From 42e20b122c98f78df4cf25579411dc12499bcd67 Mon Sep 17 00:00:00 2001
From: Franziska Kunsmann <hi@kunsmann.eu>
Date: Wed, 21 Jun 2023 23:23:16 +0200
Subject: [PATCH] bundles/icinga2: add non-listing results to
 check_spam_blocklist

---
 bundles/icinga2/files/check_spam_blocklist | 58 ++++++++++++----------
 1 file changed, 33 insertions(+), 25 deletions(-)

diff --git a/bundles/icinga2/files/check_spam_blocklist b/bundles/icinga2/files/check_spam_blocklist
index 6d159cb..aa80164 100644
--- a/bundles/icinga2/files/check_spam_blocklist
+++ b/bundles/icinga2/files/check_spam_blocklist
@@ -5,29 +5,34 @@ from ipaddress import IPv6Address, ip_address
 from subprocess import check_output
 from sys import argv, exit
 
-BLOCKLISTS = [
-    '0spam.fusionzero.com',
-    'bl.mailspike.org',
-    'bl.spamcop.net',
-    'blackholes.brainerd.net',
-    'dnsbl-1.uceprotect.net',
-    'l2.spews.dnsbl.sorbs.net',
-    'list.dsbl.org',
-    'map.spam-rbl.com',
-    'multihop.dsbl.org',
-    'ns1.unsubscore.com',
-    'opm.blitzed.org',
-    'psbl.surriel.com',
-    'rbl.efnet.org',
-    'rbl.schulte.org',
-    'spamguard.leadmon.net',
-    'ubl.unsubscore.com',
-    'unconfirmed.dsbl.org',
-    'virbl.dnsbl.bit.nl',
-    'zen.spamhaus.org',
-]
+BLOCKLISTS = {
+    '0spam.fusionzero.com': set(),
+    'bl.mailspike.org': set(),
+    'bl.spamcop.net': set(),
+    'blackholes.brainerd.net': set(),
+    'dnsbl-1.uceprotect.net': set(),
+    'l2.spews.dnsbl.sorbs.net': set(),
+    'list.dsbl.org': set(),
+    'map.spam-rbl.com': set(),
+    'multihop.dsbl.org': set(),
+    'ns1.unsubscore.com': set(),
+    'opm.blitzed.org': set(),
+    'psbl.surriel.com': set(),
+    'rbl.efnet.org': set(),
+    'rbl.schulte.org': set(),
+    'spamguard.leadmon.net': set(),
+    'ubl.unsubscore.com': set(),
+    'unconfirmed.dsbl.org': set(),
+    'virbl.dnsbl.bit.nl': set(),
+    'zen.spamhaus.org': {
+        # https://www.spamhaus.org/news/article/807/using-our-public-mirrors-check-your-return-codes-now.
+        '127.255.255.252', # Typing Error
+        '127.255.255.254', # public resolver / generic rdns
+        '127.255.255.255', # rate limited
+    },
+}
 
-def check_list(ip_list, blocklist):
+def check_list(ip_list, blocklist, warn_ips):
     dns_name = '{}.{}'.format(
         '.'.join(ip_list),
         blocklist,
@@ -50,7 +55,10 @@ def check_list(ip_list, blocklist):
                 blocklist,
                 item,
             ))
-            returncode = 2
+            if item in warn_ips and returncode < 2:
+                returncode = 1
+            else:
+                returncode = 2
     except Exception as e:
         if e.returncode == 9:
             # no reply from server
@@ -77,8 +85,8 @@ exitcode = 0
 with ThreadPoolExecutor(max_workers=len(BLOCKLISTS)) as executor:
     futures = set()
 
-    for blocklist in BLOCKLISTS:
-        futures.add(executor.submit(check_list, ip_list, blocklist))
+    for blocklist, warn_ips in BLOCKLISTS.items():
+        futures.add(executor.submit(check_list, ip_list, blocklist, warn_ips))
 
     for future in as_completed(futures):
         msgs, this_exitcode = future.result()