bundles/postfix: use threading in check_spam_blocklist
All checks were successful
bundlewrap/pipeline/head This commit looks good
All checks were successful
bundlewrap/pipeline/head This commit looks good
This commit is contained in:
parent
fdcec012f3
commit
27753d50c4
2 changed files with 49 additions and 33 deletions
|
@ -1,5 +1,6 @@
|
||||||
#!/usr/bin/env python3
|
#!/usr/bin/env python3
|
||||||
|
|
||||||
|
from concurrent.futures import ThreadPoolExecutor, as_completed
|
||||||
from ipaddress import ip_address, IPv6Address
|
from ipaddress import ip_address, IPv6Address
|
||||||
from sys import argv, exit
|
from sys import argv, exit
|
||||||
|
|
||||||
|
@ -9,7 +10,7 @@ from dns.resolver import Resolver, NoAnswer, NXDOMAIN, NoNameservers
|
||||||
|
|
||||||
BLOCKLISTS = [
|
BLOCKLISTS = [
|
||||||
'0spam.fusionzero.com',
|
'0spam.fusionzero.com',
|
||||||
'bl.mailspike.Dorg',
|
'bl.mailspike.org',
|
||||||
'bl.spamcop.net',
|
'bl.spamcop.net',
|
||||||
'blackholes.brainerd.net',
|
'blackholes.brainerd.net',
|
||||||
'dnsbl-1.uceprotect.net',
|
'dnsbl-1.uceprotect.net',
|
||||||
|
@ -28,53 +29,68 @@ BLOCKLISTS = [
|
||||||
'ubl.unsubscore.com',
|
'ubl.unsubscore.com',
|
||||||
'unconfirmed.dsbl.org',
|
'unconfirmed.dsbl.org',
|
||||||
'virbl.dnsbl.bit.nl',
|
'virbl.dnsbl.bit.nl',
|
||||||
'virbl.dnsbl.bit.nl',
|
|
||||||
'zen.spamhaus.org',
|
'zen.spamhaus.org',
|
||||||
]
|
]
|
||||||
|
|
||||||
|
def check_list(ip_list, blocklist):
|
||||||
|
resolver = Resolver()
|
||||||
|
resolver.timeout = 5
|
||||||
|
resolver.lifetime = 5
|
||||||
|
|
||||||
|
dns_name = '{}.{}'.format(
|
||||||
|
'.'.join(ip_list),
|
||||||
|
blocklist,
|
||||||
|
)
|
||||||
|
|
||||||
|
returncode = 0
|
||||||
|
msgs = []
|
||||||
|
|
||||||
|
try:
|
||||||
|
result = resolver.query(dns_name)
|
||||||
|
for item in result:
|
||||||
|
msgs.append('{} listed in {} as {}'.format(
|
||||||
|
ip,
|
||||||
|
blocklist,
|
||||||
|
item,
|
||||||
|
))
|
||||||
|
returncode = 2
|
||||||
|
except (NoAnswer, NXDOMAIN, NoNameservers, Timeout):
|
||||||
|
# Probably fine
|
||||||
|
pass
|
||||||
|
except Exception as e:
|
||||||
|
return [repr(e)], 3
|
||||||
|
|
||||||
|
return msgs, returncode
|
||||||
|
|
||||||
try:
|
try:
|
||||||
ip = ip_address(argv[1])
|
ip = ip_address(argv[1])
|
||||||
except Exception:
|
except Exception:
|
||||||
print('usage: {} <ip>'.format(argv[0]))
|
print('usage: {} <ip>'.format(argv[0]))
|
||||||
exit(3)
|
exit(3)
|
||||||
|
|
||||||
found = False
|
|
||||||
|
|
||||||
resolver = Resolver()
|
|
||||||
resolver.timeout = 5
|
|
||||||
resolver.lifetime = 5
|
|
||||||
|
|
||||||
if isinstance(ip, IPv6Address):
|
if isinstance(ip, IPv6Address):
|
||||||
ip_list = list(ip.exploded.replace(':', ''))
|
ip_list = list(ip.exploded.replace(':', ''))
|
||||||
else:
|
else:
|
||||||
ip_list = ip.exploded.split('.')
|
ip_list = ip.exploded.split('.')
|
||||||
|
|
||||||
ip_list.reverse()
|
ip_list.reverse()
|
||||||
|
exitcode = 0
|
||||||
|
|
||||||
|
with ThreadPoolExecutor(max_workers=len(BLOCKLISTS)) as executor:
|
||||||
|
futures = set()
|
||||||
|
|
||||||
for blocklist in BLOCKLISTS:
|
for blocklist in BLOCKLISTS:
|
||||||
dns_name = '{}.{}'.format(
|
futures.add(executor.submit(check_list, ip_list, blocklist))
|
||||||
'.'.join(ip_list),
|
|
||||||
blocklist,
|
|
||||||
)
|
|
||||||
|
|
||||||
try:
|
for future in as_completed(futures):
|
||||||
result = resolver.query(dns_name)
|
msgs, this_exitcode = future.result()
|
||||||
for item in result:
|
|
||||||
print('{} listed in {} as {}'.format(
|
|
||||||
ip,
|
|
||||||
blocklist,
|
|
||||||
item,
|
|
||||||
))
|
|
||||||
found = True
|
|
||||||
except (NoAnswer, NXDOMAIN, NoNameservers, Timeout):
|
|
||||||
# Probably fine
|
|
||||||
pass
|
|
||||||
except Exception as e:
|
|
||||||
print(repr(e))
|
|
||||||
exit(3)
|
|
||||||
|
|
||||||
if found:
|
for msg in msgs:
|
||||||
exit(2)
|
print(msg)
|
||||||
else:
|
|
||||||
|
exitcode = max(exitcode, this_exitcode)
|
||||||
|
|
||||||
|
if exitcode == 0:
|
||||||
print('OK')
|
print('OK')
|
||||||
exit(0)
|
|
||||||
|
exit(exitcode)
|
||||||
|
|
|
@ -105,7 +105,7 @@ def icinga2(metadata):
|
||||||
if not ip.is_private:
|
if not ip.is_private:
|
||||||
services[f'SPAM BLOCKLIST {ip}'] = {
|
services[f'SPAM BLOCKLIST {ip}'] = {
|
||||||
'command_on_monitored_host': f'/usr/local/share/icinga/plugins/check_spam_blocklist {ip}',
|
'command_on_monitored_host': f'/usr/local/share/icinga/plugins/check_spam_blocklist {ip}',
|
||||||
'vars.sshmon_timeout': 60,
|
'vars.sshmon_timeout': 15,
|
||||||
'check_interval': '15m',
|
'check_interval': '15m',
|
||||||
'retry_interval': '5m',
|
'retry_interval': '5m',
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue