source: trunk/dnsbl/export-dnsbl@ 67

Last change on this file since 67 was 67, checked in by Kris Deugau, 6 years ago

/trunk/dnsbl

Review and update copyright dates on DNSBL.pm, DNSBLweb.pm, browse.cgi,

delist-ip, dnsbl.cgi, and export-dnsbl. Also add a version requirement
on DNSBL.pm in any callers.

Update browse.cgi with limited search and some operational-sanity boundaries

instead of blindly barfing out the entire dataset, requiring code changes
to view only a subset of data.
  • Property svn:executable set to *
  • Property svn:keywords set to Date Rev Author Id
File size: 4.6 KB
Line 
1#!/usr/bin/perl
2# Export DNSBL data
3##
4# $Id: export-dnsbl 67 2018-01-09 23:12:13Z kdeugau $
5# Copyright 2009-2012,2014,2018 Kris Deugau <kdeugau@deepnet.cx>
6#
7# This program is free software: you can redistribute it and/or modify
8# it under the terms of the GNU General Public License as published by
9# the Free Software Foundation, either version 3 of the License, or
10# (at your option) any later version.
11#
12# This program is distributed in the hope that it will be useful,
13# but WITHOUT ANY WARRANTY; without even the implied warranty of
14# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15# GNU General Public License for more details.
16#
17# You should have received a copy of the GNU General Public License
18# along with this program. If not, see <http://www.gnu.org/licenses/>.
19##
20
21use strict;
22use warnings;
23use DBI;
24
25use DNSBL 2.2;
26
27my $dnsbl = new DNSBL;
28
29# default DB info - all other settings should be loaded from the DB.
30my $dbhost = "localhost";
31my $dbname = "dnsbl";
32my $dbuser = "dnsbl";
33my $dbpass = "spambgone";
34
35die "Need config argument\n" if !$ARGV[0];
36my $cfgname = shift @ARGV;
37
38# Load a config ref containing DB host, name, user, and pass info based on
39# from the server name + full script web path. This allows us to host
40# multiple instances without having to duplicate the code.
41# This file is a Perl fragment to be processed inline.
42if (-e "/etc/dnsbl/$cfgname.conf") {
43 my $cfg = `cat /etc/dnsbl/$cfgname.conf`;
44 ($cfg) = ($cfg =~ /^(.+)$/s); # avoid warnings, failures, and general nastiness with taint mode
45 eval $cfg;
46}
47
48my $dbh = $dnsbl->connect($dbhost, $dbname, $dbuser, $dbpass);
49
50my %config;
51my $sth = $dbh->prepare("SELECT key,value FROM misc");
52$sth->execute;
53while (my ($key,$value) = $sth->fetchrow_array) {
54 $config{$key} = $value;
55}
56
57my %iplist;
58my $ipref = \%iplist;
59
60my $mode = $ARGV[0] || 'tiny';
61
62$dnsbl->initexport;
63#$dnsbl->export($ipref,$mode,1,'50.22.0.0/15');
64$dnsbl->export($ipref,$mode);
65
66##fixme - mode should pick actual output, not just export mode
67if ($mode eq 'cidr') {
68 # SOA, NS records. Maybe dnscache needs them?
69 print "\$SOA 900 ".($config{blzone} ? $config{blzone} : 'company.dnsbl')." ".
70 ($config{bladmin} ? $config{bladmin} : 'systems.company.com')." 0 1200 600 600 900\n".
71 "\$NS 3600 127.0.0.1\n".
72 "\$TTL ".($config{ttl} ? $config{ttl} : '900')."\n";
73
74 # more or less raw CIDR block-and-IP info. rbldnsd format for convenience.
75 foreach (sort ipcmp keys %iplist) {
76 my $entry;
77 if ($iplist{$_} == -1) {
78 print "!$_\n";
79 next;
80 }
81 if ($iplist{$_} >= 256) {
82 if ($iplist{$_} >= 65536) {
83 $entry .= int($iplist{$_}/65536).".";
84 $iplist{$_} = $iplist{$_} % 65536;
85 } else {
86 $entry .= "0.";
87 }
88 $entry .= int($iplist{$_}/256).".";
89 $iplist{$_} = $iplist{$_} % 256;
90 } else {
91 $entry .= "0.0.";
92 }
93 $entry .= $iplist{$_};
94 my $out = "$_:127.$entry:".
95 ($iplist{$_} & 2 ?
96 ($config{iplisted} ? $config{iplisted} : '$ relayed a reported spam') :
97 ($config{blocklisted} ? $config{blocklisted} : 'Netblock listed on one or more criteria')
98 )."\n";
99 $out =~ s/:ENTITY:/$_/;
100 print $out;
101 }
102} else {
103 # default "mode"; tinyDNS data format
104 foreach (sort ipcmp keys %iplist) {
105 my $entry;
106 if ($iplist{$_} > 256) {
107 if ($iplist{$_} > 65536) {
108 $entry .= int($iplist{$_}/65536).".";
109 $iplist{$_} = $iplist{$_} % 65536;
110 } else {
111 $entry .= "0.";
112 }
113 $entry .= int($iplist{$_}/256).".";
114 $iplist{$_} = $iplist{$_} % 256;
115 } else {
116 $entry .= "0.0.";
117 }
118 $entry .= $iplist{$_};
119 my ($o1,$o2,$o3,$o4) = (/^(\d+)\.([\d*]+)(?:\.([\d*]+)(?:\.([\d*]+))?)?$/);
120 print "+".(defined($o4) ? "$o4." : '').(defined($o3) ? "$o3." : '').(defined($o2) ? "$o2." : '').
121 "$o1.".($config{blzone} ? $config{blzone} : 'spamhosts.company.dnsbl').":127.0.0.$entry:".
122 ($config{ttl} ? $config{ttl} : '900').":::\n";
123 }
124}
125
126exit 0;
127
128# IP address comparison sub
129sub ipcmp {
130 my ($a1,$a2,$a3,$a4,$a5) = ($a =~ /^(\d+)\.([\d*]+)(?:\.([\d*]+)(?:\.([\d*]+))?)?(?:\/(\d+))?$/);
131 my ($b1,$b2,$b3,$b4,$b5) = ($b =~ /^(\d+)\.([\d*]+)(?:\.([\d*]+)(?:\.([\d*]+))?)?(?:\/(\d+))?$/);
132# le sigh. knew it wasn't going to be simple...
133 $b2 = -1 if $b2 && $b2 eq '*';
134 $b3 = -1 if $b3 && $b3 eq '*';
135 $b4 = -1 if $b4 && $b4 eq '*';
136 $b5 = 128 if !defined($b5);
137 $a2 = -1 if $a2 && $a2 eq '*';
138 $a3 = -1 if $a3 && $a3 eq '*';
139 $a4 = -1 if $a4 && $a4 eq '*';
140 $a5 = 128 if !defined($a5);
141 return 1 if $a1 > $b1;
142 return -1 if $a1 < $b1;
143 return 1 if $a2 > $b2;
144 return -1 if $a2 < $b2;
145 return 1 if $a3 > $b3;
146 return -1 if $a3 < $b3;
147 return 1 if $a4 > $b4;
148 return -1 if $a4 < $b4;
149 return 1 if $a5 > $b5;
150 return -1 if $a5 < $b5;
151 return 0;
152}
Note: See TracBrowser for help on using the repository browser.