErrorOrNoSpam)
Else
MailFile=oArgs(0)
Main
End If
If SpamFound Then
dummy = copyto(MailFile)
WriteLog "- end run with exit code " & CodeSpamFound & VbCrLf
Logts.close
WScript.Quit (CodeSpamFound)
Else
WriteLog "- end run with exit code " & CodeErrorOrNoSpam & VbCrLf
Logts.close
WScript.Quit (CodeErrorOrNoSpam)
End if
Sub Main
Dim RBLTest
Dim F,T
Dim dictIP
Dim Headers
Dim IPKeys, IPKeyCount
Dim OneKey
WriteLog VbTab & "Reading addresses from '" & MailFile & "'"
Headers = RipHeader(MailFile)
Set dictIP = RegExpTest("\[[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+\]",Headers)
WriteLog VbTab & dictIP.Count & " unique addresses found."
IPKeys=dictIP.Keys
IPKeyCount=UBound(IPKeys)
If IPKeyCount>-1 Then
For T=0 To RBLCount
WriteLog VBTab & "testing against " & RBLServers(T)
For F = IPKeyCount to 0 Step -1
OneKey=CStr(IPKeys(F))
If Instr(SafeServers,OneKey) Then
WriteLog VbTab & OneKey & " is a local address-skipped"
Else
RBLTest=CreateRBL(OneKey,RBLServers(T))
If IsListed(RBLTest) Then
SpamFound=True
WriteLog "***" & VbTab & OneKey & " is listed in RBL!"
If ExitWhenFound Then
WriteLog VbTab & "stop processing (ExitWhenFound true)"
Exit For
End If
Else
WriteLog VbTab & OneKey & " (no match)"
End If
End If
Next
If SpamFound And ExitWhenFound Then Exit For
Next
Else
Writelog VBTab & "No addresses to test!"
End If
End Sub
Function WriteLog(byval temp)
If ToScreen then
WScript.Echo temp
Else
Logts.WriteLine temp
End If
End Function
' Check if address is listed in RBL(s)
Function IsListed (byval Check)
Dim objDNS,Response
Set objDNS = CreateObject("ASPDNSX.RealDNSLookup")
objDNS.DNSServer = DNSServer
objDNS.TimeOut = 10000
Response = objDNS.GetIPFromName(Check)
If Len(Response) = 0 Then
IsListed=False
Else
IsListed=True
End If
Set objDNS = Nothing
End Function
' Rip header from file
Function RipHeader(byval filename)
Dim fso, f1, ts, Line, Output, EndHeaders
Set fso = CreateObject("Scripting.FileSystemObject")
Set ts = fso.OpenTextFile(FileName, ForReading)
EndHeaders=False
Do Until ts.AtEndOfStream or EndHeaders
Line = ts.ReadLine
Output=Output & Line & VbCrLf
if Trim(Line)="" Then
EndHeaders=True
End If
Loop
ts.Close
RipHeader=Output
End Function
' List all IP's in data
Function RegExpTest(patrn, strng)
Dim regEx, Match, Matches
Dim dictIP
Set dictIP=CreateObject("Scripting.Dictionary")
Set regEx = New RegExp
regEx.Pattern = patrn
regEx.IgnoreCase = True
regEx.Global = True
Set Matches = regEx.Execute(strng)
For Each Match in Matches
If Not(dictIP.Exists(Match.Value)) Then ' remove duplicates
dictIP.Add Match.Value,Match.FirstIndex
End If
Next
Set RegExpTest = dictIP
End Function
' Create RBL FQDN from enclosed IP
Function CreateRBL (byval ip, byval RBL)
Dim IPElements, NewIP, F
ip=Replace(ip,"[","")
ip=Replace(ip,"]","")
IPElements=Split(ip,".")
For F=UBound(IPElements) to 0 Step -1
NewIP=NewIP & IPElements(F) & "."
Next
CreateRBL=NewIP & RBL
End Function
Function CopyTo (byval file)
Dim fso, f2
Dim LastSlash, BareFile, NewName
LastSlash = InstrRev(file,"\")
BareFile = mid(file,LastSlash+1)
NewName = CopyDir & BareFile & ".spam.txt"
WriteLog VbTab & " copying to name " & NewName
Set fso = CreateObject("Scripting.FileSystemObject")
Set f2 = fso.GetFile(file)
f2.Copy (NewName)
Set fso=Nothing
End Function