Checking Blacklisted IPs with Nagios

Poorly managed mail servers (particularly Microsoft Exchange ones) have a bad habit of getting listed on DNS RBLs, and when they do, it’s sometimes very difficult to get them off. Fortunately, I found a cool Nagios plugin to help me babysit friends’ mail servers. Here is a quick rundown of the HOWTO I recently posted on NagiosWiki.com.

Download and untar:

cd /tmp
wget http://freshmeat.net/redir/nagioscheckbl/58783/url_tgz/nagios-check_bl-1.0.tar.gz
tar zxfv nagios-check_bl-1.0.tar.gz


Copy perl script in your Nagios plugins directory

cd nagios-check_bl-1.0
cp check_bl /usr/lib/nagios/plugins/


Test plugin using your mail server and, say, zen.spamhaus.org

cd /usr/lib/nagios/plugins/
./check_bl -H mail.yourdomain.com zen.spamhaus.org


(If get weird error, then perhaps something relating to Perl-Net-DNS not being installed)

yum install perl-Net-DNS-*


Finally, add a command definition in /etc/nagios/commands.cfg so you can call it in services.cfg (I add as many blacklists as possible)

#tested on CentOS 4.x
define command {
command_name check_bl
command_line $USER1$/check_bl -H $HOSTADDRESS$ -B zen.spamhaus.org bl.spamcop.net dnsbl.ahbl.org dnsbl.njabl.org dnsbl.sorbs.net virbl.dnsbl.bit.nl rbl.efnet.org phishing.rbl.msrbl.net 0spam.fusionzero.com list.dsbl.org multihop.dsbl.org unconfirmed.dsbl.org will-spam-for-food.eu.org blacklist.spambag.org blackholes.brainerd.net blackholes.uceb.org spamsources.dnsbl.info map.spam-rbl.com ns1.unsubscore.com psbl.surriel.com l2.spews.dnsbl.sorbs.net bl.csma.biz sbl.csma.biz dynablock.njabl.org no-more-funn.moensted.dk ubl.unsubscore.com dnsbl-1.uceprotect.net dnsbl-2.uceprotect.net dnsbl-3.uceprotect.net spamguard.leadmon.net opm.blitzed.org bl.spamcannibal.org rbl.schulte.org dnsbl.ahbl.org virbl.dnsbl.bit.nl combined.rbl.msrbl.net
}


I currently have this checking about 400 servers, and it seems to be doing a fairly good job!