source: trunk/dnsbl/export-dnsbl@ 67

Last change on this file since 67 was 67, checked in by Kris Deugau, 6 years ago

/trunk/dnsbl

Review and update copyright dates on DNSBL.pm, DNSBLweb.pm, browse.cgi,

delist-ip, dnsbl.cgi, and export-dnsbl. Also add a version requirement
on DNSBL.pm in any callers.

Update browse.cgi with limited search and some operational-sanity boundaries

instead of blindly barfing out the entire dataset, requiring code changes
to view only a subset of data.
  • Property svn:executable set to *
  • Property svn:keywords set to Date Rev Author Id
File size: 4.6 KB
RevLine 
[2]1#!/usr/bin/perl
2# Export DNSBL data
[40]3##
4# $Id: export-dnsbl 67 2018-01-09 23:12:13Z kdeugau $
[67]5# Copyright 2009-2012,2014,2018 Kris Deugau <kdeugau@deepnet.cx>
[40]6#
7# This program is free software: you can redistribute it and/or modify
8# it under the terms of the GNU General Public License as published by
9# the Free Software Foundation, either version 3 of the License, or
10# (at your option) any later version.
11#
12# This program is distributed in the hope that it will be useful,
13# but WITHOUT ANY WARRANTY; without even the implied warranty of
14# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15# GNU General Public License for more details.
16#
17# You should have received a copy of the GNU General Public License
18# along with this program. If not, see <http://www.gnu.org/licenses/>.
19##
[2]20
21use strict;
22use warnings;
23use DBI;
24
[67]25use DNSBL 2.2;
[2]26
27my $dnsbl = new DNSBL;
28
[25]29# default DB info - all other settings should be loaded from the DB.
30my $dbhost = "localhost";
31my $dbname = "dnsbl";
32my $dbuser = "dnsbl";
33my $dbpass = "spambgone";
[2]34
[25]35die "Need config argument\n" if !$ARGV[0];
36my $cfgname = shift @ARGV;
37
38# Load a config ref containing DB host, name, user, and pass info based on
39# from the server name + full script web path. This allows us to host
40# multiple instances without having to duplicate the code.
41# This file is a Perl fragment to be processed inline.
42if (-e "/etc/dnsbl/$cfgname.conf") {
43 my $cfg = `cat /etc/dnsbl/$cfgname.conf`;
44 ($cfg) = ($cfg =~ /^(.+)$/s); # avoid warnings, failures, and general nastiness with taint mode
45 eval $cfg;
46}
47
48my $dbh = $dnsbl->connect($dbhost, $dbname, $dbuser, $dbpass);
49
[29]50my %config;
51my $sth = $dbh->prepare("SELECT key,value FROM misc");
52$sth->execute;
53while (my ($key,$value) = $sth->fetchrow_array) {
54 $config{$key} = $value;
55}
56
[2]57my %iplist;
58my $ipref = \%iplist;
59
[3]60my $mode = $ARGV[0] || 'tiny';
[2]61
[23]62$dnsbl->initexport;
[32]63#$dnsbl->export($ipref,$mode,1,'50.22.0.0/15');
[3]64$dnsbl->export($ipref,$mode);
[2]65
66##fixme - mode should pick actual output, not just export mode
67if ($mode eq 'cidr') {
[7]68 # SOA, NS records. Maybe dnscache needs them?
