Powershell script to check IP address for DNSRBL Blacklist (Updated)

3/27/2014 , , 0 Comments

This one of best script I ever wrote, which is to check multiple IP address against DNS Blacklisting providers.
I use this script @ work to monitor the mail platform's IP address (MX records) against Blacklist. A task schedule run this script every hour 24/7.

If the IP address is not blacklisted that output of the script will look like below;
Output of the script when IP is not blacklisted


However if the IP address is blacklisted by any provider the script outputs
Output of the script when IP is blacklisted






I've included ability on the Script to create text log file for auditing. By Default the log files sits on the folder where you run the script and it will look like as below;

Log File


Contents of the log file














Download Link at the bottom - NOTES
=======================================================
Created on: 27/03/2014 10:48 p.m.
Updated on: 07/01/2014 10.32 PM
Created by: Balaji - www.askvp.blogspot.com
Modified by : Vinay M
Filename: BlacklistChecker.ps1
=======================================================
.DESCRIPTION
# This script checks the multiple MX records against 80 DNS Blacklist providers, write a log with date & time stamp for auditing purpose and sends email to specified email address
#>
# Feel free to add any missing DNBL
$blacklistServers = @(
'b.barracudacentral.org'
'bl.emailbasura.org'
'bl.spamcannibal.org'
'bl.spamcop.net'
'blackholes.five-ten-sg.com'
'blacklist.woody.ch'
'bogons.cymru.com'
'cbl.abuseat.org'
'cdl.anti-spam.org.cn'
'combined.abuse.ch'
'combined.rbl.msrbl.net'
'db.wpbl.info'
'dnsbl-1.uceprotect.net'
'dnsbl-2.uceprotect.net'
'dnsbl-3.uceprotect.net'
'dnsbl.ahbl.org' # As of Jan 1st 2015 this site no longer provides service of DNSBL.
'dnsbl.cyberlogic.net'
'dnsbl.inps.de'
'dnsbl.sorbs.net'
'drone.abuse.ch'
'drone.abuse.ch'
'duinv.aupads.org'
'dul.dnsbl.sorbs.net'
'dul.ru'
'dyna.spamrats.com'
'dynip.rothen.com'
'http.dnsbl.sorbs.net'
'images.rbl.msrbl.net'
'ips.backscatterer.org'
'ix.dnsbl.manitu.net'
'korea.services.net'
'misc.dnsbl.sorbs.net'
'noptr.spamrats.com'
'ohps.dnsbl.net.au'
'omrs.dnsbl.net.au'
'orvedb.aupads.org'
'osps.dnsbl.net.au'
'osrs.dnsbl.net.au'
'owfs.dnsbl.net.au'
'owps.dnsbl.net.au'
'pbl.spamhaus.org'
'phishing.rbl.msrbl.net'
'probes.dnsbl.net.au'
'proxy.bl.gweep.ca'
'proxy.block.transip.nl'
'psbl.surriel.com'
'rbl.interserver.net'
'rbl.megarbl.net'
'rdts.dnsbl.net.au'
'relays.bl.gweep.ca'
'relays.bl.kundenserver.de'
'relays.nether.net'
'residential.block.transip.nl'
'ricn.dnsbl.net.au'
'rmst.dnsbl.net.au'
'sbl.spamhaus.org'
'short.rbl.jp'
'smtp.dnsbl.sorbs.net'
'socks.dnsbl.sorbs.net'
'spam.abuse.ch'
'spam.dnsbl.sorbs.net'
'spam.rbl.msrbl.net'
'spam.spamrats.com'
'spamlist.or.kr'
'spamrbl.imp.ch'
't3direct.dnsbl.net.au'
'tor.ahbl.org'
'tor.dnsbl.sectoor.de'
'torserver.tor.dnsbl.sectoor.de'
'ubl.lashback.com'
'ubl.unsubscore.com'
'virbl.bit.nl'
'virus.rbl.jp'
'virus.rbl.msrbl.net'
'web.dnsbl.sorbs.net'
'wormrbl.imp.ch'
'xbl.spamhaus.org'
'zen.spamhaus.org'
'zombie.dnsbl.sorbs.net'
)
# Array of IP addresses if you need to check against multiple MX records for your domain.
$IPlist = @(
'72.167.238.201' # smtp.secureserver.net
'203.57.145.30' # mx1.akl.trademe.co.nz
)
foreach ($IP in $IPList) {
# This function writes output to a log file "Check_Blacklist_Providers_IP"
function log ($string) {
(date -format "HH:mm:sstt, dd MMM yyyy | ") + $string | Out-file ".\Check_Blacklist_Providers_$IP.log" -a -en ASCII
Write-Output $string
}
$reversedIP = ($IP -split '\.')[3..0] -join '.'
$blacklistedOn = @()
foreach ($server in $blacklistServers) {
$fqdn = "$reversedIP.$server"
try
{
$null = [System.Net.Dns]::GetHostEntry($fqdn)
$blacklistedOn += $server
}
catch { }
}
if ($blacklistedOn.Count -gt 0) {
log (write-output "$IP blacklisted on the following servers: $($blacklistedOn -join ', ')")
# variable store value sent by the $blackliston
$finaltext = "$IP is blacklisted on the following servers: $($blacklistedOn -join ', ')"
# This one line which sent email of the output.
Send-MailMessage -To "emailaddresswhereyouwant@themailtoarrive.com" -From "fromemail@address.com" -Subject "$IP detected on a DNS Blacklist" -Body $finaltext -SmtpServer "Your SMTP Address goes here" -BodyAsHtml
}
else {log (Write-Output "$IP is OK")}
}




You can downloaded script as as txt file from this link.

Would love to hear feed back if you have... If you like the script please leave comments.

0 comments :