bundles/icinga2: add non-listing results to check_spam_blocklist

bundles/icinga2/files/check_spam_blocklist

@@ -5,29 +5,34 @@ from ipaddress import IPv6Address, ip_address
 from subprocess import check_output
 from sys import argv, exit
 
-BLOCKLISTS = [
-    '0spam.fusionzero.com',
-    'bl.mailspike.org',
-    'bl.spamcop.net',
-    'blackholes.brainerd.net',
-    'dnsbl-1.uceprotect.net',
-    'l2.spews.dnsbl.sorbs.net',
-    'list.dsbl.org',
-    'map.spam-rbl.com',
-    'multihop.dsbl.org',
-    'ns1.unsubscore.com',
-    'opm.blitzed.org',
-    'psbl.surriel.com',
-    'rbl.efnet.org',
-    'rbl.schulte.org',
-    'spamguard.leadmon.net',
-    'ubl.unsubscore.com',
-    'unconfirmed.dsbl.org',
-    'virbl.dnsbl.bit.nl',
-    'zen.spamhaus.org',
-]
+BLOCKLISTS = {
+    '0spam.fusionzero.com': set(),
+    'bl.mailspike.org': set(),
+    'bl.spamcop.net': set(),
+    'blackholes.brainerd.net': set(),
+    'dnsbl-1.uceprotect.net': set(),
+    'l2.spews.dnsbl.sorbs.net': set(),
+    'list.dsbl.org': set(),
+    'map.spam-rbl.com': set(),
+    'multihop.dsbl.org': set(),
+    'ns1.unsubscore.com': set(),
+    'opm.blitzed.org': set(),
+    'psbl.surriel.com': set(),
+    'rbl.efnet.org': set(),
+    'rbl.schulte.org': set(),
+    'spamguard.leadmon.net': set(),
+    'ubl.unsubscore.com': set(),
+    'unconfirmed.dsbl.org': set(),
+    'virbl.dnsbl.bit.nl': set(),
+    'zen.spamhaus.org': {
+        # https://www.spamhaus.org/news/article/807/using-our-public-mirrors-check-your-return-codes-now.
+        '127.255.255.252', # Typing Error
+        '127.255.255.254', # public resolver / generic rdns
+        '127.255.255.255', # rate limited
+    },
+}
 
-def check_list(ip_list, blocklist):
+def check_list(ip_list, blocklist, warn_ips):
     dns_name = '{}.{}'.format(
         '.'.join(ip_list),
         blocklist,
@@ -50,7 +55,10 @@ def check_list(ip_list, blocklist):
                 blocklist,
                 item,
             ))
-            returncode = 2
+            if item in warn_ips and returncode < 2:
+                returncode = 1
+            else:
+                returncode = 2
     except Exception as e:
         if e.returncode == 9:
             # no reply from server
@@ -77,8 +85,8 @@ exitcode = 0
 with ThreadPoolExecutor(max_workers=len(BLOCKLISTS)) as executor:
     futures = set()
 
-    for blocklist in BLOCKLISTS:
-        futures.add(executor.submit(check_list, ip_list, blocklist))
+    for blocklist, warn_ips in BLOCKLISTS.items():
+        futures.add(executor.submit(check_list, ip_list, blocklist, warn_ips))
 
     for future in as_completed(futures):
         msgs, this_exitcode = future.result()