bundles/postfix: use dig in check_spam_blocklist instead of a python library
All checks were successful
bundlewrap/pipeline/head This commit looks good
All checks were successful
bundlewrap/pipeline/head This commit looks good
The library isn't available as a debian package, so we would have to manually install that every time the python package updates its minor version number.
This commit is contained in:
parent
d756e3daf8
commit
6b90d568cf
GPG key ID:
12E3D2136B818350
3 changed files with 12 additions and 16 deletions
|
|
@ -2,10 +2,9 @@
|
||||||
|
|
||||||
from concurrent.futures import ThreadPoolExecutor, as_completed
|
from concurrent.futures import ThreadPoolExecutor, as_completed
|
||||||
from ipaddress import ip_address, IPv6Address
|
from ipaddress import ip_address, IPv6Address
|
||||||
|
from subprocess import check_output
|
||||||
from sys import argv, exit
|
from sys import argv, exit
|
||||||
|
|
||||||
from dns.exception import Timeout
|
|
||||||
from dns.resolver import Resolver, NoAnswer, NXDOMAIN, NoNameservers
|
|
||||||
|
|
||||||
|
|
||||||
BLOCKLISTS = [
|
BLOCKLISTS = [
|
||||||
|
|
@ -33,10 +32,6 @@ BLOCKLISTS = [
|
||||||
]
|
]
|
||||||
|
|
||||||
def check_list(ip_list, blocklist):
|
def check_list(ip_list, blocklist):
|
||||||
resolver = Resolver()
|
|
||||||
resolver.timeout = 5
|
|
||||||
resolver.lifetime = 5
|
|
||||||
|
|
||||||
dns_name = '{}.{}'.format(
|
dns_name = '{}.{}'.format(
|
||||||
'.'.join(ip_list),
|
'.'.join(ip_list),
|
||||||
blocklist,
|
blocklist,
|
||||||
|
|
@ -46,7 +41,13 @@ def check_list(ip_list, blocklist):
|
||||||
msgs = []
|
msgs = []
|
||||||
|
|
||||||
try:
|
try:
|
||||||
result = resolver.query(dns_name)
|
result = check_output([
|
||||||
|
'dig',
|
||||||
|
'+tries=2',
|
||||||
|
'+time=5',
|
||||||
|
'+short',
|
||||||
|
dns_name
|
||||||
|
]).decode().splitlines()
|
||||||
for item in result:
|
for item in result:
|
||||||
msgs.append('{} listed in {} as {}'.format(
|
msgs.append('{} listed in {} as {}'.format(
|
||||||
ip,
|
ip,
|
||||||
|
|
@ -54,10 +55,11 @@ def check_list(ip_list, blocklist):
|
||||||
item,
|
item,
|
||||||
))
|
))
|
||||||
returncode = 2
|
returncode = 2
|
||||||
except (NoAnswer, NXDOMAIN, NoNameservers, Timeout):
|
|
||||||
# Probably fine
|
|
||||||
pass
|
|
||||||
except Exception as e:
|
except Exception as e:
|
||||||
|
if e.returncode == 9:
|
||||||
|
# no reply from server
|
||||||
|
pass
|
||||||
|
|
||||||
return [repr(e)], 3
|
return [repr(e)], 3
|
||||||
|
|
||||||
return msgs, returncode
|
return msgs, returncode
|
||||||
|
|
|
||||||
|
|
@ -23,10 +23,6 @@ for identifier in node.metadata.get('postfix/mynetworks', set()):
|
||||||
|
|
||||||
my_package = 'pkg_pacman:postfix' if node.has_bundle('pacman') else 'pkg_apt:postfix'
|
my_package = 'pkg_pacman:postfix' if node.has_bundle('pacman') else 'pkg_apt:postfix'
|
||||||
|
|
||||||
pkg_pip = {
|
|
||||||
'dnsq': {},
|
|
||||||
}
|
|
||||||
|
|
||||||
files = {
|
files = {
|
||||||
'/etc/mailname': {
|
'/etc/mailname': {
|
||||||
'content': node.metadata.get('postfix/myhostname', node.metadata['hostname']),
|
'content': node.metadata.get('postfix/myhostname', node.metadata['hostname']),
|
||||||
|
|
|
||||||
|
|
@ -141,8 +141,6 @@ def icinga2(metadata):
|
||||||
services[f'SPAM BLOCKLIST {ip}'] = {
|
services[f'SPAM BLOCKLIST {ip}'] = {
|
||||||
'command_on_monitored_host': f'/usr/local/share/icinga/plugins/check_spam_blocklist {ip}',
|
'command_on_monitored_host': f'/usr/local/share/icinga/plugins/check_spam_blocklist {ip}',
|
||||||
'vars.sshmon_timeout': 15,
|
'vars.sshmon_timeout': 15,
|
||||||
'check_interval': '15m',
|
|
||||||
'retry_interval': '5m',
|
|
||||||
}
|
}
|
||||||
|
|
||||||
return {
|
return {
|
||||||
|
|
|
||||||
Loading…
Add table
Reference in a new issue