Zabbix Share

Zabbix templates, modules & more
Log in
Choose social to login:
Login With Google
Login With Github
Login With LinkedIn

Nav view search

Navigation

Advanced Search
  • Applications
    • Anti-Virus
    • Backup
    • Bug and issue tracking
    • Cluster
    • Clustered File Systems
    • DNS
    • Firewall
    • HelpDesk System
    • High Availability (HA)
    • Java Application
    • Mail servers
    • Misc
    • Monitoring System
    • NTP
    • Others
    • Process Managers
    • Queue managers
    • Security
    • SIEM
    • Skype
    • Ticketing System
    • Time synchronization
    • Web-servers
  • Cloud
  • Databases
  • Network Appliances
  • Network Devices
  • Official Templates
  • Operating Systems
  • Power (UPS)
  • Printers
  • SCADA, IoT, Energy, Home Automation, Industrial monitoring
  • Server Hardware
  • Storage Devices
  • Telephony
  • Unsorted
  • Virtualization
  • Zabbix
  • Recently Added
  • Recently Updated
  • Popular
  • Most Rated
  • Top Rated
  • Most Reviewed

Automatically check DNS Blackhole Lists (DNSBL)

If you are providing services like SMTP, DNS or similar to your customers, those services might be misused and you could end up getting your servers IP addresses blacklisted on various Domain Name System Blackhole Lists (DNSBL).

Requirements

  • CentOS/RHEL
    • # yum install bind-utils
  • Debian/Ubuntu
    • # apt-get install dnsutils

How it works

This template utilizes External Checks. The script "check_dnsbl.sh" is run with parameters for the hostname of the server you wish to check and which DNSBL you wish to check against. It simply returns "0" if the server is not listed and "1" if it is.

The template has 5 pre-made items and corresponding triggers. The items should be pretty self-explanatory. Example: check_dnsbl.sh[{HOST.DNS},zen.spamhaus.org]

You can change the existing DNSBL servers in the template or add your own, although the ones already added should cover most users quite well.

"{HOST.DNS}" is a macro that uses the DNS name you have specified for your hosts on their interfaces. The script requires the use of DNS names for it to function, however the script and template can be modified to use IP addresses only. I wouldn't recommended this though, since not using host names is bad practice anyway.

The default DNSBL's used are: b.barracudacentral.org, bl.spamcop.net, cbl.abuseat.org, dnsbl.sorbs.net and zen.spamhaus.org.

Disclaimer

Verifying if your servers are indeed blacklisted doesn't just require you to initiate a DNS question towards any DNSBL. It requires you to use a reputable one. Otherwise you might end up with false-positives or outdated answers. Always research your DNSBL provider and read through their documentation to find out exactly how they populate and update their database.

Instructions - Are your servers Blacklisted?

  1. Copy "check_dnsbl.sh" to your Zabbix Servers and Proxies and place it in "/usr/local/share/zabbix/externalscripts" *
    1. * Check your server and proxy configuration file for the correct folder, look for the tag "ExternalScripts"
  2. Make the script executable: chmod +x /usr/local/share/zabbix/externalscripts/check_dnsbl.sh
  3. Create the following value map (Administration -> General -> Value mapping: Create value map)
    1. Name: IP Blacklist
      0 -> Not listed
      1 -> Listed
  4. Import the template and assign it to your host(s).
Rating
500
0 vote

Listing Details

Type
Template
Min Zabbix version
2.0.x
Features
  • Custom Script
Link
zabbix.tips/are-your-servers-blacklisted/
Created
2016-04-08
Modified
2016-04-24 21:23:45
Version 2.0
Download (2054 downloads)
1 version, '2016-04-08 21:22' modified
Tags
dns, dnsbl, blacklist, blackhole, spam, external check, spamlist
Author
Zabbix.tips
Owner
Martin Mørch
RecommendReportOwner's listing
All resources created by third parties; use at your own risk
© 2001-2018 by Zabbix SIA. All rights reserved. Trademark Policy · Contact us