source: trunk/dnsbl/export-dnsbl@ 66

Last change on this file since 66 was 66, checked in by Kris Deugau, 6 years ago

/trunk/dnsbl

Add exclusion flagging and block-comment handling to IP list tools. Exclusion
flags can be set or unset on each submit; netblock comments can be added,
updated, or removed (or at least "set empty") on each submit.

Note this is focused on the CIDR (rbldnsd) export format, and may produce
excitingly weird results with the default "classful"/tinydns mode.
  • Property svn:executable set to *
  • Property svn:keywords set to Date Rev Author Id
File size: 4.6 KB
Line 
1#!/usr/bin/perl
2# Export DNSBL data
3##
4# $Id: export-dnsbl 66 2018-01-05 23:06:47Z kdeugau $
5# Copyright 2009-2011 Kris Deugau <kdeugau@deepnet.cx>
6#
7# This program is free software: you can redistribute it and/or modify
8# it under the terms of the GNU General Public License as published by
9# the Free Software Foundation, either version 3 of the License, or
10# (at your option) any later version.
11#
12# This program is distributed in the hope that it will be useful,
13# but WITHOUT ANY WARRANTY; without even the implied warranty of
14# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15# GNU General Public License for more details.
16#
17# You should have received a copy of the GNU General Public License
18# along with this program. If not, see <http://www.gnu.org/licenses/>.
19##
20
21use strict;
22use warnings;
23use DBI;
24
25use DNSBL;
26
27my $dnsbl = new DNSBL;
28
29# default DB info - all other settings should be loaded from the DB.
30my $dbhost = "localhost";
31my $dbname = "dnsbl";
32my $dbuser = "dnsbl";
33my $dbpass = "spambgone";
34
35die "Need config argument\n" if !$ARGV[0];
36my $cfgname = shift @ARGV;
37
38# Load a config ref containing DB host, name, user, and pass info based on
39# from the server name + full script web path. This allows us to host
40# multiple instances without having to duplicate the code.
41# This file is a Perl fragment to be processed inline.
42if (-e "/etc/dnsbl/$cfgname.conf") {
43 my $cfg = `cat /etc/dnsbl/$cfgname.conf`;
44 ($cfg) = ($cfg =~ /^(.+)$/s); # avoid warnings, failures, and general nastiness with taint mode
45 eval $cfg;
46}
47
48my $dbh = $dnsbl->connect($dbhost, $dbname, $dbuser, $dbpass);
49
50my %config;
51my $sth = $dbh->prepare("SELECT key,value FROM misc");
52$sth->execute;
53while (my ($key,$value) = $sth->fetchrow_array) {
54 $config{$key} = $value;
55}
56
57my %iplist;
58my $ipref = \%iplist;
59
60my $mode = $ARGV[0] || 'tiny';
61
62$dnsbl->initexport;
63#$dnsbl->export($ipref,$mode,1,'50.22.0.0/15');
64$dnsbl->export($ipref,$mode);
65
66##fixme - mode should pick actual output, not just export mode
67if ($mode eq 'cidr') {
68 # SOA, NS records. Maybe dnscache needs them?
69 print "\$SOA 900 ".($config{blzone} ? $config{blzone} : 'company.dnsbl')." ".
70 ($config{bladmin} ? $config{bladmin} : 'systems.company.com')." 0 1200 600 600 900\n".
71 "\$NS 3600 127.0.0.1\n".
72 "\$TTL ".($config{ttl} ? $config{ttl} : '900')."\n";
73
74 # more or less raw CIDR block-and-IP info. rbldnsd format for convenience.
75 foreach (sort ipcmp keys %iplist) {
76 my $entry;
77 if ($iplist{$_} == -1) {
78 print "!$_\n";
79 next;
80 }
81 if ($iplist{$_} >= 256) {
82 if ($iplist{$_} >= 65536) {
83 $entry .= int($iplist{$_}/65536).".";
84 $iplist{$_} = $iplist{$_} % 65536;
85 } else {
86 $entry .= "0.";
87 }
88 $entry .= int($iplist{$_}/256).".";
89 $iplist{$_} = $iplist{$_} % 256;
90 } else {
91 $entry .= "0.0.";
92 }
93 $entry .= $iplist{$_};
94 my $out = "$_:127.$entry:".
95 ($iplist{$_} & 2 ?
96 ($config{iplisted} ? $config{iplisted} : '$ relayed a reported spam') :
97 ($config{blocklisted} ? $config{blocklisted} : 'Netblock listed on one or more criteria')
98 )."\n";
99 $out =~ s/:ENTITY:/$_/;
100 print $out;
101 }
102} else {
103 # default "mode"; tinyDNS data format
104 foreach (sort ipcmp keys %iplist) {
105 my $entry;
106 if ($iplist{$_} > 256) {
107 if ($iplist{$_} > 65536) {
108 $entry .= int($iplist{$_}/65536).".";
109 $iplist{$_} = $iplist{$_} % 65536;
110 } else {
111 $entry .= "0.";
112 }
113 $entry .= int($iplist{$_}/256).".";
114 $iplist{$_} = $iplist{$_} % 256;
115 } else {
116 $entry .= "0.0.";
117 }
118 $entry .= $iplist{$_};
119 my ($o1,$o2,$o3,$o4) = (/^(\d+)\.([\d*]+)(?:\.([\d*]+)(?:\.([\d*]+))?)?$/);
120 print "+".(defined($o4) ? "$o4." : '').(defined($o3) ? "$o3." : '').(defined($o2) ? "$o2." : '').
121 "$o1.".($config{blzone} ? $config{blzone} : 'spamhosts.company.dnsbl').":127.0.0.$entry:".
122 ($config{ttl} ? $config{ttl} : '900').":::\n";
123 }
124}
125
126exit 0;
127
128# IP address comparison sub
129sub ipcmp {
130 my ($a1,$a2,$a3,$a4,$a5) = ($a =~ /^(\d+)\.([\d*]+)(?:\.([\d*]+)(?:\.([\d*]+))?)?(?:\/(\d+))?$/);
131 my ($b1,$b2,$b3,$b4,$b5) = ($b =~ /^(\d+)\.([\d*]+)(?:\.([\d*]+)(?:\.([\d*]+))?)?(?:\/(\d+))?$/);
132# le sigh. knew it wasn't going to be simple...
133 $b2 = -1 if $b2 && $b2 eq '*';
134 $b3 = -1 if $b3 && $b3 eq '*';
135 $b4 = -1 if $b4 && $b4 eq '*';
136 $b5 = 128 if !defined($b5);
137 $a2 = -1 if $a2 && $a2 eq '*';
138 $a3 = -1 if $a3 && $a3 eq '*';
139 $a4 = -1 if $a4 && $a4 eq '*';
140 $a5 = 128 if !defined($a5);
141 return 1 if $a1 > $b1;
142 return -1 if $a1 < $b1;
143 return 1 if $a2 > $b2;
144 return -1 if $a2 < $b2;
145 return 1 if $a3 > $b3;
146 return -1 if $a3 < $b3;
147 return 1 if $a4 > $b4;
148 return -1 if $a4 < $b4;
149 return 1 if $a5 > $b5;
150 return -1 if $a5 < $b5;
151 return 0;
152}
Note: See TracBrowser for help on using the repository browser.