[38]69 print "\$SOA 900 ".($config{blzone} ? $config{blzone} : 'company.dnsbl')." ".
70 ($config{bladmin} ? $config{bladmin} : 'systems.company.com')." 0 1200 600 600 900\n".
[7]71 "\$NS 3600 127.0.0.1\n".
[43]72 "\$TTL ".($config{ttl} ? $config{ttl} : '900')."\n";
[7]73
[6]74 # more or less raw CIDR block-and-IP info. rbldnsd format for convenience.
[2]75 foreach (sort ipcmp keys %iplist) {
[37]76 my $entry;
[66]77 if ($iplist{$_} == -1) {
78 print "!$_\n";
79 next;
80 }
[43]81 if ($iplist{$_} >= 256) {
82 if ($iplist{$_} >= 65536) {
[37]83 $entry .= int($iplist{$_}/65536).".";
84 $iplist{$_} = $iplist{$_} % 65536;
85 } else {
86 $entry .= "0.";
87 }
88 $entry .= int($iplist{$_}/256).".";
89 $iplist{$_} = $iplist{$_} % 256;
90 } else {
91 $entry .= "0.0.";
92 }
93 $entry .= $iplist{$_};
94 my $out = "$_:127.$entry:".
[34]95 ($iplist{$_} & 2 ?
[29]96 ($config{iplisted} ? $config{iplisted} : '$ relayed a reported spam') :
97 ($config{blocklisted} ? $config{blocklisted} : 'Netblock listed on one or more criteria')
98 )."\n";
[34]99 $out =~ s/:ENTITY:/$_/;
100 print $out;
[2]101 }
102} else {
[43]103 # default "mode"; tinyDNS data format
[2]104 foreach (sort ipcmp keys %iplist) {
[37]105 my $entry;
106 if ($iplist{$_} > 256) {
107 if ($iplist{$_} > 65536) {
108 $entry .= int($iplist{$_}/65536).".";
109 $iplist{$_} = $iplist{$_} % 65536;
110 } else {
111 $entry .= "0.";
112 }
113 $entry .= int($iplist{$_}/256).".";
114 $iplist{$_} = $iplist{$_} % 256;
115 } else {
116 $entry .= "0.0.";
117 }
118 $entry .= $iplist{$_};
[2]119 my ($o1,$o2,$o3,$o4) = (/^(\d+)\.([\d*]+)(?:\.([\d*]+)(?:\.([\d*]+))?)?$/);
120 print "+".(defined($o4) ? "$o4." : '').(defined($o3) ? "$o3." : '').(defined($o2) ? "$o2." : '').
[53]121 "$o1.".($config{blzone} ? $config{blzone} : 'spamhosts.company.dnsbl').":127.0.0.$entry:".
[43]122 ($config{ttl} ? $config{ttl} : '900').":::\n";
[2]123 }
124}
125
126exit 0;
127
128# IP address comparison sub
129sub ipcmp {
130 my ($a1,$a2,$a3,$a4,$a5) = ($a =~ /^(\d+)\.([\d*]+)(?:\.([\d*]+)(?:\.([\d*]+))?)?(?:\/(\d+))?$/);
131 my ($b1,$b2,$b3,$b4,$b5) = ($b =~ /^(\d+)\.([\d*]+)(?:\.([\d*]+)(?:\.([\d*]+))?)?(?:\/(\d+))?$/);
132# le sigh. knew it wasn't going to be simple...
133 $b2 = -1 if $b2 && $b2 eq '*';
134 $b3 = -1 if $b3 && $b3 eq '*';
135 $b4 = -1 if $b4 && $b4 eq '*';
136 $b5 = 128 if !defined($b5);
137 $a2 = -1 if $a2 && $a2 eq '*';
138 $a3 = -1 if $a3 && $a3 eq '*';
139 $a4 = -1 if $a4 && $a4 eq '*';
140 $a5 = 128 if !defined($a5);
141 return 1 if $a1 > $b1;
142 return -1 if $a1 < $b1;
143 return 1 if $a2 > $b2;
144 return -1 if $a2 < $b2;
145 return 1 if $a3 > $b3;
146 return -1 if $a3 < $b3;
147 return 1 if $a4 > $b4;
148 return -1 if $a4 < $b4;
149 return 1 if $a5 > $b5;
150 return -1 if $a5 < $b5;
151 return 0;
152}
Note: See TracBrowser for help on using the repository browser.