source: trunk/dnsbl/export-dnsbl@ 69

Last change on this file since 69 was 69, checked in by Kris Deugau, 6 years ago

/trunk/dnsbl

  • Accumulated fixes and tweaks from production
  • Add FindBin to a couple of scripts to make them more portable; they no longer need to be run from the directory they're in, or have system-specific paths hardcoded in either "use lib" or a -I argument
  • Property svn:executable set to *
  • Property svn:keywords set to Date Rev Author Id
File size: 4.7 KB
Line 
1#!/usr/bin/perl
2# Export DNSBL data
3##
4# $Id: export-dnsbl 69 2018-07-19 21:03:38Z kdeugau $
5# Copyright 2009-2012,2014,2018 Kris Deugau <kdeugau@deepnet.cx>
6#
7# This program is free software: you can redistribute it and/or modify
8# it under the terms of the GNU General Public License as published by
9# the Free Software Foundation, either version 3 of the License, or
10# (at your option) any later version.
11#
12# This program is distributed in the hope that it will be useful,
13# but WITHOUT ANY WARRANTY; without even the implied warranty of
14# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15# GNU General Public License for more details.
16#
17# You should have received a copy of the GNU General Public License
18# along with this program. If not, see <http://www.gnu.org/licenses/>.
19##
20
21use strict;
22use warnings;
23use DBI;
24
25# push "the directory the script is in" into @INC
26use FindBin;
27use lib "$FindBin::RealBin/";
28
29use DNSBL 2.2;
30
31my $dnsbl = new DNSBL;
32
33# default DB info - all other settings should be loaded from the DB.
34my $dbhost = "localhost";
35my $dbname = "dnsbl";
36my $dbuser = "dnsbl";
37my $dbpass = "spambgone";
38
39die "Need config argument\n" if !$ARGV[0];
40my $cfgname = shift @ARGV;
41
42# Load a config ref containing DB host, name, user, and pass info based on
43# from the server name + full script web path. This allows us to host
44# multiple instances without having to duplicate the code.
45# This file is a Perl fragment to be processed inline.
46if (-e "/etc/dnsbl/$cfgname.conf") {
47 my $cfg = `cat /etc/dnsbl/$cfgname.conf`;
48 ($cfg) = ($cfg =~ /^(.+)$/s); # avoid warnings, failures, and general nastiness with taint mode
49 eval $cfg;
50}
51
52my $dbh = $dnsbl->connect($dbhost, $dbname, $dbuser, $dbpass);
53
54my %config;
55my $sth = $dbh->prepare("SELECT key,value FROM misc");
56$sth->execute;
57while (my ($key,$value) = $sth->fetchrow_array) {
58 $config{$key} = $value;
59}
60
61my %iplist;
62my $ipref = \%iplist;
63
64my $mode = $ARGV[0] || 'tiny';
65
66$dnsbl->initexport;
67#$dnsbl->export($ipref,$mode,1,'50.22.0.0/15');
68$dnsbl->export($ipref,$mode);
69
70##fixme - mode should pick actual output, not just export mode
71if ($mode eq 'cidr') {
72 # SOA, NS records. Maybe dnscache needs them?
73 print "\$SOA 900 ".($config{blzone} ? $config{blzone} : 'company.dnsbl')." ".
74 ($config{bladmin} ? $config{bladmin} : 'systems.company.com')." 0 1200 600 600 900\n".
75 "\$NS 3600 127.0.0.1\n".
76 "\$TTL ".($config{ttl} ? $config{ttl} : '900')."\n";
77
78 # more or less raw CIDR block-and-IP info. rbldnsd format for convenience.
79 foreach (sort ipcmp keys %iplist) {
80 my $entry;
81 if ($iplist{$_} == -1) {
82 print "!$_\n";
83 next;
84 }
85 if ($iplist{$_} >= 256) {
86 if ($iplist{$_} >= 65536) {
87 $entry .= int($iplist{$_}/65536).".";
88 $iplist{$_} = $iplist{$_} % 65536;
89 } else {
90 $entry .= "0.";
91 }
92 $entry .= int($iplist{$_}/256).".";
93 $iplist{$_} = $iplist{$_} % 256;
94 } else {
95 $entry .= "0.0.";
96 }
97 $entry .= $iplist{$_};
98 my $out = "$_:127.$entry:".
99 ($iplist{$_} & 2 ?
100 ($config{iplisted} ? $config{iplisted} : '$ relayed a reported spam') :
101 ($config{blocklisted} ? $config{blocklisted} : 'Netblock listed on one or more criteria')
102 )."\n";
103 $out =~ s/:ENTITY:/$_/;
104 print $out;
105 }
106} else {
107 # default "mode"; tinyDNS data format
108 foreach (sort ipcmp keys %iplist) {
109 my $entry;
110 if ($iplist{$_} > 256) {
111 if ($iplist{$_} > 65536) {
112 $entry .= int($iplist{$_}/65536).".";
113 $iplist{$_} = $iplist{$_} % 65536;
114 } else {
115 $entry .= "0.";
116 }
117 $entry .= int($iplist{$_}/256).".";
118 $iplist{$_} = $iplist{$_} % 256;
119 } else {
120 $entry .= "0.0.";
121 }
122 $entry .= $iplist{$_};
123 my ($o1,$o2,$o3,$o4) = (/^(\d+)\.([\d*]+)(?:\.([\d*]+)(?:\.([\d*]+))?)?$/);
124 print "+".(defined($o4) ? "$o4." : '').(defined($o3) ? "$o3." : '').(defined($o2) ? "$o2." : '').
125 "$o1.".($config{blzone} ? $config{blzone} : 'spamhosts.company.dnsbl').":127.0.0.$entry:".
126 ($config{ttl} ? $config{ttl} : '900').":::\n";
127 }
128}
129
130exit 0;
131
132# IP address comparison sub
133sub ipcmp {
134 my ($a1,$a2,$a3,$a4,$a5) = ($a =~ /^(\d+)\.([\d*]+)(?:\.([\d*]+)(?:\.([\d*]+))?)?(?:\/(\d+))?$/);
135 my ($b1,$b2,$b3,$b4,$b5) = ($b =~ /^(\d+)\.([\d*]+)(?:\.([\d*]+)(?:\.([\d*]+))?)?(?:\/(\d+))?$/);
136# le sigh. knew it wasn't going to be simple...
137 $b2 = -1 if $b2 && $b2 eq '*';
138 $b3 = -1 if $b3 && $b3 eq '*';
139 $b4 = -1 if $b4 && $b4 eq '*';
140 $b5 = 128 if !defined($b5);
141 $a2 = -1 if $a2 && $a2 eq '*';
142 $a3 = -1 if $a3 && $a3 eq '*';
143 $a4 = -1 if $a4 && $a4 eq '*';
144 $a5 = 128 if !defined($a5);
145 return 1 if $a1 > $b1;
146 return -1 if $a1 < $b1;
147 return 1 if $a2 > $b2;
148 return -1 if $a2 < $b2;
149 return 1 if $a3 > $b3;
150 return -1 if $a3 < $b3;
151 return 1 if $a4 > $b4;
152 return -1 if $a4 < $b4;
153 return 1 if $a5 > $b5;
154 return -1 if $a5 < $b5;
155 return 0;
156}
Note: See TracBrowser for help on using the repository browser.