Checking Blacklisted MTAs with CentOS + check bl
From Nagios Wiki
Contents |
[edit] Purpose
This HOWTO shows how to install and use the Nagios check_bl plugin on CentOS and Nagios 2.x to see a mail server has been listed on various DNS RBLs (DNS Realtime Blackhost Lists).
Other versions of Nagios and CentOS/RHEL should be very similar
[edit] Download and Untar
cd /tmp wget http://freshmeat.net/redir/nagioscheckbl/58783/url_tgz/nagios-check_bl-1.0.tar.gz tar zxfv nagios-check_bl-1.0.tar.gz cd nagios-check_bl-1.0 cp check_bl /usr/lib/nagios/plugins/
[edit] Test Perl Plugin
cd /usr/lib/nagios/plugins/ ./check_bl -H mail.yourdomain.com zen.spamhaus.org
and you should get
Not black-listed
[edit] Install Perl Net DNS Modules
optional (if not already installed)
yum install perl-Net-DNS-*
[edit] Commands.cfg Definition
Once that works, add definitions to your Nagios cfg files with the DNS RBLs you're going to use
e.g.
/etc/nagios/commands.cfg
#tested on CentOS 4.x
define command {
command_name check_bl
command_line $USER1$/check_bl -H $HOSTADDRESS$ -B zen.spamhaus.org bl.spamcop.net dnsbl.ahbl.org dnsbl.njabl.org dnsbl.sorbs.net virbl.dnsbl.bit.nl rbl.efnet.org phishing.rbl.msrbl.net 0spam.fusionzero.com list.dsbl.org multihop.dsbl.org unconfirmed.dsbl.org will-spam-for-food.eu.org blacklist.spambag.org blackholes.brainerd.net blackholes.uceb.org spamsources.dnsbl.info map.spam-rbl.com ns1.unsubscore.com psbl.surriel.com l2.spews.dnsbl.sorbs.net bl.csma.biz sbl.csma.biz dynablock.njabl.org no-more-funn.moensted.dk ubl.unsubscore.com dnsbl-1.uceprotect.net dnsbl-2.uceprotect.net dnsbl-3.uceprotect.net spamguard.leadmon.net opm.blitzed.org bl.spamcannibal.org rbl.schulte.org dnsbl.ahbl.org virbl.dnsbl.bit.nl combined.rbl.msrbl.net
}
[edit] Comments
On openSUSE_10.1 I had to replace the spaces between the blacklist providers with commas but I guess this would be the case on all OSes. Usage:
check_bl -H host -B [blacklist1],[blacklist2] [-c critnum] check_bl [-h | --help] check_bl [-V | --version]
